What is ISO 270062 about?
ISO 270062 is the second part of the information security management system multi-series. ISO 270062 is an accreditation standard that guides certification bodies (CBs). ISO 270062 is intended to support the accreditation of certification bodies providing privacy information management systems (PIMS) certification.
ISO 270062 walks you through the formal processes to be followed when auditing your clients’ Privacy Information Management Systems (PIMS) against BS ISO/IEC 27701 and BS ISO/IEC 27001; in order to certify or register them compliant. The accreditation processes laid out in ISO 27006-2 will give assurance that the BS ISO/IEC 27701 certificates issued by accredited organizations are valid and meaningful.
NOTE: This document can be used as a criteria document for accreditation, peer assessment or other audit processes.
Who is ISO 270062 for?
ISO 270062 on information security management system is applicable to:
- Accreditation bodies
- Certification bodies
Why should you use ISO 270062?
Consumers’ privacy is of utmost importance where sensitive data is involved. Auditors assessing their clients’ compliance need accreditation. As a certification body, you want your certificates to be valid and meaningful. ISO 270062 guides you to be thorough in the accreditation process.
ISO 270062 contains the requirements to be considered competent and reliable auditor. ISO 270062 also discusses the auditors’ qualification criteria, and elaborates on how they should perform the audit.
ISO 270062 also helps in decision-making for the management while making the audit report. These audit reports are designed to guide the clients to improve their security policies, procedures, controls, and practices.