IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

Similar documents
IAF Informative Document. Information on the Transition of Management System Accreditation to ISO/IEC :2015 from ISO/IEC 17021:2011

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems

IAF Information Document (draft)

Part 5: Requirements for ABs FOOD SAFETY SYSTEM CERTIFICATION Part V: Requirements for Accreditation Bodies

ISO/IEC INTERNATIONAL STANDARD

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF FOOD SAFETY MANAGEMENT SYSTEMS

SANAS TECHNICAL REQUIREMENT FOR THE APPLICATION OF ISO/IEC IN THE FIELD OF FUSION WELDING METALLIC MATERIALS

Governmental acceptance supported by accredited certification. Presentation to the GLOBALG.A.P SUMMIT 2012

Inter American Accreditation Cooperation. IAAC, IAF and ILAC Resolutions Applicable to IAAC MLA Peer Evaluations

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment Requirements for bodies certifying products, processes and services

PRESENTATION OVERVIEW

The International Laboratory Accreditation Cooperation (ILAC) & The International Accreditation Forum (IAF)

Base Standard Program ISO Medical Device CB Application for Accreditation

ISO/IEC INTERNATIONAL STANDARD

IAF Guidance on the Application of ISO / IEC Guide 65:1996

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment Supplier's declaration of conformity Part 1: General requirements

IPC Certification Scheme IPC QMS/EMS Auditors

Base Standard Program ISO Trustworthy Digital Repositories MS CB Application for Accreditation

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

Accreditation Criteria For Conformity Assessment Bodies

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

IPC Certification Scheme IPC Management Systems Auditors

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

EUROPEAN ACCREDITATION LEGAL FRAMEWORK

Base Standard Program ISO Anti-Bribery Management Systems CB Application for Accreditation

List of EA Publications. And International. Documents

ISO 9001 Auditing Practices Group Guidance on:

S. Scholz / K. Meyer / J.E. Nielsen / Harald Drück/J.Fernández/E.Prado/L.Nelson Page 1 of 7

Inter American Accreditation Cooperation. IAAC Transition from ISO/IEC 17011:2004 to ISO/IEC 17011:2017

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

IAF Guidance on the Application of ISO/IEC Guide 62:1996

CNAS-RC01. Rules for Accreditation of Certification Bodies

Accreditation programme for management systems certification bodies NAR IRT Edition 2

EA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits

List of EA Publications. Documents

P004 Assessor qualifications and monitoring assessor and technical expert competences

ISO : Competence Requirements Clause 7

eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status

ISO/IEC INTERNATIONAL STANDARD. General requirements for the competence of testing and calibration laboratories

KENYA ACCREDITATION SERVICE

Requirements for Certification Bodies operating Certification against the PEFC International Chain of Custody Standard

International Accreditation Forum, Inc. User Advisory Committee UAC

Global Wind Organisation CRITERIA S FOR THE CERTIFICATION BODY

Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC :2011

ISO/IEC Information technology Security techniques Code of practice for information security controls

International Accreditation Forum, Inc. APPLICATION FOR MEMBERSHIP IN IAF

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

OIML-CS PD-08 Edition 1

CERTIFICATION SCHEME

Accreditation process (LA-I-02)

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

ISO/IEC TS Conformity assessment Guidelines for determining the duration of management system certification audits

INTERNATIONAL STANDARD

Minimum Scheme Requirements to Certify Criminal Justice Restraints Described

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:

List of EA Publications. And International. Documents

National Accreditation Board for Certification Bodies

IECEE. IEC-ILAC-IAF Tripartite MoU CB-FCS Scheme and Market Control INTERNATIONAL ELECTROTECHNICAL COMMISSION

Introduction to UKAS Accreditation Fire Scene Development Programme. David Compton November 2017

ILAC The International Laboratory Accreditation Cooperation IAF The International Accreditation Forum Latest developments

Better Regulatory Outcomes & the CASCO Toolbox

ACCREDITATION CRITERIA FOR MANAGEMENT SYSTEM CERTIFICATION BODIES ISSUE NO : 01 ISSUE DATE : 17/01/2015 PREFACE

PEFC N 04 Requirements for certification bodies and accreditation bodies

ISO/IEC Conformity assessment Fundamentals of product certification and guidelines for product certification schemes

South African Forestry Assurance Scheme SAFAS 6:2018. Certification and Accreditation Procedures. Issue SAFAS Council SAFAS

Information technology Service management. Part 10: Concepts and vocabulary

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN ORGANIC AGRICULTURAL PRODUCTION AND PROCESSING. Approved By:

Benefits of Accreditation and Conformity Assessment for Business

ISO/IEC INTERNATIONAL STANDARD

Information technology Security techniques Guidance on the integrated implementation of ISO/IEC and ISO/IEC

QMS/EMS CB Accreditation Criteria

Discontinuing the Metallic Handcuffs Compliance Testing Program and Request for

Accreditation: Assuring Competence

Software engineering Guidelines for the application of ISO 9001:2008 to computer software

DAkkS Who we are. Attesting competence, Assuring quality, Creating confidence.

