Specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001 (published in South Africa as identical adoptions under the designations SANS 17021-1 and SANS 27001).