• Shopping Cart
    There are no items in your cart

CAN/CSA-ISO/IEC 27006:16

Current

Current

The latest, up-to-date edition.

Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems (Adopted ISO/IEC 27006:2015, third edition, 2015-10-01)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2016

€148.96
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles
5 General requirements
6 Structural requirements
7 Resource requirements
8 Information requirements
9 Process requirements
10 Management system requirements for certification bodies
Annex A (informative) - Knowledge and skills for ISMS
        auditing and certification
Annex B (normative) - Audit time
Annex C (informative) - Methods for audit time calculations
Annex D (informative) - Guidance for review of implemented
        ISO/IEC 27001:2013, Annex A controls
Bibliography

Defines requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001.

DevelopmentNote
NEW CHILD AMD 1 2020 IS ADDED
DocumentType
Standard
ISBN
978-1-4883-0604-4
Pages
9
ProductNote
NEW CHILD AMD 1 2020 IS ADDED
PublisherName
Canadian Standards Association
Status
Current
Supersedes

CSA Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27006" throughout. This Standard supersedes CAN/CSA-ISO/IEC 27006:13 (adopted ISO/IEC 27006:2011). At the time of publication, ISO/IEC 27006:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification. The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification. NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.

Standards Relationship
ISO/IEC 27006:2015 Identical

ISO 19011:2011 Guidelines for auditing management systems
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO 9001:2015 Quality management systems — Requirements
ISO/IEC 27007:2017 Information technology Security techniques Guidelines for information security management systems auditing
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
ISO/IEC 17021-1:2015 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 1: Requirements

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.