ISO IEC TS 27006-2-2021.docx

《ISO IEC TS 27006-2-2021.docx》由会员分享，可在线阅读，更多相关《ISO IEC TS 27006-2-2021.docx（20页珍藏版）》请在第壹文秘上搜索。

1、TECHNICA1.SPECIFICATIONISO/IECTS27006-2editionFirst2021-02Requirementsforbodiesprovidingauditandcertificationofinformationsecuritymanagementsystems一PjjcyinformationmanagementsystemsExigencespour1.esOrganismesprocdantiKauditet1.acertificationdesSySmmeSdemanagementdesinformationsdeSdCUriM-Partie2:Syst

2、emesdemanagementdesinformationsdesecuriteReferencenumberISO/IECTS2700622021(E)CISO/IEC2021COPYRIGHTPROTECTEDDOCUMENTIS0/1EC2021M11cheivdi1.itedotherwise加jw:纱rryj可11cho。城(Xt)Iinra”;ItmI1.GPhrt1.丽IrfVIXxxPJOinR,p11WjaFtiOnPoStingontheinternetoranintineuwithoutpriorwrittenpermission.Permissioncanberequ

3、estedfromeitherISOatt1.addressbe1.oworISO,smemberbodyinthecountryofthertrwstcr.三cB1.andonnct8r,GenevaPhone:t41227490111辆jtc:用洲部砾o.orgPub1.ishedinSwitzer1.andContentsForeword7.2 Personne1.invo1.vedDeterminationcertificationcompetence7.3 Personne1.individua1.47.4 ReferenceCertificationCertincationdocu

4、ments-49.1.2App1.icationprogramme9.2 PIanningMuItip1.e79.3 Initia1.certification79.4.2IS9.4Specific7iiiIntroductionviScope1Normativereferences1Termsanddefinitions1Princip1.esGenera1.requirements5.1 1.ega1.andcontractua1.matters5.2 ManagementOfimpartia1.ityStructura1.reuirements2Resourcerequirements2

5、7.1.1PS7.1.1Genera1.considerations27.1.2PS7.1.2theactivitiescriteria7.2.1PS7.2Demonstrationofauditorknow1.edgeandexperience4722PS2.11Se1.ectingauditors.47.4USeofFecordsexterna1.auditorsandexterna1.technica1.experts7.5Outsourcing4Informationrequirements48.2Certificationdocuments48.2.1PSto8.2PIMSandus

6、eofmarks8.4Confidentia1.ity58.5Informationexchangebetweenacertificationbodyanditsc1.ients5Processrequirements59.1Pre-Ccrtif1.ca1.ionactivities59.1.1AoD1.icationS9.1.3Auditreview9.1.4Determiningaudittime69.1.5Mu1.ti-sitesamp1.ing79.1.6auditsmanagementsystems9.2.1Determiningauditobjectives,scopeandcri

7、teria79.2.2Auditteamse1.ectionandassignments79.2.3Auditp1.an9.4 Conductingaudits7941qaGPnPrA1.7*11V9.4.3Auditreporte1.ementsoftheISMSaudit56Certificationdecision7Maintainingcertification89.6.2 Genera1.activities9.6.3 Re-certification89.6.4 Specia1.audits8一8-8.89.6.5 Suspending,withdrawingorreducingt

8、hescopeofcertificationAppea1.s.ChUn1.rooIdsManagementsystemrequirementsforcertificationbodies10.1 Options10.2 OptionA:Genera1.managementsystemrequirements10.3 OptionB:ManagementsystemrequirementsinaccordancewithISO9001.,.ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternati

9、ona1.E1.ectrotechnica1.amunieriNF耐form1.SOth峋那加1北柳Ste1.nItftedeMd也PnientStaattMtjdbIRriC1.maINSmitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Otheriatparina1.cvons,Sovernmenta*dnnon-governmenta1.

10、,in1.iaisonwithISOandIEC,a1.soTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceare窗nf8妙CS1.g月M野用曲帆帆版IiO1.PdpMXh小*ert三ft设帆fi!i懈崛Cdedtheeditoria1.ru1.esofthe1SOIECDirectives,Part2(seewww.iso.org/direc1.ives).HRfi8h11g用色Wn淤.法8腐Rhfayb1.ef即第几用时口卜见用1咧&低UbjCCtrights.Detai1.sof

11、anypatentrightsidentifiedduringthedeve1.opmentOf*hdo&4nkntWinbeintheIntroductionand/orontheISO1.istofpr】UMMdednrionsreceived(seewww.iso.org/patents)ortheIEC1.istofpatentdec1.arationsreceived(seepatents.iecch).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstitut

12、eanendorsementE卯统SiOnSeX岬IftibQ岫EabwMt喇】entofa州曲dards,thfoewngMtoUI1.SCKPadiit三mUadWa1.dTndO呻Nzaiion(WTO)princip1.esintheTechnica1.BarrierstoTrade(TBT).seewww.iso.org/iso/foreword.htm1.yig用电的锂SC砧劭册解rf秘题哈及喇喇欧/W(R时Afi媵。/历防35。儿/“用;7。口。techno1.ogy.A1.istofa1.1.partsintheISO/IEC27006seriescanbefoundonthe

13、ISOwebsite.A周初帆4冠附由三sHHBiesthisca随ni口8眄姆丹EGWZPOf1.feiMehwithISO/iEC27701:2019,someadditiona1.requirementsandguidancetoISO/IEC27006arcnecessary.Theseareprovidedbythisdocumenti较bentstH观)咻联翩4依舟M田加机酒0/正：邮曲27(MMsIfWM啾外酗削MPeCifiCthe1.ettersPS.S1.iRPSB即国ionp0&MKtandar4朝啦158呐tb!ea(，圈Qatio用说愉di国25FtificaU(fi枢Mvc1.yharmonizeRequirementsforbodiesprovidingauditandcertificationofinformationsecuritymanagementsystems一Privacyinformationmanagementsystems1 ScopecombinationwithISO/IECinformationmanagementrequirement5(PIMSJcontainedwithinISO/IEC27006andFequiremen