Accreditation Requirements - Information Security Management Systems

Useful information

Type of Publication:

Accreditation documents and guidance

Document Date:

2024-05-17

Accreditation requirements

 

  • ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and
    certification of information security management systems
  • ISO/IEC 27006:2015/Amd 1:2020 – Information technology — Security techniques — Requirements for bodies providing
    audit and certification of information security management systems (with Amendment 1)
  • ISO/IEC 27006-1:2024 - Information security, cybersecurity and privacy protection - Requirements for bodies providing audit
    and certification of information security management systems - Part 1: General

 

Certification requirements

 

  • ISO/IEC 27001:2022
  • ISO/IEC 27001:2022/Amd 1:2024

 

Accreditation requirements for all management systems certification bodies

 

  • ISO/IEC 17021-1:2015 – Conformity assessment – Requirements for bodies providing audit and certification of management systems -- Part 1: Requirements
  • IAF MD 1:2023 – IAF Mandatory Document for the Certification of Multiple Sites Based on Sampling
  • IAF MD 2:2023 – IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems
  • IAF MD 4:2023 – IAF Mandatory Document for the Use of Information and Communication Technology (ICT) for Auditing/Assessment Purposes
  • IAF MD 11:2023 – Application of ISO/IEC 17021-1 for Audits of Integrated Management Systems (applies only to CBs certifying to multiple certification standards)

  • IAF MD 23:2023 – Control of Entities Operating on Behalf of Accredited Management Systems Certification Bodies

     

 

Buy standards 

Find IAF documents