To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

ISO/IEC 27006

From Wikipedia, the free encyclopedia

ISO/IEC 27006 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Part of the ISO/IEC 27000 series of ISO/IEC Information Security Management System (ISMS) standards, it is titled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.

ISO/IEC 27006 lays out formal requirements for accredited organizations which certify other organizations compliant with ISO/IEC 27001.

It effectively replaces EA 7/03 (Guidelines for the Accreditation of bodies operating certification/ registration of. Information Security Management Systems).

The standard helps ensure that ISO/IEC 27001 certificates issued by accredited organizations are meaningful and trustworthy, in other words it is a matter of assurance.

YouTube Encyclopedic

  • 1/5
    Views:
    341
    54 869
    15 058
    38 289
    14 714
  • ISO/IEC 27006 & ISO/IEC 27007 Briefly Explained
  • ISO 27001 Awareness Training
  • ISO 27000
  • ISO 27001 - Seguridad de la Información
  • Information Security Governance and Risk Management: Frameworks

Transcription

Description of standard

ISO 27006 outlines requirements to be accredited for third parties who audit and certify information security management systems (ISMS), in addition to the requirements set by ISO 17021-1 and ISO 27001. This standard was first published in 2007, and it had to be revised twice due to significant changes made to ISO 17021 standard. The current version is ISO 27006 third edition published in 2015.[1]

ISO 27006:2015 sets standards for demonstration of ISMS auditors' competence. Certification Body auditing ISMS is required to verify each auditor on the auditing team has the knowledge of:

  • ISMS monitoring, measurement, analysis, and evaluation,
  • Information security,
  • Management systems,
  • Auditing principles, and
  • Technical knowledge of systems to be audited.

All auditors on the team must collectively be versed in information systems management terminology, principles, and techniques. They must know all requirements from ISO 27001, all controls listed in ISO 27002. Also, auditors must be aware of business management practices, the legal and regulatory requirements in a particular information systems field, geography, and jurisdictions.

Competence must also be demonstrated by personnel reviewing the audits and making certification decisions. They need to have sufficient knowledge to verify the accuracy of the certification scope. Also, they need to have general knowledge of management systems, audit procedures, principles, and techniques.

ISO27006:2015 also outlines adequate education, professional development, training covering ISMS audits, and current/relevant experience level.[2]

Intent of standard

The primary intent of ISO 27006 is to support the accreditation for third parties certifying the information security management system. Any accredited third-party auditing and confirming compliance with ISO 27001 must follow the requirements in this standard to ensure the ISMS certifications are valid. Accredited third parties need to demonstrate their competence and reliability.

Application

A mid-size organization seeking ISO 27001 certification need to hire an accredited certification body to complete ISMS certification audit. The organization should complete due diligence to ensure the selected auditing firm complies with ISO27006:2015 standard. During the audit, the organization should ensure all documentation necessary to complete the audit is available, provide the auditing team ISMS records, including but limited to information about ISMS design and effectiveness of the controls.

See also

References

  1. ^ "ISO/IEC 27006:2015 - Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems". www.iso.org. 17 December 2015. Retrieved 2018-07-02.
  2. ^ "ISO/IEC 27006:2015 Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems". Joint Technical Committee ISO/IEC JTC 1 - Information Technology and Subcommittee SC 27 - IT security techniques. January 10, 2015 – via Distributed through American National Standards Institute (ANSI). {{cite journal}}: Cite journal requires |journal= (help)

External links

This page was last edited on 15 November 2023, at 05:59
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy