GB/T 25067-2020 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
On the basis of GB/T27021.1-2017 and GB/T22080-2016, this standard specifies the requirements and provides guidelines for organizations implementing ISMS audit and certification. The main purpose of this standard is to provide support for the accreditation of ISMS certification bodies. Any organization providing ISMS certification needs to demonstrate that it meets the requirements of this standard in terms of competence and reliability. Guidance in this standard provides further explanation of these requirements. Note: This standard can be used as a normative document for accreditation, peer review or other review processes.
GB/T 25067-2020 Referenced Document
GB/T 22080 Information technology.Security techniques.Information security management systems.Requirements
GB/T 22080-2016 Information technology.Security techniques.Information security management systems.Requirements
GB/T 27021 Conformity assessment.Requirements for bodies providing audit and certification of management systems
ISO 19011 Guidelines for auditing management systems
ISO/IEC 27000 Information technology — Security techniques — Information security management systems — Overview and vocabulary
GB/T 25067-2020 history
2020GB/T 25067-2020 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
2016GB/T 25067-2016 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
2010GB/T 25067-2010 Information technology.Security techniques.Requirements for bodies providing audit and certification of information security management system