ISO/IEC 27558 — Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of privacy information management systems according to ISO/IEC 27701 in combination with ISO/IEC 27001 [DRAFT]
This standard will concern accreditation of certification bodies providing Privacy Information Management System certification, and will support other assessment and audit activities relating to PIMS.
Scope of the standard
This standard will specify requirements and provide guidance for bodies providing audit and certification of a PIMS against ISO/IEC 27701, supplementing ISO/IEC 27001 and ISO/IEC 27006. It is primarily for formal accreditation of PIMS certification bodies, but can also be used for peer assessment or other audit processes such as internal audits.
Content of the standard
Most sections will confirm the requirements of the corresponding section of ISO/IEC 27006, with additional notes relevant to PIMS audits as appropriate e.g. the additional audit time anticipated for PIMS auditing as a proportion of that needed for ISMS certification audits.
The project started in 2019.
It is currently at Working Draft stage.
The standard may be renumbered as ISO/IEC 27006-2.
In the absence of formal guidance from the ISO27k standards, some certification bodies have responded to market demand for PIMS certification by developing proprietary (non-accredited) PIMS auditing and certification practices along similar lines to those for ISO/IEC 27001 and other management systems standards. ISO/IEC JTC 1/SC 27 has responded by attempting to fast-track this standard providing interim guidance, in the hope of maintaining global alignment, integrity and equivalence of the accredited certification processes.
< Previous standard ^ Up a level ^ Next standard >