Iso 27006 |best|

To understand ISO/IEC 27006, one must view it as part of a "Russian Doll" set of standards:

| Stakeholder | How they use ISO/IEC 27006 | |-------------|----------------------------| | (e.g., UKAS, ANAB, DAkkS) | Assess certification bodies for ISO/IEC 27001 accreditation | | Certification bodies | Build internal competence schemes, calculate audit time, design auditor training | | ISMS auditors | Understand required knowledge (Annex A), follow audit time rules | | Organizations seeking certification | Verify that their chosen CB is accredited against ISO/IEC 27006 (not just ISO/IEC 27001) | iso 27006