GB/T 25067-2010 Information technology.Security techniques.Requirements for bodies providing audit and certification of information security management system
This standard sets out requirements and provides guidelines for organizations implementing information security management system audit and certification, as a supplement to the requirements of GB/T 27021-2007 and GB/T 22080-2008. The main purpose of developing this standard is to provide support for the accreditation of certification bodies implementing ISMS certification. Any organization providing ISMS certification needs to demonstrate that it meets the requirements of this standard in terms of competence and reliability. The guiding clauses of this standard provide further clarification on these requirements.
GB/T 25067-2010 Referenced Document
GB/T 19011 Guidelines for auditing management systems*, 2021-08-20 Update
GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements
GB/T 27021-2007 Conformity assessment.Requirements for bodies providing audit and certification of management systems
GB/T 25067-2010 history
2020GB/T 25067-2020 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
2016GB/T 25067-2016 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems
2010GB/T 25067-2010 Information technology.Security techniques.Requirements for bodies providing audit and certification of information security management system