1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 27006-1-2024

ISO IEC 27006-1-2024 PDF

St ISO IEC 27006-1-2024

Name in English:
St ISO IEC 27006-1-2024

Name in Russian:
Ст ISO IEC 27006-1-2024

Description in English:

Original standard ISO IEC 27006-1-2024 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 27006-1-2024 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25966
Choose Document Language:
€25

Full title and description

ISO/IEC 27006-1:2024 — Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of information security management systems — Part 1: General. This international standard specifies additional requirements and guidance for bodies that audit and certify ISMS in accordance with ISO/IEC 27001, tailoring the general rules of ISO/IEC 17021‑1 to the specific context of ISMS certification.

Abstract

ISO/IEC 27006-1:2024 sets out competence, impartiality and consistency requirements for certification bodies issuing ISO/IEC 27001 certificates. It provides interpretative guidance and criteria useful for accreditation, peer assessment and other audit processes, ensuring that ISMS certifications are issued reliably and recognised internationally.

General information

  • Status: Published.
  • Publication date: March 2024 (Edition 1).
  • Publisher: Joint ISO/IEC publication (International Organization for Standardization and International Electrotechnical Commission).
  • ICS / categories: 35.030, 03.120.20 (Information security, cybersecurity and privacy protection).
  • Edition / version: Edition 1 (2024).
  • Number of pages: 47 pages.

Scope

This part (Part 1: General) specifies the additional requirements and guidance for bodies providing audit and certification of information security management systems (ISMS) beyond the requirements in ISO/IEC 17021‑1. It is intended to ensure that certification bodies demonstrate the competence and reliability needed for ISMS certification and can be used as a criteria document for accreditation, peer assessment or other audit processes. The standard replaces and updates the earlier ISO/IEC 27006:2015 series.

Key topics and requirements

  • Additional competence requirements for certification body personnel (auditors, technical experts) specific to ISMS and information security topics.
  • Rules and guidance on impartiality, confidentiality and management of conflicts of interest in ISMS certification.
  • Requirements for audit planning, team composition, competence assessment and sampling for multi-site or complex ISMS audits.
  • Guidance on use of experts, remote auditing techniques, evidence evaluation and reporting tailored to information security contexts.
  • Requirements to support accreditation bodies and peer assessors in evaluating certification bodies that certify to ISO/IEC 27001.

Typical use and users

Primary users are certification bodies that audit and certify ISMS to ISO/IEC 27001, and accreditation bodies that assess those certification bodies. Secondary users include organizations seeking ISO/IEC 27001 certification, conformity assessment specialists, regulators and auditors involved in information security assurance.

Related standards

ISO/IEC 27006-1:2024 is directly related to and builds on ISO/IEC 17021‑1 (Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements). It is part of the ISO/IEC 27000 family and relates to ISO/IEC 27001 (ISMS requirements), ISO/IEC 27000 (vocabulary and overview) and other sector-specific guidance within the 27000 series. It replaces ISO/IEC 27006:2015 (and its 2020 amendment).

Keywords

ISMS certification, ISO/IEC 27001, certification body requirements, accreditation, auditor competence, impartiality, information security, cybersecurity, conformity assessment.

FAQ

Q: What is this standard?

A: ISO/IEC 27006-1:2024 is an international standard that specifies additional requirements and guidance for bodies that audit and certify information security management systems (ISMS) to ISO/IEC 27001.

Q: What does it cover?

A: It covers competence, impartiality, audit planning and execution, use of experts, evidence evaluation, reporting and other certification-body practices specific to ISMS certification, supplementing ISO/IEC 17021‑1. It is intended to support consistent, competent and impartial certification decisions.

Q: Who typically uses it?

A: Certification bodies that perform ISO/IEC 27001 audits, accreditation bodies that assess those certification bodies, and organisations seeking confidence in ISMS certification processes.

Q: Is it current or superseded?

A: It is current: published in March 2024 as Edition 1. It supersedes the earlier ISO/IEC 27006:2015 (and its 2020 amendment), which have been withdrawn.

Q: Is it part of a series?

A: Yes — ISO/IEC 27006-1 is presented as Part 1 (General) and is aligned with the ISO/IEC 27000 family; additional parts or sector-specific guidance may exist or be developed to address other aspects of ISMS certification.

Q: What are the key keywords?

A: ISMS, ISO/IEC 27001, certification body requirements, auditor competence, accreditation, impartiality, information security, cybersecurity.