标准摘要
[中文适用范围]: 本文件规定了要求,并为根据 ISO/IEC 27701 结合 ISO/IEC 27001 提供隐私信息管理系统 (PIMS) 审核和认证的机构提供了指导,除了 ISO/IEC 27006 和 ISO/IEC 27701 中包含的要求之外。它主要用于支持提供 PIMS 认证的认证机构的认证。任何提供 PIMS 认证的机构都需要证明本文件中所包含的要求在能力和可靠性方面,本文件中所包含的指导为任何提供 PIMS 认证的机构提供了对这些要求的额外解释。注意本文件可用作认证、同行评估或其他审计流程的标准文件。 [外文原描述]: This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification. The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification. NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.
英文名称Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems