ISO/IEC 27006, is the guide for certification bodies in terms of the formal procedures that should be implemented when auditing Information Security Management Systems.
The procedures outlined within the standard ensure the credibility of the ISO 27001 certificate. ISO 27006 is specifically responsible for defining the standards and including a manual for conducting the audit and validation of the system.
This means that any organisation that is accredited to ISO 27001 must also adhere to the ISO 27006 standard’s specifications. Its primary goal, though, is to assist in the accreditation of certification bodies that provide ISMS certification.
We have everything you need to design, build and implement your first ISMS.
We’ll help you get more out of the infosec work you’ve already done.
With our platform you can build the ISMS your organisation really needs.
The main goal of ISO 27006 is to make it easier for third parties to certify information security management systems.
To ensure that ISMS certifications are valid, any certified third-party auditing and verifying compliance with ISO 27001 must meet the criteria of this standard.
ISO 27006 establishes criteria for demonstrating the expertise of ISMS auditors. As a Certification Body audits an ISMS, it must make sure that each auditor on the auditing team is familiar with:
The team’s auditors must all be familiar with information systems management concepts, standards, and techniques. They must be familiar with all ISO 27001 standards, as well as all ISO 27002 controls. Auditors must also be familiar with business management standards as well as legal and regulatory criteria in a specific information systems field.
Personnel reviewing audits and making qualification assessments must also show competence. They must have adequate experience to validate the certification scope’s accuracy. They must also be familiar with control systems, audit processes, standards, and techniques.
ISO27006 further specifies the appropriate level of education, professional training and relevant experience needed for ISMS audits.
Any organisation pursuing ISO 27001 certification must retain the services of an approved certification authority to conduct an ISMS certification audit.
The organisation should do due diligence to ensure that the auditing company hired is ISO27006:2015 compliant. Throughout the audit, the organisation must guarantee that all paperwork needed to finish the audit is available, as well as furnish the auditing team with ISMS records, including but not limited to information regarding the ISMS’s design and control efficacy.
ISO 27006 can be used as a reference standard for accreditation, peer review, and other auditing procedures. Its major objective, however, is to assist in the accreditation of certifying bodies that provide ISMS certification.
We can’t think of any company whose service can hold a candle to ISMS.online.
ISO 27006 is designed to be used in combination with a variety of other standards. These include, but are not limited to, ISO 27001, ISO 17021, and ISO 19011.
Any appropriately authorised entity that issues ISO 27001 compliance certifications must meet the standards of ISO 27006, ISO 17021, and ISO 19011 on their competence, appropriateness, and reliability to execute their task effectively.
This is important to guarantee that issued ISO 27001 compliance certifications are meaningful and accurately reflect that the company has complied with all of ISO 27001’s requirements.
If anyone could issue certificates without adhering to the certification processes covered in this standard, non-compliant organisations could theoretically purchase their ISMS certificates or simply certify themselves rather than demonstrate compliance. This happening can effectively discredit the entire certification system.
At ISMS.online, we make it easy for you to document your Information Security Governanace so that it is in line with the ISO 27006 standard. We provide you with a logical, usable, cloud-based information management interface that will help your organisation check its infosec governance processes and progress against the ISO 27006 standard.
Our cloud-based platform allows you to access all your ISMS resources in one place. We have an in-house team of information security experts who can provide guidance and answer questions to help you on your way to ISO 27006 implementation so that you can demonstrate your dedication to information security governance best practices. Call ISMS.online on +44 (0)1273 041140 to find out more about how we can help you get certified to ISO 27001.
Easily collaborate, create and show you are on top of your documentation at all times
Find out more
Effortlessly address threats & opportunities and dynamically report on performance
Find out more
Make better decisions and show you are in control with dashboards, KPIs and related reporting
Find out more
Make light work of corrective actions, improvements, audits and management reviews
Find out more
Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Find out more
Select assets from the Asset Bank and create your Asset Inventory with ease
Find out more
Out of the box integrations with your other key business systems to simplify your compliance
Find out more
Neatly add in other areas of compliance affecting your organisation to achieve even more
Find out more
Engage staff, suppliers and others with dynamic end-to-end compliance at all times
Find out more
Manage due diligence, contracts, contacts and relationships over their lifecycle
Find out more
Visually map and manage interested parties to ensure their needs are clearly addressed
Find out more
Strong privacy by design and security controls to match your needs & expectations
Find out more