This document is a preview generated by EVS

Information technology Process assessment Process measurement framework for assessment of process capability

Information technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL

Accreditation Body Evaluation Procedure for AASHTO R18 Accreditation

PROTERRA CERTIFICATION PROTOCOL V2.2

The Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment

Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY

REFERENCE TO AND USE OF ENAO ACCREDITATION SYMBOLS

IEC System for Certification to Standards relating to Equipment for use in Renewable Energy applications (IECRE System)

ISO/IEC 17011:2017 TRANSITION PLAN

IMPLEMENTATION COURSE (MODULE 1) (ISO 9001:2008 AVAILABLE ON REQUEST)

EA Document for Recognition of Verifiers under the EU ETS Directive

IAF Multilateral Recognition

Information technology IT asset management Overview and vocabulary

UKAS accredited Certification Bodies

ISO/IEC 17065:2012 VERTICAL/FILE REVIEW ASSESSMENT

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment Supplier's declaration of conformity Part 2: Supporting documentation

ISO/IEC INTERNATIONAL STANDARD

Protocol on the Mutual Acceptance of the Results of Conformity Assessment

Scheme Document SD 003

CNAS-RC02. Rules for Sanctions against the Accreditation of Certification Bodies

Transcription:

IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001) (IAF MD 13:2015)

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 2 of 8 The (IAF) facilitates trade and supports regulators by operating a worldwide mutual recognition arrangement among Accreditation Bodies (ABs) in order that the results issued by Conformity Assessment Bodies (CABs) accredited by IAF members are accepted globally. Accreditation reduces risk for business and its customers by assuring that accredited Conformity Assessment Bodies (CABs) are competent to carry out the work they undertake within their scope of accreditation. Accreditation Bodies (ABs) that are members of IAF and the CABs they accredit are required to comply with appropriate international standards and the applicable IAF application documents for the consistent application of those standards. ABs that are signatories to the IAF Multilateral Recognition Arrangement (MLA) are evaluated regularly by an appointed team of peers to provide confidence in the operation of their accreditation programs. The structure and scope of the IAF MLA is detailed in IAF PR 4 - Structure of IAF MLA and Endorsed Normative Documents. The IAF MLA is structured in five levels: Level 1 specifies mandatory criteria that apply to all ABs, ISO/IEC 17011. The combination of a Level 2 activity(ies) and the corresponding Level 3 normative document(s) is called the main scope of the MLA, and the combination of Level 4 (if applicable) and Level 5 relevant normative documents is called a sub-scope of the MLA. Main scope of the MLA includes activities e.g. product certification and associated mandatory documents e.g. ISO/IEC Guide 65. The attestations made by CABs at the main scope level are considered to be equally reliable. Sub scope of the MLA includes conformity assessment requirements e.g. ISO 9001 and scheme specific requirements, where applicable, e.g. ISO TS 22003. The attestations made by CABs at the sub scope level are considered to be equivalent. The IAF MLA delivers the confidence needed for market acceptance of conformity assessment outcomes. An attestation issued, within the scope of the IAF MLA, by a body that is accredited by an IAF MLA signatory AB can be recognized worldwide, thereby facilitating international trade. Issue No 1, Version 2 Prepared by: IAF Technical Committee Approved by: IAF Members Date: 28 February 2014 Issue Date: 19 January 2015 Application Date: 26 May 2015 Name for Enquiries: Elva Nilsen, IAF Corporate Secretary Contact: Phone: +1 613 454-8159 Email: secretary@iaf.nu

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 3 of 8 INTRODUCTION TO IAF MANDATORY DOCUMENTS The term should is used in this document to indicate recognised means of meeting the requirements of the standard. An Accreditation Body (AB) can meet these in an equivalent way. The term shall is used in this document to indicate those provisions which, reflecting the requirements of the relevant standard, are mandatory.

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 4 of 8 TABLE OF CONTENTS 1. SCOPE 5 2. NORMATIVE REFERENCES 5 3. TERMS AND DEFINITIONS 5 4. KNOWLEDGE REQUIREMENTS 6 ANNEX A (Normative) Required Knowledge for Accreditation Body Personnel Involved in the Accreditation of ISMS Certification Bodies 7

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 5 of 8 1. SCOPE This document defines the specific knowledge requirements for personnel involved in the accreditation of Certification Bodies that provide audit and certification of information security management systems (ISMS) to ISO/IEC 27001. The objective of this document is to enable Accreditation Bodies to harmonize their application of Clause 6.2.1 of ISO/IEC 17011:2004 for the accreditation of bodies providing audit and certification to ISO/IEC 27001. 2. NORMATIVE REFERENCES For the purposes of this document, the normative references given in ISO/IEC 17011 and the following apply. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 17011:2004 Conformity Assessment - General requirements for accreditation bodies accrediting conformity assessment bodies. ISO/IEC 17021 1:2014 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 1: Requirements ISO/IEC 27006:2011 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems ISO/IEC 27001:2013 Information technology Security techniques Information security management systems Requirements ISO/IEC 27000:2014 Information technology Security techniques Information security management systems Overview and vocabulary ISO/IEC 27007:2011 Information technology Security techniques Guidelines for information security management systems auditing ISO/IEC TR 27008:2011 Information technology Security techniques Guidelines for auditors on information security controls 3. TERMS AND DEFINITIONS For the purpose of this document, the terms and definitions given in ISO/IEC 17011 and ISO/IEC 27000 apply.

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 6 of 8 4. KNOWLEDGE REQUIREMENTS 4.1 ISO/IEC 17011 Clause 6.2.1 (a) requires Accreditation Bodies to describe for each activity involved in the accreditation process the competencies required. Normative Annex A specifies the areas of knowledge that the Accreditation Body shall define for specific functions for the accreditation of bodies providing auditing and certification of ISMS. The knowledge requirements detailed in this annex are complementary to the basic skills and knowledge required for each function within an Accreditation Body. This document recognizes that the IAF is in the process of defining basic skills and knowledge required for Accreditation Body assessors. 4.2 Generally, each assessor involved in ISMS assessment shall have a level of the knowledge described in A1 to A5 in Annex A. The knowledge in A6 and A7 can be held within the team as a whole. 4.3 When a group reviews assessment reports and makes accreditation decisions, the knowledge required is to be held within the group as a whole and not by each individual member of the group. 4.4 Personnel involved in scheme management shall have the knowledge of ISO/IEC 17021. If the personnel do not have other knowledge described in Annex A, the Accreditation Body shall ensure the access to necessary knowledge. 4.5 CAB s client process and operation associated with ISMS cover: - typical business activities related to the technical area (see ISO/IEC 17021:2011, clause 7.1.2); - information and communication technology specific to the technical area; - information security technologies and practices specific to the technical area, especially identification of information security related threats and vulnerabilities and related mitigations and controls; - related legal requirements. Legal requirements identified here are those regulations that the organisation that is the subject of the witness would be expected to comply with either for the information security field or country/state/province within which they operate. End of IAF Mandatory Document - Knowledge Requirements for Accreditation Body Personnel for Information Security Management Systems (ISO/IEC 27001).

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 7 of 8 ANNEX A (Normative) Required Knowledge for Accreditation Body Personnel Involved in the Accreditation of ISMS Certification Bodies The following table specifies the areas of knowledge that an Accreditation Body shall define for specific accreditation activities in the accreditation of an ISMS Certification Body. X means the Accreditation Body personnel shall have a general knowledge of the subject. X+ indicates the Accreditation Body personnel shall have a deeper level of the knowledge of the subject. Subject Accreditation Functions A1.ISMS related terminology and principles including ISO/IEC 27000 A2. Audit techniques included in ISO/IEC 27007 and ISO/IEC TR 27008 A3. ISO/IEC 17021 and ISO/IEC 27006 Document Review (as part of the assessment) Office Assessment Witness assessment Reviewing assessment reports and making accreditation decisions Scheme management X X X X X X X X+ X+ X X X A4. ISO/IEC 27001 X X+ X+ X A5. General legal and regulatory requirements related to ISMSs. A6. Generic ISMS related technology including - information security technologies and practices - information and communication technology - risk assessment and risk management X X X+ X X X X X

Issue 1 IAF MD - Knowledge Requirements for Accreditation Body Personnel Page 8 of 8 A7. CAB s client process and operation associated with ISMS X Further Information For further Information on this document or other IAF documents, contact any member of IAF or the IAF Secretariat. For contact details of members of IAF see - IAF Web Site - <http://www.iaf.nu> Secretariat: IAF Corporate Secretary Telephone + 1 613 454-8159 Email: secretary@iaf.nu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback