Abstract

This Uganda Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021_1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification. The requirements contained in this standard need to be demonstrated in terms of competence and reliability by anybody providing ISMS certification, and the guidance contained in this International Standard provides an additional interpretation of these requirements for anybody providing ISMS certification. (This standard cancels and replaces US ISO/IEC 27006:2011, Information technology __ Security techniques __ Requirements for bodies providing audit and certification of information security management systems, which has been technically revised). This standard was PUBLISHED on 2019-3-26.