标准摘要
[中文适用范围]: 本国际标准规定了提供信息安全管理系统(ISMS)审核和认证的机构的要求并提供建议。除了ISO/IEC 17021-1和ISO/IEC 27001中包含的要求外,它主要用于支持认证机构提供ISMS认证的 accreditation。本国际标准中的要求需要由任何提供ISMS认证的机构在能力和可靠性方面进行证明。本国际标准中包含的指导为任何提供ISMS认证的机构对这些要求提供了进一步的解释。注:本国际标准可作为accreditation、同行评估或其他审核过程的标准文档使用 [外文原描述]: ISO/IEC 27006:2015 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021‑1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification. The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification. NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.
英文名称Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems