iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST ISO/IEC 27006:2018

Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems

Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems

ISO/IEC 27006:2015 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021‑1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.
The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.
NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.

Technologies de l'information -- Techniques de sécurité -- Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information

La présente Norme internationale spécifie les exigences et fournit des recommandations pour les organismes procédant à l'audit et à la certification d'un système de management de la sécurité de l'information (SMSI), en plus des exigences contenues dans l'ISO/IEC 17021‑1 et l'ISO/IEC 27001. Elle a pour principal objet de soutenir l'accréditation des organismes de certification qui procèdent à la certification de SMSI.
Il est nécessaire que tout organisme qui procède à la certification de SMSI démontre qu'il respecte les exigences stipulées dans la présente Norme internationale en termes de compétences et de fiabilité, et les recommandations contenues dans la présente Norme internationale fournissent une interprétation supplémentaire de ces exigences pour tout organisme procédant à la certification de SMSI.
NOTE La présente Norme internationale peut être utilisée comme référentiel pour l'accréditation, l'évaluation par des pairs ou d'autres processus d'audit.

Informacijska tehnologija - Varnostne tehnike - Zahteve za organe, ki izvajajo presojanje in certificiranje sistemov upravljanja informacijske varnosti

Ta mednarodni standard določa zahteve in podaja navodila za organe, ki izvajajo presojanje in certificiranje sistemov upravljanja informacijske varnosti (ISMS), ter se uporablja kot dodatek k zahtevam, določenim v standardih ISO/IEC 17021-1 in ISO/IEC 27001. Uporablja se predvsem kot podpora
za akreditacijo certifikacijskih organov, ki izvajajo certifikacijo ISMS.
Za izpolnjevanje zahtev, ki jih vsebuje ta mednarodni standard, mora vsak organ, ki izvaja certifikacijo ISMS, izkazati kompetentnost in zanesljivost, navodila v tem mednarodnem standardu pa podajajo dodatno interpretacijo teh zahtev za vsak organ, ki izvaja certifikacijo ISMS.
OPOMBA: Ta mednarodni standard se lahko uporablja kot dokument z merili za akreditacijo, medsebojno ocenjevanje ali druge procese presojanja.

General Information

Status
Withdrawn
Publication Date
22-Oct-2018
Withdrawal Date
31-Jan-2022
ICS
03.100.70 - Management systems
03.120.20 - Product and company certification. Conformity assessment
35.030 - IT Security
Technical Committee
ITC - Information technology
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
01-Feb-2022
Due Date
24-Feb-2022
Completion Date
01-Feb-2022
Ref Project
ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems

Relations

Replaces
SIST ISO/IEC 27006:2012 - Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems
Effective Date
01-Nov-2018

Buy Standard

ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems Released:9/30/2015ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems Released:9/30/2015
PreviousNext
Standard
ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems Released:9/30/2015
English language
35 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27006:2018ISO/IEC 27006:2018
PreviousNext
Standard
ISO/IEC 27006:2018
English language
41 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
ISO/IEC 27006:2015 - Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systemsISO/IEC 27006:2015 - Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems
PreviousNext
Standard
ISO/IEC 27006:2015 - Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems
English language
35 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27006:2015 - Technologies de l'information — Techniques de sécurité — Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information Released:11/30/2020ISO/IEC 27006:2015 - Technologies de l'information — Techniques de sécurité — Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information Released:11/30/2020
PreviousNext
Standard
ISO/IEC 27006:2015 - Technologies de l'information — Techniques de sécurité — Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information Released:11/30/2020
French language
39 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27006:2015 - Technologies de l'information -- Techniques de sécurité -- Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'informationISO/IEC 27006:2015 - Technologies de l'information -- Techniques de sécurité -- Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information
PreviousNext
Standard
ISO/IEC 27006:2015 - Technologies de l'information -- Techniques de sécurité -- Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information
French language
39 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systemsISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
PreviousNext
Standard
ISO/IEC 27006:2015 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
Arabic language
39 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27006:2015ISO/IEC 27006:2015
PreviousNext
Standard
ISO/IEC 27006:2015
Arabic language
35 pages
sale 15% off
Preview
sale 15% off
Preview

Related Packages

ISO/IEC 27000 Information Technology Security Techniques Collection
ISO/IEC 27000 Information Technology Security Techniques Collection
11 documents
ISO/IEC 27001 / 27002 / 27005 / 27006 - IT Security Techniques Package
ISO/IEC 27001 / 27002 / 27005 / 27006 - IT Security Techniques Package
4 documents

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 27006
Third edition
2015-10-01
Information technology — Security
techniques — Requirements
for bodies providing audit and
certification of information security
management systems
Technologies de l’information — Techniques de sécurité — Exigences
pour les organismes procédant à l’audit et à la certification des
systèmes de management de la sécurité de l’information
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
5 General requirements . 2
5.1 Legal and contractual matters . 2
5.2 Management of impartiality . 2
5.2.1 IS 5.2 Conflicts of interest . 2
5.3 Liability and financing . 2
6 Structural requirements . 2
7 Resource requirements . 2
7.1 Competence of personnel . 2
7.1.1 IS 7.1.1 General considerations . 3
7.1.2 IS 7.1.2 Determination of Competence Criteria . 3
7.2 Personnel involved in the certification activities . 6
7.2.1 IS 7.2 Demonstration of auditor knowledge and experience . 6
7.3 Use of individual external auditors and external technical experts . 7
7.3.1 IS 7.3 Using external auditors or external technical experts as part of the
audit team . 7
7.4 Personnel records. 7
7.5 Outsourcing. 7
8 Information requirements . 8
8.1 Public information . 8
8.2 Certification documents . 8
8.2.1 IS 8.2 ISMS Certification documents . 8
8.3 Reference to certification and use of marks . 8
8.4 Confidentiality . 8
8.4.1 IS 8.4 Access to organizational records . 8
8.5 Information exchange between a certification body and its clients . 8
9 Process requirements . 8
9.1 Pre-certification activities . 8
9.1.1 Application . 8
9.1.2 Application review . 9
9.1.3 Audit programme . 9
9.1.4 Determining audit time .10
9.1.5 Multi-site sampling .10
9.1.6 Multiple management systems .11
9.2 Planning audits .11
9.2.1 Determining audit objectives, scope and criteria .11
9.2.2 Audit team selection and assignments .12
9.2.3 Audit plan .12
9.3 Initial certification .13
9.3.1 IS 9.3.1 Initial certification audit .13
9.4 Conducting audits .14
9.4.1 IS 9.4 General .14
9.4.2 IS 9.4 Specific elements of the ISMS audit .14
9.4.3 IS 9.4 Audit report .14
9.5 Certification decision .15
9.5.1 IS 9.5 Certification decision .15
© ISO/IEC 2015 – All rights reserved iii

9.6 Maintaining certification .15
9.6.1 General.15
9.6.2 Surveillance activities .15
9.6.3 Re-certification .16
9.6.4 Special audits .17
9.6.5 Suspending, withdrawing or reducing the scope of certification .17
9.7 Appeals .17
9.8 Complaints .17
9.8.1 IS 9.8 Complaints .17
9.9 Client records .17
10 Management system requirements for certification bodies .17
10.1 Options .17
10.1.1 IS 10.1 ISMS implementation .17
10.2 Option A: General management system requirements .17
10.3 Option B: Management system requirements in accordance with ISO 9001.17
Annex A (informative) Knowledge and skills for ISMS auditing and certification .18
Annex B (normative) Audit time .20
Annex C (informative) Methods for audit time calculations .25
Annex D (informative) Guidance for review of implemented ISO/IEC 27001:2013,
Annex A controls .28
Bibliography .35
iv © ISO/IEC 2015 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
...


SLOVENSKI STANDARD
01-november-2018
1DGRPHãþD
SIST ISO/IEC 27006:2012
Informacijska tehnologija - Varnostne tehnike - Zahteve za organe, ki izvajajo
presojanje in certificiranje sistemov upravljanja informacijske varnosti
Information technology -- Security techniques -- Requirements for bodies providing audit
and certification of information security management systems
Technologies de l'information -- Techniques de sécurité -- Exigences pour les
organismes procédant à l'audit et à la certification des systèmes de management de la
sécurité de l'information
Ta slovenski standard je istoveten z: ISO/IEC 27006:2015
ICS:
03.100.70 Sistemi vodenja Management systems
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO/IEC
STANDARD 27006
Third edition
2015-10-01
Information technology — Security
techniques — Requirements
for bodies providing audit and
certification of information security
management systems
Technologies de l’information — Techniques de sécurité — Exigences
pour les organismes procédant à l’audit et à la certification des
systèmes de management de la sécurité de l’information
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
5 General requirements . 2
5.1 Legal and contractual matters . 2
5.2 Management of impartiality . 2
5.2.1 IS 5.2 Conflicts of interest . 2
5.3 Liability and financing . 2
6 Structural requirements . 2
7 Resource requirements . 2
7.1 Competence of personnel . 2
7.1.1 IS 7.1.1 General considerations . 3
7.1.2 IS 7.1.2 Determination of Competence Criteria . 3
7.2 Personnel involved in the certification activities . 6
7.2.1 IS 7.2 Demonstration of auditor knowledge and experience . 6
7.3 Use of individual external auditors and external technical experts . 7
7.3.1 IS 7.3 Using external auditors or external technical experts as part of the
audit team . 7
7.4 Personnel records. 7
7.5 Outsourcing. 7
8 Information requirements . 8
8.1 Public information . 8
8.2 Certification documents . 8
8.2.1 IS 8.2 ISMS Certification documents . 8
8.3 Reference to certification and use of marks . 8
8.4 Confidentiality . 8
8.4.1 IS 8.4 Access to organizational records . 8
8.5 Information exchange between a certification body and its clients . 8
9 Process requirements . 8
9.1 Pre-certification activities . 8
9.1.1 Application . 8
9.1.2 Application review . 9
9.1.3 Audit programme . 9
9.1.4 Determining audit time .10
9.1.5 Multi-site sampling .10
9.1.6 Multiple management systems .11
9.2 Planning audits .11
9.2.1 Determining audit objectives, scope and criteria .11
9.2.2 Audit team selection and assignments .12
9.2.3 Audit plan .12
9.3 Initial certification .13
9.3.1 IS 9.3.1 Initial certification audit .13
9.4 Conducting audits .14
9.4.1 IS 9.4 General .14
9.4.2 IS 9.4 Specific elements of the ISMS audit .14
9.4.3 IS 9.4 Audit report .14
9.5 Certification decision .15
9.5.1 IS 9.5 Certification decision .15
© ISO/IEC 2015 – All rights reserved iii

9.6 Maintaining certification .15
9.6.1 General.15
9.6.2 Surveillance activities .15
9.6.3 Re-certification .16
9.6.4 Special audits .17
9.6.5 Suspending, withdrawing or reducing the scope of certification .17
9.7 Appeals .17
9.8 Complaints .17
9.8.1 IS 9.8 Complaints .17
9.9 Client records .17
10 Management system requirements for certification bodies .17
10.1 Options .17
10.1.1 IS 10.1 ISMS implementation .17
10.2 Option A: General management system requirements .17
10.3 Option B: Management system requirements in accordance with ISO 9001.17
Annex A (informative) Knowledge and skills for ISMS auditing and certification .18
Annex B (normative) Audit time .20
Annex C (informative) Methods for audit time calculations .
...


INTERNATIONAL ISO/IEC
STANDARD 27006
Third edition
2015-10-01
Information technology — Security
techniques — Requirements
for bodies providing audit and
certification of information security
management systems
Technologies de l’information — Techniques de sécurité — Exigences
pour les organismes procédant à l’audit et à la certification des
systèmes de management de la sécurité de l’information
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
5 General requirements . 2
5.1 Legal and contractual matters . 2
5.2 Management of impartiality . 2
5.2.1 IS 5.2 Conflicts of interest . 2
5.3 Liability and financing . 2
6 Structural requirements . 2
7 Resource requirements . 2
7.1 Competence of personnel . 2
7.1.1 IS 7.1.1 General considerations . 3
7.1.2 IS 7.1.2 Determination of Competence Criteria . 3
7.2 Personnel involved in the certification activities . 6
7.2.1 IS 7.2 Demonstration of auditor knowledge and experience . 6
7.3 Use of individual external auditors and external technical experts . 7
7.3.1 IS 7.3 Using external auditors or external technical experts as part of the
audit team . 7
7.4 Personnel records. 7
7.5 Outsourcing. 7
8 Information requirements . 8
8.1 Public information . 8
8.2 Certification documents . 8
8.2.1 IS 8.2 ISMS Certification documents . 8
8.3 Reference to certification and use of marks . 8
8.4 Confidentiality . 8
8.4.1 IS 8.4 Access to organizational records . 8
8.5 Information exchange between a certification body and its clients . 8
9 Process requirements . 8
9.1 Pre-certification activities . 8
9.1.1 Application . 8
9.1.2 Application review . 9
9.1.3 Audit programme . 9
9.1.4 Determining audit time .10
9.1.5 Multi-site sampling .10
9.1.6 Multiple management systems .11
9.2 Planning audits .11
9.2.1 Determining audit objectives, scope and criteria .11
9.2.2 Audit team selection and assignments .12
9.2.3 Audit plan .12
9.3 Initial certification .13
9.3.1 IS 9.3.1 Initial certification audit .13
9.4 Conducting audits .14
9.4.1 IS 9.4 General .14
9.4.2 IS 9.4 Specific elements of the ISMS audit .14
9.4.3 IS 9.4 Audit report .14
9.5 Certification decision .15
9.5.1 IS 9.5 Certification decision .15
© ISO/IEC 2015 – All rights reserved iii

9.6 Maintaining certification .15
9.6.1 General.15
9.6.2 Surveillance activities .15
9.6.3 Re-certification .16
9.6.4 Special audits .17
9.6.5 Suspending, withdrawing or reducing the scope of certification .17
9.7 Appeals .17
9.8 Complaints .17
9.8.1 IS 9.8 Complaints .17
9.9 Client records .17
10 Management system requirements for certification bodies .17
10.1 Options .17
10.1.1 IS 10.1 ISMS implementation .17
10.2 Option A: General management system requirements .17
10.3 Option B: Management system requirements in accordance with ISO 9001.17
Annex A (informative) Knowledge and skills for ISMS auditing and certification .18
Annex B (normative) Audit time .20
Annex C (informative) Methods for audit time calculations .25
Annex D (informative) Guidance for review of implemented ISO/IEC 27001:2013,
Annex A controls .28
Bibliography .35
iv © ISO/IEC 2015 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
...


NORME ISO/IEC
INTERNATIONALE 27006
Troisième édition
2015-10
Technologies de l'information —
Techniques de sécurité — Exigences
pour les organismes procédant
à l'audit et à la certification des
systèmes de management de la
sécurité de l'information
Information technology — Security techniques — Requirements
for bodies providing audit and certification of information security
management systems
Numéro de référence
©
ISO/IEC 2015
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2015
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO/IEC 2015 – Tous droits réservés

Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Principes . 1
5 Exigences générales . 2
5.1 Domaine juridique et contractuel . 2
5.2 Gestion de l’impartialité . 2
5.2.1 SI 5.2 Conflits d'intérêts . . 2
5.3 Responsabilité et situation financière . 2
6 Exigences structurelles . 2
7 Exigences relatives aux ressources . 2
7.1 Compétence du personnel . 2
7.1.1 SI 7.1.1 Considérations générales . 3
7.1.2 SI 7.1.2 Détermination des critères de compétence . 3
7.2 Personnel intervenant dans les activités de certification . 7
7.2.1 SI 7.2 Démonstration des connaissances et de l'expérience des auditeurs . 7
7.3 Intervention d’auditeurs et d’experts techniques externes individuels . 8
7.3.1 SI 7.3 Intervention d'auditeurs externes ou d'experts techniques externes
au sein de l'équipe d'audit . 8
7.4 Enregistrements relatifs au personnel . 8
7.5 Externalisation . 8
8 Exigences relatives aux informations . 8
8.1 Informations publiques . 8
8.2 Documents de certification . 8
8.2.1 SI 8.2 Documents de certification SMSI . 8
8.3 Référence à la certification et utilisation des marques . 9
8.4 Confidentialité . 9
8.4.1 SI 8.4 Accès aux enregistrements de l'organisation . 9
8.5 Échange d’informations entre l’organisme de certification et ses clients . 9
9 Exigences relatives aux processus . 9
9.1 Activités préalables à la certification . 9
9.1.1 Demande de certification . 9
9.1.2 Revue de la demande . 9
9.1.3 Programme d’audit . 9
9.1.4 Détermination du temps d'audit .10
9.1.5 Échantillonnage multisite .11
9.1.6 Systèmes de management multiples .12
9.2 Planification des audits.12
9.2.1 Détermination des objectifs, du domaine d’application et des critères de
l’audit .12
9.2.2 Constitution de l’équipe d’audit et affectation des missions .12
9.2.3 Plan d’audit .13
9.3 Certification initiale .14
9.3.1 SI 9.3.1 Audit de certification initiale .14
9.4 Réalisation des audits .15
9.4.1 SI 9.4 Généralités .15
9.4.2 SI 9.4 Éléments spécifiques de l'audit de SMSI .15
9.4.3 SI 9.4 Rapport d'audit .15
9.5 Décision de certification .16
© ISO/IEC 2015 – Tous droits réservés iii

9.5.1 SI 9.5 Décision de certification .16
9.6 Maintien de la certification.16
9.6.1 Généralités .16
9.6.2 Activités de surveillance .16
9.6.3 Recertification .17
9.6.4 Audits particuliers .18
9.6.5 Suspension, retrait ou réduction du domaine d’application de la certification .18
9.7 Appels .18
9.8 Plaintes .18
9.8.1 SI 9.8 Plaintes.18
9.9 Enregistrements relatifs au client .18
10 Exigences relatives au système de management des organismes de certification .18
10.1 Options .18
10.1.1 SI 10.1 Mise en œuvre du SMSI .18
10.2 Option A : Exigences générales relatives au système de management .18
10.3 Option B : Exigences relatives au système de management conformément à l’ISO 9001 .18
Annexe A (informative) Connaissances et savoir-faire requis pour l'audit et la certification
d'un SMSI .19
Annexe B (normative) Temps d'audit .21
Annexe C (informative) Méthodes de calcul du temps d'audit .26
Annexe D (informative) Recommandations pour la revue des mesures mises en œuvre de
l'Annexe A de l'ISO/IEC 27001:2013.30
Bibliographie .39
iv © ISO/IEC 2015 – Tous droits réservés

Avant-propos
L'ISO (Organisation internationale de normalisation) et l'IEC (Commission électrotechnique
internationale) forment le système spécialisé de la normalisation mondiale. Les organismes
nationaux membres de l'ISO ou de l'IEC participent au développement de Normes internationales
par l'intermédiaire des comités techniques créés par l'organisation concernée afin de s'occuper des
domaines particuliers de l'activité technique. Les comités techniques de l'ISO et de l'IEC collaborent
dans des domaines d'intérêt commun. D'autres organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l'ISO et l'IEC participent également aux travaux. Dans
...


NORME ISO/IEC
INTERNATIONALE 27006
Troisième édition
2015-10
Technologies de l'information —
Techniques de sécurité — Exigences
pour les organismes procédant
à l'audit et à la certification des
systèmes de management de la
sécurité de l'information
Information technology — Security techniques — Requirements
for bodies providing audit and certification of information security
management systems
Numéro de référence
©
ISO/IEC 2015
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2015
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO/IEC 2015 – Tous droits réservés

Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Principes . 1
5 Exigences générales . 2
5.1 Domaine juridique et contractuel . 2
5.2 Gestion de l’impartialité . 2
5.2.1 SI 5.2 Conflits d'intérêts . . 2
5.3 Responsabilité et situation financière . 2
6 Exigences structurelles . 2
7 Exigences relatives aux ressources . 2
7.1 Compétence du personnel . 2
7.1.1 SI 7.1.1 Considérations générales . 3
7.1.2 SI 7.1.2 Détermination des critères de compétence . 3
7.2 Personnel intervenant dans les activités de certification . 7
7.2.1 SI 7.2 Démonstration des connaissances et de l'expérience des auditeurs . 7
7.3 Intervention d’auditeurs et d’experts techniques externes individuels . 8
7.3.1 SI 7.3 Intervention d'auditeurs externes ou d'experts techniques externes
au sein de l'équipe d'audit . 8
7.4 Enregistrements relatifs au personnel . 8
7.5 Externalisation . 8
8 Exigences relatives aux informations . 8
8.1 Informations publiques . 8
8.2 Documents de certification . 8
8.2.1 SI 8.2 Documents de certification SMSI . 8
8.3 Référence à la certification et utilisation des marques . 9
8.4 Confidentialité . 9
8.4.1 SI 8.4 Accès aux enregistrements de l'organisation . 9
8.5 Échange d’informations entre l’organisme de certification et ses clients . 9
9 Exigences relatives aux processus . 9
9.1 Activités préalables à la certification . 9
9.1.1 Demande de certification . 9
9.1.2 Revue de la demande . 9
9.1.3 Programme d’audit . 9
9.1.4 Détermination du temps d'audit .10
9.1.5 Échantillonnage multisite .11
9.1.6 Systèmes de management multiples .12
9.2 Planification des audits.12
9.2.1 Détermination des objectifs, du domaine d’application et des critères de
l’audit .12
9.2.2 Constitution de l’équipe d’audit et affectation des missions .12
9.2.3 Plan d’audit .13
9.3 Certification initiale .14
9.3.1 SI 9.3.1 Audit de certification initiale .14
9.4 Réalisation des audits .15
9.4.1 SI 9.4 Généralités .15
9.4.2 SI 9.4 Éléments spécifiques de l'audit de SMSI .15
9.4.3 SI 9.4 Rapport d'audit .15
9.5 Décision de certification .16
© ISO/IEC 2015 – Tous droits réservés iii

9.5.1 SI 9.5 Décision de certification .16
9.6 Maintien de la certification.16
9.6.1 Généralités .16
9.6.2 Activités de surveillance .16
9.6.3 Recertification .17
9.6.4 Audits particuliers .18
9.6.5 Suspension, retrait ou réduction du domaine d’application de la certification .18
9.7 Appels .18
9.8 Plaintes .18
9.8.1 SI 9.8 Plaintes.18
9.9 Enregistrements relatifs au client .18
10 Exigences relatives au système de management des organismes de certification .18
10.1 Options .18
10.1.1 SI 10.1 Mise en œuvre du SMSI .18
10.2 Option A : Exigences générales relatives au système de management .18
10.3 Option B : Exigences relatives au système de management conformément à l’ISO 9001 .18
Annexe A (informative) Connaissances et savoir-faire requis pour l'audit et la certification
d'un SMSI .19
Annexe B (normative) Temps d'audit .21
Annexe C (informative) Méthodes de calcul du temps d'audit .26
Annexe D (informative) Recommandations pour la revue des mesures mises en œuvre de
l'Annexe A de l'ISO/IEC 27001:2013.30
Bibliographie .39
iv © ISO/IEC 2015 – Tous droits réservés

Avant-propos
L'ISO (Organisation internationale de normalisation) et l'IEC (Commission électrotechnique
internationale) forment le système spécialisé de la normalisation mondiale. Les organismes
nationaux membres de l'ISO ou de l'IEC participent au développement de Normes internationales
par l'intermédiaire des comités techniques créés par l'organisation concernée afin de s'occuper des
domaines particuliers de l'activité technique. Les comités techniques de l'ISO et de l'IEC collaborent
dans des domaines d'intérêt commun. D'autres organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l'ISO et l'IEC participent également aux travaux. Dans
...


ةيلودلا ةيسايقلا ةفصاوملا
ةينقتورهكلا ةيلودلا ةنجللا /وزـــيأ
ةيمسرلا ةمجرتلا
Official translation
Tradition officials
ثلاثلا رادصلإا
5102-01-10
قيقدتلا تاهج تابلطتم – نملأا تاينقت -- تامولعملا ايجولونكت
تامولعملا نمأ ةرادإ مظنل تاداهشلا رادصإو
Information technology — Security techniques — Requirements for bodies
providing audit and certification of information security management
systems (E)
Technologies de l’information — Techniques de sécurité — Exigences
pour les organismes procédant à l’audit et à la certification dessystèmes de
management de la sécurité de l’information(F)

يف ةمئاقلا رظنا( ةمجرتلا ةقد تدمتعأ يتلاISO يف ءاضعأ تائيه01نع ةبانلإاب ةيمسر ةيبرع ةمجرتك ارسيوس ،فينج يف ISO ةيزكرملا ةناملأا يف تعبط
.)ii ةحفص
ىعجرملا مقرلا
ISO\IEC 27006:2015 (A)
ةيمسرلا ةمجرتلا
©ISO 2015
)ع( 5102/50112 يس يإ يأ/وزيأ
)هيونت( ةيلوئسم ءلاخإ
اذنه ةنعابط ننكمي هنإف Adobe ـل صيخرتلا ةسايس بجومبو ،ةجمدُم طوطخ ىلع )PDF( فلملا اذه يوتحي دق
متي يذلا بوساحلا يف ةلَّمحُمو ةصخرُمهيف ةجمدُملا طوطخلا نكت مل ام هليدعت متي َّلاأ ىلع ،هيلععلاطلاا وأ فلملا
ينف ،Adobe ـل صيخرتلا ةسايسب للاخلإا مدع ةيلوئسم - فلملا اذه ليزنت دنع - فارطلأا لمحتت و.ليدعتلا هيف
.لاجملا اذه لايح ةينوناق ةيلوئسم يأ لمحتت لاوزيلألةماعلا ةيراتركسلا نأنيح
Adobe.ـلا مظنل ةدحتملا ةكرشلل ةلجسم ةيراجت ةملاع Adobe ـلا دعت
ةنماعلا تانمولعملا ننم فنلملا اذنه ءانشنإ ينف ةمدختنسملا مماربلانب ةنصاخلا لينصافتلا نيمج ينلع لوصحلا نكمي
نونكي نأ ينعوُر ثنيح ،)PDF( ءانشنإ يف ةلخادلا تاريغتملا تن سُح دقف ةعابطلا لجلأو ، )PDF(فلمب ةقلعتملا
، فنلملا اذنهب لنلعتت ةلكنشم يأ شودنح ةنلاح ينفو ، ينيقتلل ةنيلودلا ةنمظنملا ءاضعلأ امئلام فلملا اذه مادختسا
.هاندأ لجسملا ناونعلا ىلع ةماعلا ةيراتركسلا غلابإ ىجرُي

ةفصاوملا تدمتعا يتلا ةيبرعلا سييقتلا تاهج
ندرلأا
ةيندرلأا سيياقملاو تافصاوملا ةسسؤم 
تاراملإا
سيياقملاو تافصاوملل تاراملإا ةئيه  
رئازجلا
سييقتلل يرئازجلا دهعملا  
ةيدوعسلا
سيياقملاو تافصاوملل ةيدوعسلا ةئيهلا  
قارعلا
ةيعونلا ةرطيسلاو سييقتلل يزكرملا زاهجلا 
تيوكلا
ةعانصلل ةماعلا ةئيهلا 
نادوسلا
سيياقملاو تافصاوملل ةينادوسلا ةئيهلا 
نميلا
ةدوجلا طبضو سيياقملاو تافصاوملل ةينميلا ةئيهلا 
سنوت
ةيعانصلا ةيكلملاو تافصاوملل ينطولا دهعملا 
ايروس
ةيروسلا ةيبرعلا سيياقملاو تافصاوملا ةئيه 
ايبيل
ةيسايقلا ريياعملاو تافصاوملل ينطولا زكرملا 
رصم
ةدوجلاو تافصاوملل ةماعلا ةيرصملا ةئيهلا 

رشنلاو عبطلا قوقح ةيامح ةقيثو
©5102وزيأ
ةليسو يأب وأ لكش يأب همادختسا وأ رادصلإا اذه نم ءزج يأ جاتنإ ةداعإ زوجي لا ،كلذ فلاخ دري كل امو .ةظوفحم قوقحلا يمج
دحا وأ هاندأ ناونعلا ىلع ييقتلل ةيلودلا ةمظنملا نم امإ يطخ نذإ نود ةقيقدلا ملافلأاو خسنلا كلذ يف امب ةيكيناكيم وأ ةينورتكلا
.ةبلاطلا ةهجلا ةلود يف ييقتلل ةيلودلا ةمظنملا يف ءاضعلأا تائيهلا
ييقتلل ةيلودلا ةمظنملا ةيكلم قوقح بتكم
51 فينج -Ch-1211- 22 :يديربلا زمرلا
1120550221000 :فتاه
1120550221220 : كاف
copyright@iso.org :ينورتكلا ديرب
www.iso.org :ينورتكللاا قوملا
5100يف ةيبرعلاةخسنلا رشن مت
ارسيوس يف رشنلا مت
)ع( 5102/50112يس يإ يأ / وزيأ
تايوتحملا
v  .ديهمت
iv . . ةمدقم
1   .   لاجملا -1
1 .  ةيليمكتلا عجارملا -6
1 .  فيراعتلاو تاحلطصملا -3
1    . ئدابملا -4
............................................................................................................ 6 ةماعلا تابلطتملا -5
........................................................................................ 5  ةيدقاعتلاو ةينوناقلا نوئشلا 0/2
.......................................................................................... 5 ............... ةيدايحلا ةرادإ 5/2
5    . )حلاصملا( تامامتهلاا ضراعت5/2 مأ 0/5/2
................................................................................................. 5 ليومتلاو تامازتللاا 3/2
......................................................................................................... 6 ةيلكيهلا تابلطتملا -2
.......................................................................................................... 3 دراوملا تابلطتم -0
3    . دارفلأا تاءافك0/0
3    . ةماع تارابتعا 0/0/0
................................................................................... 3 .. رادتقلاا ريياعم ديدحت 5/0/0
2    . ليدصتلا تاطاشن يف نوكراشملا دارفلأا 5/0
2    . لقدملا تاربخو فراعم نايب 0/5/0
0    . جراخلا نم نيينفلا ءاربخلاو جراخلا نم دارفلأا نيققدملا مادختسا 3/0
0    . ليقدتلا ليرف نمءزجك جراخلا نم نيينفلا ءاربخلاو جراخلا نم نيققدملا مادختسا 0/3/0
..........................................................................................0 .......... نيلماعلا تلاجس 2 /0
0    .  ةمظنملا جراخ نم نيلماعلاب ةناعتسلاا 2/0
0   . تامولعملا تابلطتم -8
0    . ةماعلا تامولعملا0/8
0 . ليدصتلا تادنتسم5/8
0    . تامولعملا نمأ ةرادإ ماظن تاداهش لئاثو0/5/8
8    . تاملاعلا مادختساو ةداهشلا ىلإ ةراشلإا 3/8
8 . ةيرسلا2/8
8    . ةيميظنتلا تلاجسلا ىلإ لوصولا 0/2/8
8    . اهئلامعو تاداهشلا رادصإ ةهج نيب تامولعملا لدابت 2/8
8   . تايلمعلا تابلطتم -9
8   . ليدصتلا / حنملا لبق ام تابلطتم 0/2
8   . ليبطتلا ميدقت 0/0/2
8   . ليبطتلا ةعجارم5/0/2
8   . ةعجارملا ممانرب3/0/2
01 . ليقدتلا نمز ديدحت2/0/2
00    .  قاوملا ددعت لظ يف تانيعلا 2/0/2
00   . ةرادلإا مظن ددعت2/0/2
00   . تاقيقدتلا طيطخت5/2
00   . هريياعمو هلاجمو ليقدتلا فادهأ ديدحت0/5/2
00   . هئاضعأ تافيلكت ديدحتو ليقدتلا ليرفرايتخا5/5/2
05   . ليقدتلا ةطخ3/5/2
05    . ىلولأا ليدصتلا3/2
05    . ىلولأا تاداهشلا حنم ليقدت 0/3/2
03    . تاقيقدتلا ءارجإ 2/2
03  . ماع0/2/2

iii
ISO 2015 © ةظوفحم قوقحلا عيمج
)ع( 5102/50112 يس يإ يأ/وزيأ
03  . تامولعملا نمأةرادإ مظن ليقدتل ةصاخلارصانعلا 5/2/2
03    . ليقدتلا ريرقت 3/2/2
03    . ليدصتلا رارق 2/2
02  . ليدصتلا رارق0/2/2
02 . ليدصتلا ةنايص 2/2
02     . ماع0/2/2
02     .ةبقارملا ليقدت5/2/2
02    . ةداهشلا رادصا 3/2/2
02    . ةصاخلا تاقيقدتلا 2/2/2
02     . ةداهشلا لاجم صيلقتوأ بحسوأ ليلعت 2/2/2
02     . راسفتسلاا0/2
0 0    . ىواكشلا8/2
00     . ىواكشلا0/8/2
00     . ءلامعلا تلاجس2/2
10    . ةداهشلا حنم تاهجل ةرادلإا ماظن تابلطتم -17
00    . تارايخلا 0/01
00  .تامولعملا نمأ ةرادإ ماظن ليبطت0/01 مأ0/0/01
00  . ةماعلا ةرادلإا ماظن تابلطتم :أرايخلا5/01
00   . 2110وزيلاا ةفصاوملل اقبط ةماعلا ةرادلإا ماظن تابلطتم :برايخلا3/01
08    . اهيلع قيدصتلاو تامولعملا نمأ ةرادإ مظن قيقدتل ةبولطملا تاراعملاو فراعملا )يداشرتسا -أ( قحلم
51    . قيقدتلا نمز )يعجرم - ب( قحلم
52    . قيقدتلا نمز باستحا قرط )يداشرتسا - ج( قحلم
،6713/60771ىس يأ / وزيا ةفصاوملا ةعجارمب تاداشرإ )يداشرتسا - د( قحلم

..............................................................................................................طباوضلا )ـه( قحلملاو
...................................................................................................................... رداصملا
)ع( 5102/50112يس يإ يأ / وزيأ
ديهمت
ابلاغو،)وزيلأا يف ءاضعلأا تاهجلا( ةينطولا ييقتلا تاهجل يملاع داحتا يه ) ييقتلل ةيلودلا ةمظنملا( وزيلأا
دق عوضومب مامتها اهل وضعلا ةهجلا تناك اذإو،وزيلأل ةينفلا ناجللا للاخ نم ةيلودلا تافصاوملا دادعإ متيام
ّ
تامظنملا كلذك لمعلا يف كراشيو.ةنجللا كلت يف لثمم هل نوكي نأ يف لحلا وضعلا اذهل نإف ،ةينف ةنجل هل تل كُش
ةيلودلا ةنجللا م اقيثو انواعت وزيلأا نواعتتو.وزيلأا م لصاوت اهل يتلا ،ةيموكحلا ريغو اهنم ةيموكحلا ةيلودلا
.ينقت ورهكلا لاجملا يف ييقتلا مهت يتلا روملأا يمج يف )IEC( ةينقتورهكلا
.يناثلا ءزجلا - يس يإ يأ/وزيلأا تاهيجوت يف ةدراولا حئاولل اقفو ةيلودلا تافصاوملا غاصتو
تائيهلا ىلع ةيلودلا تافصاوملا يراشم يزوت متيو .ةيلودلا تافصاوملا دادعا وه ةينفلا ناجلل ةيسيئرلا ةمهملا
ةينطولا تائيهلا نم لقلأا ىلع %02 ةقفاوم ةيلود تافصاومك يراشملا هذه رادصا بلطتيو.تيوصتلل ةينطولا
.تيوصتلا اهل لحي يتلا
لنمحتت ننلو .عارنتخلاا ةءارنب قونقحل ةعنضاخ ةنقيثولا هذه رصانع ضعب نوكت نأ ةيلامتحا ىلإ هابتنلاا تفل دونو
.اهعيمج وأ قوقحلا هذه نم ّيأ ديدحت ةيلوؤسم (ISO) ييقتلل ةيلودلا ةمظنملا

ةكرتشملا ب ةصاخلا ،ةينفلا ةنجللا ةطساوب 50112ةينقت ورهكلا ةيلودلا ةنجللا /وزـــيلأا ةفصاوم دادعإ مت دقو
ISO / IEC JTC 1ةيعرفلا ةنجللا ،تامولعملا ايجولونكت ، SC 27نملأا تاينقت ،.
،ةينفلا ةيحانلا نم اهحيقنت مت ثيح (ISO / IEC 27006: 2011) ةيناثلا ةعبطلا ،ةثلاثلا ةعبطلا هذه ىغلت

v
ISO 2015 © ةظوفحم قوقحلا عيمج
)ع( 5102/50112 يس يإ يأ/وزيأ
ةمدقم
ةرادلإا مظنل تاداهشلا حنمو ليقدت ىلع ةمئاقلا تاهجلل ريياعملا 00150 يس يإ يا /وزيا ةفصاوملا ضت
حنمو ليقدت فدهب 00150 ىس يإ يا /وزيا ةفصاوملل ةلثتممك دمتعت نأ تامظنملا هذهل ناك نإف .تامظنملل
كانه نإف ،5112 :50110 ىس ىإ يا /وزيا ةفصاوملل اقبط(ISMS) تامولعملا نمأ ةرادإ مظنل ةداهشلا
ةفصاوملا هذه همدقت ام وهو .00150 ىس ىإ يا /وزيا ةفصاوملل ةيرورض ةيفاضإ تاداشرإو تابلطتم
.ةيلودلا
تابلطتملا زييمت مت دقو ،00150 ىس ىإ يا /وزيا ةفصاوملا لكيه فن ةيلودلا ةفصاوملا هذه يف صنلا بتي
ىس ىإ يا /وزيا ةفصاوملا ليبطت دنع(ISMS) تامولعملا نمأ ةرادإ مظنب ةصاخلا ةيفاضلإا تاداشرلإاو
." م أ " “IS”فرحلأاب (ISMS) تامولعملا نمأ ةرادإ مظنل تاداهشلا حنم ىف ،0-00150
نيتفصاوملا تابلطتم ةيمازلإ كعت يتلا ماكحلأا كلت نايبل ةيلودلا ةفصاوملا هذه ىف " بجي " ريبعتلا مدختسي
ةيصوتلا ىنعم لمحيل " يغبني " ريبعتلا مدختسي اميف .50110 ىس ىإ يا /وزياو00150 ىس ىإ يا /وزيا
.ليضفتلاو حصنلاو
يتلا ريياعملل اهقيبطت يف ةيلاعف رثكأ مغانت نم دامتعلاا تاهج نيكمت وه ةيلودلا ةفصاوملا هذهل
...


ةيلودلا ةيسايقلا ةفصاوملا
ةينقتورهكلا ةيلودلا ةنجللا /وزـــيأ
ةيمسرلا ةمجرتلا
Official translation
Tradition officials
ثلاثلا رادصلإا
5102-01-10
قيقدتلا تاهج تابلطتم – نملأا تاينقت -- تامولعملا ايجولونكت
تامولعملا نمأ ةرادإ مظنل تاداهشلا رادصإو
Information technology — Security techniques — Requirements for bodies
providing audit and certification of information security management
systems (E)
Technologies de l’information — Techniques de sécurité — Exigences
pour les organismes procédant à l’audit et à la certification dessystèmes de
management de la sécurité de l’information(F)

يف ةمئاقلا رظنا( ةمجرتلا ةقد تدمتعأ يتلاISO يف ءاضعأ تائيه01نع ةبانلإاب ةيمسر ةيبرع ةمجرتك ارسيوس ،فينج يف ISO ةيزكرملا ةناملأا يف تعبط
.)ii ةحفص
ىعجرملا مقرلا
ISO\IEC 27006:2015 (A)
ةيمسرلا ةمجرتلا
©ISO 2015
)ع( 5102/50112 يس يإ يأ/وزيأ
)هيونت( ةيلوئسم ءلاخإ
اذنه ةنعابط ننكمي هنإف Adobe ـل صيخرتلا ةسايس بجومبو ،ةجمدُم طوطخ ىلع )PDF( فلملا اذه يوتحي دق
متي يذلا بوساحلا يف ةلَّمحُمو ةصخرُمهيف ةجمدُملا طوطخلا نكت مل ام هليدعت متي َّلاأ ىلع ،هيلععلاطلاا وأ فلملا
ينف ،Adobe ـل صيخرتلا ةسايسب للاخلإا مدع ةيلوئسم - فلملا اذه ليزنت دنع - فارطلأا لمحتت و.ليدعتلا هيف
.لاجملا اذه لايح ةينوناق ةيلوئسم يأ لمحتت لاوزيلألةماعلا ةيراتركسلا نأنيح
Adobe.ـلا مظنل ةدحتملا ةكرشلل ةلجسم ةيراجت ةملاع Adobe ـلا دعت
ةنماعلا تانمولعملا ننم فنلملا اذنه ءانشنإ ينف ةمدختنسملا مماربلانب ةنصاخلا لينصافتلا نيمج ينلع لوصحلا نكمي
نونكي نأ ينعوُر ثنيح ،)PDF( ءانشنإ يف ةلخادلا تاريغتملا تن سُح دقف ةعابطلا لجلأو ، )PDF(فلمب ةقلعتملا
، فنلملا اذنهب لنلعتت ةلكنشم يأ شودنح ةنلاح ينفو ، ينيقتلل ةنيلودلا ةنمظنملا ءاضعلأ امئلام فلملا اذه مادختسا
.هاندأ لجسملا ناونعلا ىلع ةماعلا ةيراتركسلا غلابإ ىجرُي

ةفصاوملا تدمتعا يتلا ةيبرعلا سييقتلا تاهج
ندرلأا
ةيندرلأا سيياقملاو تافصاوملا ةسسؤم 
تاراملإا
سيياقملاو تافصاوملل تاراملإا ةئيه  
رئازجلا
سييقتلل يرئازجلا دهعملا  
ةيدوعسلا
سيياقملاو تافصاوملل ةيدوعسلا ةئيهلا  
قارعلا
ةيعونلا ةرطيسلاو سييقتلل يزكرملا زاهجلا 
تيوكلا
ةعانصلل ةماعلا ةئيهلا 
نادوسلا
سيياقملاو تافصاوملل ةينادوسلا ةئيهلا 
نميلا
ةدوجلا طبضو سيياقملاو تافصاوملل ةينميلا ةئيهلا 
سنوت
ةيعانصلا ةيكلملاو تافصاوملل ينطولا دهعملا 
ايروس
ةيروسلا ةيبرعلا سيياقملاو تافصاوملا ةئيه 
ايبيل
ةيسايقلا ريياعملاو تافصاوملل ينطولا زكرملا 
رصم
ةدوجلاو تافصاوملل ةماعلا ةيرصملا ةئيهلا 

رشنلاو عبطلا قوقح ةيامح ةقيثو
©5102وزيأ
ةليسو يأب وأ لكش يأب همادختسا وأ رادصلإا اذه نم ءزج يأ جاتنإ ةداعإ زوجي لا ،كلذ فلاخ دري كل امو .ةظوفحم قوقحلا يمج
دحا وأ هاندأ ناونعلا ىلع ييقتلل ةيلودلا ةمظنملا نم امإ يطخ نذإ نود ةقيقدلا ملافلأاو خسنلا كلذ يف امب ةيكيناكيم وأ ةينورتكلا
.ةبلاطلا ةهجلا ةلود يف ييقتلل ةيلودلا ةمظنملا يف ءاضعلأا تائيهلا
ييقتلل ةيلودلا ةمظنملا ةيكلم قوقح بتكم
51 فينج -Ch-1211- 22 :يديربلا زمرلا
1120550221000 :فتاه
1120550221220 : كاف
copyright@iso.org :ينورتكلا ديرب
www.iso.org :ينورتكللاا قوملا
5100يف ةيبرعلاةخسنلا رشن مت
ارسيوس يف رشنلا مت
)ع( 5102/50112يس يإ يأ / وزيأ
تايوتحملا
v  .ديهمت
iv . . ةمدقم
1   .   لاجملا -1
1 .  ةيليمكتلا عجارملا -6
1 .  فيراعتلاو تاحلطصملا -3
1    . ئدابملا -4
............................................................................................................ 6 ةماعلا تابلطتملا -5
........................................................................................ 5  ةيدقاعتلاو ةينوناقلا نوئشلا 0/2
.......................................................................................... 5 ............... ةيدايحلا ةرادإ 5/2
5    . )حلاصملا( تامامتهلاا ضراعت5/2 مأ 0/5/2
................................................................................................. 5 ليومتلاو تامازتللاا 3/2
......................................................................................................... 6 ةيلكيهلا تابلطتملا -2
.......................................................................................................... 3 دراوملا تابلطتم -0
3    . دارفلأا تاءافك0/0
3    . ةماع تارابتعا 0/0/0
................................................................................... 3 .. رادتقلاا ريياعم ديدحت 5/0/0
2    . ليدصتلا تاطاشن يف نوكراشملا دارفلأا 5/0
2    . لقدملا تاربخو فراعم نايب 0/5/0
0    . جراخلا نم نيينفلا ءاربخلاو جراخلا نم دارفلأا نيققدملا مادختسا 3/0
0    . ليقدتلا ليرف نمءزجك جراخلا نم نيينفلا ءاربخلاو جراخلا نم نيققدملا مادختسا 0/3/0
..........................................................................................0 .......... نيلماعلا تلاجس 2 /0
0    .  ةمظنملا جراخ نم نيلماعلاب ةناعتسلاا 2/0
0   . تامولعملا تابلطتم -8
0    . ةماعلا تامولعملا0/8
0 . ليدصتلا تادنتسم5/8
0    . تامولعملا نمأ ةرادإ ماظن تاداهش لئاثو0/5/8
8    . تاملاعلا مادختساو ةداهشلا ىلإ ةراشلإا 3/8
8 . ةيرسلا2/8
8    . ةيميظنتلا تلاجسلا ىلإ لوصولا 0/2/8
8    . اهئلامعو تاداهشلا رادصإ ةهج نيب تامولعملا لدابت 2/8
8   . تايلمعلا تابلطتم -9
8   . ليدصتلا / حنملا لبق ام تابلطتم 0/2
8   . ليبطتلا ميدقت 0/0/2
8   . ليبطتلا ةعجارم5/0/2
8   . ةعجارملا ممانرب3/0/2
01 . ليقدتلا نمز ديدحت2/0/2
00    .  قاوملا ددعت لظ يف تانيعلا 2/0/2
00   . ةرادلإا مظن ددعت2/0/2
00   . تاقيقدتلا طيطخت5/2
00   . هريياعمو هلاجمو ليقدتلا فادهأ ديدحت0/5/2
00   . هئاضعأ تافيلكت ديدحتو ليقدتلا ليرفرايتخا5/5/2
05   . ليقدتلا ةطخ3/5/2
05    . ىلولأا ليدصتلا3/2
05    . ىلولأا تاداهشلا حنم ليقدت 0/3/2
03    . تاقيقدتلا ءارجإ 2/2
03  . ماع0/2/2

iii
ISO 2015 © ةظوفحم قوقحلا عيمج
)ع( 5102/50112 يس يإ يأ/وزيأ
03  . تامولعملا نمأةرادإ مظن ليقدتل ةصاخلارصانعلا 5/2/2
03    . ليقدتلا ريرقت 3/2/2
03    . ليدصتلا رارق 2/2
02  . ليدصتلا رارق0/2/2
02 . ليدصتلا ةنايص 2/2
02     . ماع0/2/2
02     .ةبقارملا ليقدت5/2/2
02    . ةداهشلا رادصا 3/2/2
02    . ةصاخلا تاقيقدتلا 2/2/2
02     . ةداهشلا لاجم صيلقتوأ بحسوأ ليلعت 2/2/2
02     . راسفتسلاا0/2
0 0    . ىواكشلا8/2
00     . ىواكشلا0/8/2
00     . ءلامعلا تلاجس2/2
10    . ةداهشلا حنم تاهجل ةرادلإا ماظن تابلطتم -17
00    . تارايخلا 0/01
00  .تامولعملا نمأ ةرادإ ماظن ليبطت0/01 مأ0/0/01
00  . ةماعلا ةرادلإا ماظن تابلطتم :أرايخلا5/01
00   . 2110وزيلاا ةفصاوملل اقبط ةماعلا ةرادلإا ماظن تابلطتم :برايخلا3/01
08    . اهيلع قيدصتلاو تامولعملا نمأ ةرادإ مظن قيقدتل ةبولطملا تاراعملاو فراعملا )يداشرتسا -أ( قحلم
51    . قيقدتلا نمز )يعجرم - ب( قحلم
52    . قيقدتلا نمز باستحا قرط )يداشرتسا - ج( قحلم
،6713/60771ىس يأ / وزيا ةفصاوملا ةعجارمب تاداشرإ )يداشرتسا - د( قحلم

..............................................................................................................طباوضلا )ـه( قحلملاو
...................................................................................................................... رداصملا
)ع( 5102/50112يس يإ يأ / وزيأ
ديهمت
ابلاغو،)وزيلأا يف ءاضعلأا تاهجلا( ةينطولا ييقتلا تاهجل يملاع داحتا يه ) ييقتلل ةيلودلا ةمظنملا( وزيلأا
دق عوضومب مامتها اهل وضعلا ةهجلا تناك اذإو،وزيلأل ةينفلا ناجللا للاخ نم ةيلودلا تافصاوملا دادعإ متيام
ّ
تامظنملا كلذك لمعلا يف كراشيو.ةنجللا كلت يف لثمم هل نوكي نأ يف لحلا وضعلا اذهل نإف ،ةينف ةنجل هل تل كُش
ةيلودلا ةنجللا م اقيثو انواعت وزيلأا نواعتتو.وزيلأا م لصاوت اهل يتلا ،ةيموكحلا ريغو اهنم ةيموكحلا ةيلودلا
.ينقت ورهكلا لاجملا يف ييقتلا مهت يتلا روملأا يمج يف )IEC( ةينقتورهكلا
.يناثلا ءزجلا - يس يإ يأ/وزيلأا تاهيجوت يف ةدراولا حئاولل اقفو ةيلودلا تافصاوملا غاصتو
تائيهلا ىلع ةيلودلا تافصاوملا يراشم يزوت متيو .ةيلودلا تافصاوملا دادعا وه ةينفلا ناجلل ةيسيئرلا ةمهملا
ةينطولا تائيهلا نم لقلأا ىلع %02 ةقفاوم ةيلود تافصاومك يراشملا هذه رادصا بلطتيو.تيوصتلل ةينطولا
.تيوصتلا اهل لحي يتلا
لنمحتت ننلو .عارنتخلاا ةءارنب قونقحل ةعنضاخ ةنقيثولا هذه رصانع ضعب نوكت نأ ةيلامتحا ىلإ هابتنلاا تفل دونو
.اهعيمج وأ قوقحلا هذه نم ّيأ ديدحت ةيلوؤسم (ISO) ييقتلل ةيلودلا ةمظنملا

ةكرتشملا ب ةصاخلا ،ةينفلا ةنجللا ةطساوب 50112ةينقت ورهكلا ةيلودلا ةنجللا /وزـــيلأا ةفصاوم دادعإ مت دقو
ISO / IEC JTC 1ةيعرفلا ةنجللا ،تامولعملا ايجولونكت ، SC 27نملأا تاينقت ،.
،ةينفلا ةيحانلا نم اهحيقنت مت ثيح (ISO / IEC 27006: 2011) ةيناثلا ةعبطلا ،ةثلاثلا ةعبطلا هذه ىغلت

