ISO/IEC 27006:2024
ISO/IEC 27006 specifies requirements and provides guidance for bodies providing audit and certification of information security management systems (ISMS). It supplements ISO/IEC 17021-1 with ISMS-specific requirements for certification bodies, including auditor competence, audit time, and certification scope determination..
Domains
Annex C-E: Audit Time and Controls
Clause 9: Audit and Certification Process Requirements
Clause 8: Certification Documents and Information Requirements
Clause 7: Process Requirements — Competence
Clause 6: Resource Requirements
Frequently Asked Questions
Map ISO/IEC 27006:2024 to any other framework
Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.