: Provides a standardized formula to calculate how much time an audit should take based on organization size and complexity.
ISO/IEC 27006 specifies requirements for the of bodies certifying Information Security Management Systems (ISMS) against ISO/IEC 27001. It supplements the existing general requirements of ISO/IEC 17021-1 (Conformity assessment — Requirements for bodies providing audit and certification of management systems). iso 27006
| Stakeholder | How they use ISO/IEC 27006 | |-------------|----------------------------| | (e.g., UKAS, ANAB, DAkkS) | Assess certification bodies for ISO/IEC 27001 accreditation | | Certification bodies | Build internal competence schemes, calculate audit time, design auditor training | | ISMS auditors | Understand required knowledge (Annex A), follow audit time rules | | Organizations seeking certification | Verify that their chosen CB is accredited against ISO/IEC 27006 (not just ISO/IEC 27001) | : Provides a standardized formula to calculate how