v
ISO 2015 © ةظوفحم قوقحلا عيمج
)ع( 5102/50112 يس يإ يأ/وزيأ
ةمدقم
ةرادلإا مظنل تاداهشلا حنمو ليقدت ىلع ةمئاقلا تاهجلل ريياعملا 00150 يس يإ يا /وزيا ةفصاوملا ضت
حنمو ليقدت فدهب 00150 ىس يإ يا /وزيا ةفصاوملل ةلثتممك دمتعت نأ تامظنملا هذهل ناك نإف .تامظنملل
كانه نإف ،5112 :50110 ىس ىإ يا /وزيا ةفصاوملل اقبط(ISMS) تامولعملا نمأ ةرادإ مظنل ةداهشلا
ةفصاوملا هذه همدقت ام وهو .00150 ىس ىإ يا /وزيا ةفصاوملل ةيرورض ةيفاضإ تاداشرإو تابلطتم
.ةيلودلا
تابلطتملا زييمت مت دقو ،00150 ىس ىإ يا /وزيا ةفصاوملا لكيه فن ةيلودلا ةفصاوملا هذه يف صنلا بتي
ىس ىإ يا /وزيا ةفصاوملا ليبطت دنع(ISMS) تامولعملا نمأ ةرادإ مظنب ةصاخلا ةيفاضلإا تاداشرلإاو
." م أ " “IS”فرحلأاب (ISMS) تامولعملا نمأ ةرادإ مظنل تاداهشلا حنم ىف ،0-00150
نيتفصاوملا تابلطتم ةيمازلإ كعت يتلا ماكحلأا كلت نايبل ةيلودلا ةفصاوملا هذه ىف " بجي " ريبعتلا مدختسي
ةيصوتلا ىنعم لمحيل " يغبني " ريبعتلا مدختسي اميف .50110 ىس ىإ يا /وزياو00150 ىس ىإ يا /وزيا
.ليضفتلاو حصنلاو
يتلا ريياعملل اهقيبطت يف ةيلاعف رثكأ مغانت نم دامتعلاا تاهج نيكمت وه ةيلودلا ةفصاوملا هذهل
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO/IEC 27007:2022(Main)
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)
EN ISO/IEC 27007:2022

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011.
This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST ISO/IEC DIS 27009:2019(Main)
Information technology -- Security techniques -- Sector-specific application of ISO/IEC 27001 -- Requirements
ISO/IEC 27009:2020

This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market).
This document explains how to:
— include requirements in addition to those in ISO/IEC 27001,
— refine or interpret any of the ISO/IEC 27001 requirements,
— include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
— modify any of the controls of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
— add guidance to or modify the guidance of ISO/IEC 27002.
This document specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001.
This document is applicable to those involved in producing sector-specific standards.

  • Standard
    18 pages
    English language
    sale 15% off
  • Standard
    18 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27007:2022(Main)
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)
EN ISO/IEC 27007:2022

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011.
This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST ISO/IEC DIS 27009:2019(Main)
Information technology -- Security techniques -- Sector-specific application of ISO/IEC 27001 -- Requirements
ISO/IEC 27009:2020

This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market).
This document explains how to:
— include requirements in addition to those in ISO/IEC 27001,
— refine or interpret any of the ISO/IEC 27001 requirements,
— include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
— modify any of the controls of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
— add guidance to or modify the guidance of ISO/IEC 27002.
This document specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001.
This document is applicable to those involved in producing sector-specific standards.

  • Standard
    18 pages
    English language
    sale 15% off
  • Standard
    18 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62391-2:2025(Main)
Fixed electric double-layer capacitors for use in electronic equipment - Part 2: Sectional specfication - Electric double layer capacitors for power application (IEC 62391-2:2025)
EN IEC 62391-2:2025

IEC 62391-2:2025 applies to electric double-layer capacitors for power application.
Electric double-layer capacitors for power are intended for applications that require discharge currents in the range from mA to A. The characteristics of the capacitors include such performance as relatively high capacitance and low internal resistance, which is applicable to Class 3 and Class 5 of the measurement classification specified in IEC 62391-1:2022.
The object of this document is to specify preferred ratings and characteristics and to select from IEC 62391-1:2022 the appropriate quality assessment procedures, tests and measuring methods and to give general performance requirements for this type of capacitor. Test severities and requirements specified in detail specifications referring to this document provide specific test severities and requirements of an equal or higher performance level.
The definition of power density and its calculating procedure can be found in Annex A.
This edition includes the following significant technical changes with respect to the previous edition:
a) the document has been completely restructured to comply with the ISO/IEC Directives, Part 2;
b) introduction of a new technical categorization for the test methods;
c) reorganization of the test methods have been according to these new categories;
d) revision of the tables, figures and references according to changes.

  • Standard
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 60079-5:2015/A1:2025(Amendment)
Explosive atmospheres - Part 5: Equipment protection by powder filling "q" (IEC 60079-5:2015/AMD1:2022)
EN 60079-5:2015/A1:2024

No scope available

  • Amendment
    5 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 60079-6:2016/A1:2025(Amendment)
Explosive atmospheres - Part 6: Equipment protection by liquid immersion "o" (IEC 60079-6:2015/A1:2020)
EN 60079-6:2015/A1:2024

NEXT ACTION: UNDER BT CONSULTATION SOON (finalization EN with revised Annex Z)
HAS CONSULTANT PUB ASSESSMENT BY 2020-09-24 -- non compliant assessment received
20200325: consultant assessment missing and Annex ZZ was not circulated at FV; document blocked until such a time as this can be resolved

  • Amendment
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 63044-3:2018/A1:2025(Amendment)
Home and Building Electronic Systems (HBES) and Building Automation and Control Systems (BACS) - Part 3: Electrical safety requirements (IEC 63044-3:2017/A1:2021)
EN IEC 63044-3:2018/A1:2025

NEXT ACTION: CCMC ACTION to request HAS assessment @ PUB when HAS system is operational
2022-01-17: Under discussion with the desk officer. upon the greenlight of the desk officer, it can be published.

  • Amendment
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 14908-10:2025(Main)
Open Data Communication in Building Automation, Controls and Building Management - Control Network Protocol - Part 10: Web Services for Control Networking Protocol Specification
EN 14908-10:2025

This document specifies an open and extensible standard for residential, commercial, and industrial control and automation applications using the EN 14908-1 control network protocol and related protocols (EN 14908-2 to EN 14908-9) to provision and manage IoT devices, to access and update data from the devices, and to aggregate data from diverse devices and protocols for delivery to external applications and services.
The  web services as specified in this document are implemented on a central gateway or edge server that communicates with multiple sensor, actuator, and controller edge devices using one or more edge protocols such as EN 14908-1, and also interfaces with one or more enterprise and cloud services or applications.

  • Standard
    442 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 50176:2025(Main)
Automatic electrostatic application systems for ignitable liquid coating materials - Safety requirements
EN 50176:2025

1.1   This document specifies the electrical requirements for the design of automatic electrostatic application systems for liquid coating materials which can be ignited in an atomised state, used within a temperature range from 5 °C to 40 °C.
This document considers automatic electrostatic application systems for processing ignitable liquid coating materials, where the conductivity of the complete system is limited up to 50 nS/cm. Together with additional measures like e.g. potential separation systems, these requirements can also be applied to ignitable liquid coating materials, where the conductivity of the complete system is limited up to 2 000 μS/cm.
Ignition hazards related to the generated explosive atmosphere and the protection of persons against electric shock are considered.
1.2   This document specifies
-   requirements for an interface to machinery according to EN 16985:2018,
-   additional requirements for machinery covered by EN 1953:2025 and EN 12621:2025.
1.3   This document also specifies requirements for a safe operation of electrostatic application systems, including the electrical installation. The requirements consider both the processing of coating materials and the cleaning and purge processes.
1.4   This document applies to three types of spraying systems; see 5.1.1.
Spraying systems are classified as equipment of group II, category 2G (for intended use in zone 1 or zone 2) or category 3G (for intended use in zone 2).
Only electrostatic spraying systems operating with a d.c. sinusoidal ripple of not more than 10 % of the r.m.s. value are considered.
1.5   For electrostatic application systems used in food and pharmaceutical industry, additional requirements may apply.
1.6   This document does not apply to
-   potential separation systems;
-   selection, installation and application of other electrical and non-electrical equipment in areas with explosion hazard, see EN 60079-14:2014 and EN 16985:2018;
-   quality assurance systems for electrostatic spraying equipment (see EN ISO/IEC 80079-34:2020, ZB.11).

  • Standard
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day