GB/T 25067-2020 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems

Scope: On the basis of GB/T27021.1-2017 and GB/T22080-2016, this standard specifies the requirements and provides guidelines for organizations implementing ISMS audit and certification. The main purpose of this standard is to provide support for the accreditation of ISMS certification bodies. Any organization providing ISMS certification needs to demonstrate that it meets the requirements of this standard in terms of competence and reliability. Guidance in this standard provides further explanation of these requirements. Note: This standard can be used as a normative document for accreditation, peer review or other review processes.

GB/T 22080 Information technology.Security techniques.Information security management systems.Requirements
GB/T 22080-2016 Information technology.Security techniques.Information security management systems.Requirements
GB/T 27021 Conformity assessment.Requirements for bodies providing audit and certification of management systems
ISO 19011 Guidelines for auditing management systems
ISO/IEC 27000 Information technology — Security techniques — Information security management systems — Overview and vocabulary

2020 GB/T 25067-2020 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
2016 GB/T 25067-2016 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
2010 GB/T 25067-2010 Information technology.Security techniques.Requirements for bodies providing audit and certification of information security management system

GB/T 25067-2020Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems