Introduction To ISO 27006 (ISO27006)

This is the standard which offers guidelines for the accreditation of organizations which offer certification and registration with respect to an ISMS. Again it was overseen by ISO's committee SC 27. The previous standard related to this issue was EA 7/03. This has effectively been replaced by the new standard, to meet market demands to better support ISO 27001. It effectively documents the requirements additional to those specified within standard ISO 17021, which identified the more generic requirements.

Its formal title is "Information technology - Security techniques. Requirements for bodies providing audit and certification of information security management systems", and it consists of 10 chapters and four Annexes.

The chapters within the standard are as follows: Scope; References; Terms; Principles; General Requirements; Structural Requirements; Resource Requirements; Information Requirements; Preciess Requirements; Management System Requirements.


The ISO 27006 standard is intended to be used in conjunction with a number of others. These, specifically, are: ISO 27001, ISO 17021 and ISO 19011.

ISO27006 and ISO 27006: Accreditation Guidelines