RINA announced that a new amendment for the EN-ISO-IEC 27006 was published. The standard defines the requirements for the bodies providing audits and certification of information security management systems.
In 2020, amendment 1 of the EN-ISO-IEC 27006:2020 standard “Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems” was published.
The standard defines the requirements for the bodies providing audits and certification ofinformation security management systems.
The main requirements of the previous 2015 version have been confirmed; a particular focus, as regards the impact on organizations, concerns:
The reference to these standards will be reported as an information specifying that these standards are not part of the certification issued (refer to modification of the certification regulation Information Security Management Systems Certification Regulation and guidelines ISO / IEC 27xxx extension – RC/C 56).
