🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BSI 23/30470501 DC:2023 Edition

BSI 23/30470501 DC:2023 Edition

$13.70

BS EN ISO/IEC 27006-1.2. Information technology, cybersecurity and privacy protection. Requirements for bodies providing audit and certification of information security management systems – Part 1. General

Published By Publication Date Number of Pages
BSI 2023 72
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages PDF Title
7 Foreword
9 Introduction
11 1 Scope
2 Normative references
3 Terms and definitions
14 4 Principles
5 General requirements
5.1 Legal and contractual matters
15 5.2 Management of impartiality
5.2.1 General
5.2.2 Conflicts of interest
5.3 Liability and financing
6 Structural requirements
7 Resource requirements
7.1 Competence of personnel
7.1.1 General
7.1.2 General considerations
16 7.1.3 Determination of competence criteria
18 7.2 Personnel involved in the certification activities
7.2.1 General
19 7.2.2 Demonstration of auditor knowledge and experience
7.3 Use of individual external auditors and external technical experts
7.4 Personnel records
7.5 Outsourcing
20 8 Information requirements
8.1 Public information
8.2 Certification documents
8.2.1 General
8.2.2 ISMS Certification documents
8.2.3 ISMS Certification documents and sector specific standards
8.2.4 Interested party requirements
21 8.3 Reference to certification and use of marks
8.4 Confidentiality
8.4.1 General
8.4.2 Access to organizational records
8.5 Information exchange between a certification body and its clients
9 Process requirements
9.1 Pre-certification activities
9.1.1 Application
22 9.1.2 Application review
9.1.3 Audit programme
23 9.1.4 Determining audit time
9.1.5 Multi-site sampling
24 9.1.6 Multiple management systems
25 9.2 Planning audits
9.2.1 Determining audit objectives, scope and criteria
9.2.2 Audit team selection and assignments
9.2.3 Audit plan
26 9.3 Initial certification
9.3.1 General
9.3.2 Initial certification audit
27 9.4 Conducting audits
9.4.1 General
9.4.2 Specific elements of the ISMS audit
9.4.3 Audit report
28 9.5 Certification decision
9.5.1 General
9.5.2 Certification decision
9.6 Maintaining certification
9.6.1 General
9.6.2 Surveillance activities
29 9.6.3 Re-certification
9.6.4 Special audits
9.6.5 Suspending, withdrawing or reducing the scope of certification
30 9.7 Appeals
9.8 Complaints
9.8.1 General
9.8.2 Complaints
9.9 Client records
10 Management system requirements for certification bodies
10.1 Options
10.1.1 General
10.1.2 ISMS implementation
10.2 Option A: General management system requirements
10.3 Option B: Management system requirements in accordance with ISO€9001
31 Annex€A (normative) Knowledge and skills for ISMS auditing and certification
32 Annex€B (normative) Audit time
38 Annex€C (informative) Methods for audit time calculations
42 Annex€D (informative) Guidance for review of implemented ISO/IEC€27001:2022, Annex€A controls
68 Annex€E (informative) Requirements and limits for certifications according to sector-specific standards
69 Annex€F (normative) Requirements for certification including sector-specific standards
70 Annex€G (informative) Further competence considerations
72 Bibliography

Related products

BSI 23/30470501 DC
$13.70