Abstract

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006-1 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification. The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification. NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

Begin

2022-12-08

WI

JT013057

Planned document number

DIN EN ISO/IEC 27706

Project number

04301029

Responsible national committee

NA 043-04-13 GA - DIN/DKE Joint working committee Cybersecurity  

Responsible european committee

CEN/CLC/JTC 13/WG 5 - Data Protection, Privacy and Identity Management  

Responsible international committee

ISO/IEC JTC 1/SC 27/WG 5 - Identity management and privacy technologies  

draft standard

Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC DIS 27006-2:2023); German and English version prEN ISO/IEC 27006-2:2023
2023-08
Order from DIN Media

Requirements for bodies providing audit and certification of privacy information management systems (ISO/IEC DIS 27706.2:2024); German and English version prEN ISO/IEC 27706:2024
2024-10
Order from DIN Media

previous edition(s)

Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC TS 27006-2:2021); German version CEN ISO/IEC/TS 27006-2:2022
2023-12

Order from DIN Media