iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

CEN ISO/IEC/TS 27006-2:2022

(Main)

Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC TS 27006-2:2021)

Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC TS 27006-2:2021)

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.
The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.
NOTE     This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

Anforderungen an Stellen, die Informationssicherheits-Managementsysteme auditieren und zertifizieren - Teil 2: Datenschutz-Managementsysteme (ISO/IEC TS 27006-2:2021)

Dieses Dokument legt Anforderungen fest und bietet Anleitung für Stellen, die Audits und Zertifizierungen von Datenschutz-Managementsystemen(PIMS) nach ISO/IEC27701 in Kombination mit ISO/IEC27001 vorneh
men, zusätzlich zu den Anforderungen nach ISO/IEC27006 und ISO/IEC27701. Es dient hauptsächlich der Unterstützung der Akkreditierung von Zertifizierungsstellen, die PIMS-Zertifizierungen durchführen.
Die Anforderungen in diesem Dokument bedürfen eines Nachweises im Hinblick auf Kompetenz und Zuver
lässigkeit von jeder Stelle, die PIMS-Zertifizierungen durchführt, und die Anleitungen in diesem Dokument erlauben die zusätzliche Interpretation dieser Anforderungen für jede Stelle, die PIMS-Zertifizierungen
führt.
ANMERKUNG Dieses Dokument kann als Kriteriendokument für die Akkreditierung, die Bewertung unter Gleichrangi
gen oder für andere Auditprozesse verwendet werden.

Exigences pour les organismes procédant à l’audit et à la certification des systèmes de management des informations de sécurité - Partie 2: Systèmes de management des informations de sécurité (ISO/IEC TS 27006-2:2021)

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.
The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.

Zahteve za organe, ki izvajajo presojanje in certificiranje sistemov upravljanja informacijske varnosti - 2. del: Sistemi za upravljanje informacij o zasebnosti (ISO/IEC/TS 27006-2:2021)

Ta dokument določa zahteve in podaja navodila za organe, ki presojajo in certificirajo sisteme upravljanja zasebnosti informacij (PIMS) v skladu s standardom ISO/IEC 27701 v kombinaciji s standardom ISO/IEC 27001, ter se uporablja kot dodatek k zahtevam, določenim v standardih ISO/IEC 27006 in ISO/IEC 27701. Namenjen je predvsem kot podpora akreditaciji certifikacijskih organov, ki izvajajo certifikacijo PIMS.
Za izpolnjevanje zahtev, ki jih vsebuje ta dokument, mora vsak organ, ki izvaja certifikacijo PIMS, izkazati kompetentnost in zanesljivost, navodila v tem dokumentu pa podajajo dodatno interpretacijo teh zahtev za vsak organ, ki izvaja certifikacijo PIMS.
OPOMBA: Ta dokument je mogoče uporabljati kot dokument z merili za akreditacijo, medsebojno ocenjevanje ali druge procese presojanja.

General Information

Status
Published
Publication Date
08-Nov-2022
ICS
03.120.20 - Product and company certification. Conformity assessment
35.030 - IT Security
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 5 - Data Protection, Privacy and Identity Management
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
09-Nov-2022
Completion Date
09-Nov-2022
Ref Project
SIST-TS CEN ISO/IEC/TS 27006-2:2023 - Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC/TS 27006-2:2021)

Relations

Revised
prEN ISO/IEC 27006-2 - Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC/DIS 27006‑2:2023)
Effective Date
18-Jan-2023

Buy Standard

TS CEN ISO/IEC/TS 27006-2:2023TS CEN ISO/IEC/TS 27006-2:2023
PreviousNext
Technical specification
TS CEN ISO/IEC/TS 27006-2:2023
English language
18 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TS CEN ISO/IEC/TS 27006-2:2023
01-januar-2023
Zahteve za organe, ki izvajajo presojanje in certificiranje sistemov upravljanja
informacijske varnosti - 2. del: Sistemi za upravljanje informacij o zasebnosti
(ISO/IEC/TS 27006-2:2021)
Requirements for bodies providing audit and certification of information security
management systems - Part 2: Privacy information management systems (ISO/IEC/TS
27006-2:2021)
Exigences pour les organismes procédant à l’audit et à la certification des systèmes de
management des informations de sécurité - Partie 2: Systèmes de management des
informations de sécurité (ISO/IEC/TS 27006-2:2021)
Ta slovenski standard je istoveten z: CEN ISO/IEC/TS 27006-2:2022
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
35.030 Informacijska varnost IT Security
SIST-TS CEN ISO/IEC/TS 27006-2:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN ISO/IEC/TS 27006-2:2023

---------------------- Page: 2 ----------------------
SIST-TS CEN ISO/IEC/TS 27006-2:2023


TECHNICAL SPECIFICATION CEN ISO/IEC/TS 27006-2

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
November 2022
ICS 35.030; 03.120.20

English version

Requirements for bodies providing audit and certification
of information security management systems - Part 2:
Privacy information management systems (ISO/IEC TS
27006-2:2021)
Exigences pour les organismes procédant à l'audit et à Anforderungen an Stellen, die Informationssicherheits-
la certification des systèmes de management des Managementsysteme auditieren und zertifizieren - Teil
informations de sécurité - Partie 2: Systèmes de 2: Datenschutz-Managementsysteme (ISO/IEC TS
management des informations de sécurité (ISO/IEC TS 27006-2:2021)
27006-2:2021)
This Technical Specification (CEN/TS) was approved by CEN on 30 October 2022 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN and CENELEC will be
requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European
Standard.

CEN and CENELEC members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the
CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in
force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.


















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2022 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. CEN ISO/IEC/TS 27006-2:2022 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST-TS CEN ISO/IEC/TS 27006-2:2023
CEN ISO/IEC/TS 27006-2:2022 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST-TS CEN ISO/IEC/TS 27006-2:2023
CEN ISO/IEC/TS 27006-2:2022 (E)
European foreword
The text of ISO/IEC TS 27006-2:2021 has been prepared by Technical Committee ISO/IEC JTC 1
"Information technology” of the International Organization for Standardization (ISO) and has been
taken over as CEN ISO/IEC/TS 27006-2:2022 by Technical Committee CEN-CENELEC/ JTC 13
“Cybersecurity and Data Protection” the secretariat of which is held by DIN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN-CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN and CENELEC websites.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Icelan
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO/IEC 27006-1:2024(Main)
Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of information security management systems - Part 1: General (ISO/IEC 27006-1:2024)
SIST EN ISO/IEC 27006-1:2024

This document specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing ISMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing ISMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Draft
    57 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27007:2022(Main)
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)
SIST EN ISO/IEC 27007:2022

ISO/IEC 27007 provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011:2011.
ISO/IEC 27007 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN ISO/IEC 27006-2(Main)
Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC/DIS 27006‑2:2023)
oSIST prEN ISO/IEC 27006-2:2023

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.
The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.
NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27006-1:2024(Main)
Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of information security management systems - Part 1: General (ISO/IEC 27006-1:2024)
SIST EN ISO/IEC 27006-1:2024

This document specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1.
The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing ISMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing ISMS certification.
NOTE       This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Draft
    57 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 27007:2022(Main)
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)
SIST EN ISO/IEC 27007:2022

ISO/IEC 27007 provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011:2011.
ISO/IEC 27007 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 419261:2015(Main)
Security requirements for trustworthy systems managing certificates and time-stamps
SIST-TS CEN/TS 419261:2015

1.1   General
This Technical Specification establishes security requirements for TWSs that can be used by a TSP in order to issue QCs and Non-Qualified Certificates (NQCs) as well as electronic time-stamps in accordance with Dir.1999/93/EC and with [Reg.910/2014/EU].
Security requirements for the Subject Device Provision Service, which includes SCDev/QSCD provision to subjects, are defined in this TS. However, requirements specific to SCDev/QSCD devices, as used by subjects of the TSP, are outside the scope of this TS. These requirements are defined as Common Criteria [CC] Protection Profiles (PP) in the EN 419211 series.
Recommendations for the cryptographic algorithms to be supported by TWSs are provided in ETSI/TS 119 312.
Although this TS is based on the use of public key cryptography, it does not require or define any particular communication protocol or format for electronic signatures, certificates, certificate revocation lists, certificate status information and time-stamp tokens. It only assumes certain types of information to be present in the certificates in accordance with Annex I of Dir.1999/93/EC and of [Reg.910/2014/EU]. Interoperability between TSP systems and subject systems is outside the scope of this document.
The use of TWSs that are already compliant to relevant security requirements of this TS should support TSPs in reducing their burden to establish conformance of their policy to ETSI TS 119 411-1, 119 411-2, and 119 421 (or equivalent ENs to be subsequently published) and in meeting the Annex I and Annex II requirements of Dir.1999/93/EC as well as the requirements from Annex I and Article 24.2 (e) of [Reg.910/2014/EU].
1.2   European Regulation-specific
The main focus of this document is on the requirements in Article 24.2 (e) of [Reg.910/2014/EU] whilst still facilitating the meeting of requirements in Dir.1999/93/EC, Annex II (f). In considering [Reg.910/2014/EU] it is important to take into account the following requirements of particular relevance to TSP trustworthy systems:
a)   Article 24.2 (f) – “use trustworthy systems to store data provided to it, in a verifiable form so that:
(i)   they are publicly available for retrieval only where the consent of the person to whom the data relates has been obtained,
(ii)   only authorised persons can make entries and changes to the stored data,
(iii)   the data can be checked for authenticity”;
b)   Article 24.2 (g) – “take appropriate measures against forgery and theft of data”;
c)   Article 24.2 (h) – “record and keep accessible for an appropriate period of time, including after the activities of the qualified trust service provider have ceased, all relevant information concerning data issued and received by the qualified trust service provider, in particular, for the purpose of providing evidence in legal proceedings and for the purpose of ensuring continuity of the service. Such recording may be done electronically”;
d)   Article 24.2 (j) – “ensure lawful processing of personal data in accordance with Directive 95/46/EC”;
e)   Article 24.2 (k) – “in case of qualified trust service providers issuing qualified certificates, establish and keep updated a certificate database”;
f)   Article 24.3 – “If a qualified trust service provider issuing qualified certificates decides to revoke a certificate, it shall register such revocation in its certificate database and publish the revocation status of the certificate in a timely manner, and in any event within 24 hours after the receipt of the request. The revocation shall become effective immediately upon its publication”;
g)   Article 24.4 – "With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them.

  • Technical specification
    56 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN ISO/IEC 27006-2(Main)
Requirements for bodies providing audit and certification of information security management systems - Part 2: Privacy information management systems (ISO/IEC/DIS 27006‑2:2023)
oSIST prEN ISO/IEC 27006-2:2023

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.
The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.
NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 16739-1:2024(Main)
Industry Foundation Classes (IFC) for data sharing in the construction and facility management industries - Part 1: Data schema (ISO 16739-1:2024)
kSIST FprEN ISO 16739-1:2024

This document represents an open international standard for information used in Building Information Modeling (BIM) that is exchanged and shared among software applications used by the various participants in the construction or facility management industry sector. This document includes definitions that cover information required for buildings and infrastructure works over their life cycle. This edition of the document added coverage of information required for infrastructure facilities including bridges, roads, railways, waterways and port facilities.
This document comprises the publication of a data schema, its documentation, the property and quantity set definitions and the mechanism of an exchange file format structure.
Definitions from this document are used to support different recognized work flows in the construction and facility management industry sector, representing information deliveries. Such information deliveries can be described according to ISO 29481.
Different implementation levels of this document can be defined to better support multiple information deliveries, they are referred to as a Model View Definition (MVD). Each MVD identifies which subset of the definitions of this document imposes requirements for implementation in software applications. Conforming software applications need to identify the model view definition they conform to when applying for software certification.
The following are within the scope of this edition of this document:
BIM exchange format definitions that are required during the life cycle phases of buildings and infrastructure:
demonstrating the need;
conception of need;
outline feasibility;
substantive feasibility study and outline financial authority;
outline conceptual design;
full conceptual design;
coordinated design;
procurement and full financial authority;
production information;
construction;
operation and maintenance.
BIM exchange format definitions that are required by the various disciplines involved within the life cycle phases:
architecture and civil engineering design;
service and utilities engineering;
structural engineering;
procurement;
construction planning;
facility and utility management;
project management;
client requirement management;
industry authorities for permits and approval.
BIM exchange format definitions including:
project structure;
physical components;
spatial components;
analysis items;
processes;
resources;
controls;
actors;
context definition.

  • Draft
    406 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17294-1:2024(Main)
Water quality - Application of inductively coupled plasma mass spectrometry (ICP-MS) - Part 1: General requirements (ISO 17294-1:2024)
kSIST FprEN ISO 17294-1:2023

This document specifies the principles of inductively coupled plasma mass spectrometry (ICP-MS) and provides general requirements for the use of this technique to determine elements in water, digests of sludges and sediments (e.g. digests of water as described in ISO 15587-1 or ISO 15587-2). Generally, the measurement is carried out in water, but gases, vapours or fine particulate matter can be introduced too. This document applies to the use of ICP-MS for aqueous solution analysis.
The ultimate determination of the elements is described in a separate International Standard for each series of elements and matrix. The individual clauses of this document refer the user to these guidelines for the basic principles of the method and the configuration of the instrument.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 22435:2024(Main)
Gas cylinders - Cylinder valves with integrated pressure regulators - Specification and type testing (ISO 22435:2024)
kSIST FprEN ISO 22435:2024

This document specifies design, type test methods, marking and instruction requirements for cylinder valves with integrated pressure regulators (VIPRs) intended to be fitted to gas cylinders, pressure drums or tubes or used as a main valve for bundles of cylinders that convey compressed, liquefied or dissolved gases.
These are requirements for VIPRs that are in addition to those given in the relevant closure standard, for example, in ISO 10297 for cylinder valves, in ISO 17871 for quick-release cylinder valves, in ISO 17879 for self-closing cylinder valves or in ISO 23826 for ball valves. For ISO 17871, these requirements are only applicable to quick-release cylinder valves types B, C, D and E.
NOTE 1        If the pressure regulating system of a VIPR is acting as the primary valve operating mechanism, it is covered by the relevant closure standard, e.g. ISO 10297, ISO 17871, ISO 17879 and ISO 23826. This also includes designs where closure of the primary valve operating mechanism of a VIPR is obtained by closing the seat of the pressure regulating system.
NOTE 2        If the primary valve operating mechanism of a VIPR is located at the low-pressure side of the pressure regulating system, it is covered by the relevant closure standard, e.g. ISO 10297, ISO 17871, ISO 17879 and ISO 23826.
NOTE 3        The term “pressure receptacle” is used within this document to cover instances where no differentiation is necessary between gas cylinders, bundles of cylinders, pressure drums and tubes.
This document does not apply to VIPRs for
a)       medical applications (see ISO 10524-3);
b)       liquefied petroleum gas (LPG);
c)        cryogenic applications.
NOTE 4        Additional requirements for a VIPR with a residual pressure device (RPD) are specified in ISO 15996.
NOTE 5        Additional requirements for pressure relief valves can exist in international/regional regulations/ standards.

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day