标准摘要
[中文适用范围]: 本马来西亚标准规定了提供信息安全管理体系(ISMS)审核与认证的机构所需遵循的要求,并为其提供指南;除ISO/IEC 17021与ISO/IEC 27001所含要求外,本标准亦予以补充。其主要旨在支持对提供ISMS认证之认证机构的认可。凡提供ISMS认证的机构,均须证明其具备胜任能力与可靠性,以满足本国际标准所载之要求;而本马来西亚标准所提供的指南,则为上述要求提供进一步的诠释。注:本马来西亚标准可用作认可、同行评审或其他审核过程的依据文件。 [外文原描述]: ISO/IEC 27006:2007 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification. The requirements contained in ISO/IEC 27006:2007 need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in ISO/IEC 27006:2007 provides additional interpretation of these requirements for any body providing ISMS certification.
英文名称Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems