2 mins read

Information Security Management Systems – ISO/IEC 27006 Update

This bulletin is to update you regarding the implementation of ISO/IEC 27006: 2015 – Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems.

Certification Bodies offering certification to ISO/IEC 27001 will be aware that the updated version of ISO/IEC 27006 was published on 1st October 2015. The IAF Technical Committee has allocated a 2 year transition period for CBs to comply with the new standard.

Since publication UKAS has been considering the implications of the changes, carrying out internal training and developing our transition plan, the intention is for transition assessments to take place alongside transition assessments to ISO/IEC 17021-1. Therefore the implementation of ISO/IEC 27006: 2015 will be reviewed at each Certification Body’s scheduled head office visit.

Prior to the visit the Certification Body will be required to submit information regarding the implementation including gap analysis and implementation plan, this is to enable the UKAS Assessment Team to fully prepare for the assessment.

Further information will follow.

If you have any queries regarding this technical bulletin please raise then through your Assessment Manager or contact Kevin Belson – UKAS Technical Manager – [email protected] or the UKAS Technical Focus person for ISMS – Alastair Hunter [email protected]