ISO/IEC 27006:2007 信息技术 安全技术 信息安全管理体系审计和认证机构的要求

标准编号：ISO/IEC 27006:2007

中文名称：信息技术 安全技术 信息安全管理体系审计和认证机构的要求

英文名称：Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems

发布日期：2007-03

标准范围

除了ISO/IEC 17021和ISO/IEC 27001中包含的要求外，ISO/IEC 27006:2007还为提供信息安全管理系统（ISMS）审计和认证的机构规定了要求并提供了指导。其主要目的是支持提供ISMS认证的认证机构的认证。任何提供ISMS认证的机构都需要在能力和可靠性方面证明ISO/IEC 27006:2007中包含的要求，ISO/IEC 27006:2007中包含的指南为任何提供ISMS认证的机构提供了这些要求的额外解释。

ISO/IEC 27006:2007 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.The requirements contained in ISO/IEC 27006:2007 need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in ISO/IEC 27006:2007 provides additional interpretation of these requirements for any body providing ISMS certification.

标准预览图