ISO/IEC 27006:2007

Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems

OVERVIEW

ISO/IEC 27006:2007 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.

The requirements contained in ISO/IEC 27006:2007 need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in ISO/IEC 27006:2007 provides additional interpretation of these requirements for any body providing ISMS certification.

COMMENTS

-

PRODUCT DETAILS

Status Withdrawn - 06 Jan 2026
Edition 2007
No. of Pages 36
ICS Classification 03.100.70 Management systems
35.030 IT Security
Committee ISO/IEC JTC 1/SC 27
Available for Purchase For sale in Singapore only
Adoption ISO

Managed by TOPPAN NEXT Pte. Ltd.

Enterprise Singapore's appointed distributor of

EnterpriseSG Standards Publications and Overseas Standards.

© 2026 TOPPAN NEXT

All Rights Reserved