Draft SS ISO/IEC 27706:2025

Information security, cybersecurity and privacy protection – Requirements for bodies providing audit and certification of privacy information management systems (Identical adoption of the upcoming ISO/IEC 27706)

OVERVIEW

This standard specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701, “Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines” in combination with SS ISO/IEC 27001, “Information security, cybersecurity and privacy protection – Information security management systems – Requirements” in addition to the requirements contained within ISO/IEC 27006, “Information security, cybersecurity and privacy protection – Requirements for bodies providing audit and certification of information security management systems”. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.
The requirements contained in this standard need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance provides additional interpretation of these requirements for anybody providing PIMS certification.

Users of the standards include certification bodies providing ISMS certification, PIMS certification, accreditation bodies and relevant government agencies.
NOTE –
i. Draft SS ISO/IEC 27706 is currently based on the Draft International Standard but the final adoption will be based on the published ISO/IEC standard which is targeted to be published in 2025.
ii. Comments received will be considered by the national committee responsible for Singapore’s inputs to the ISO/IEC standards and where appropriate, taken on for international consideration.

COMMENTS

-

PRODUCT DETAILS

Status Draft
Edition 2025
No. of Pages 36
ICS Classification
Committee
Available for Purchase For sale in Singapore only
Adoption -