The new version of ISO/IEC 27006 replaces ISO/IEC 27006-2015
MSECB, a leading accredited provider of audit and certification services, is transitioning to the new ISO/IEC 27006-1:2024 standard – the updated accreditation requirements for bodies that audit and certify information security management systems (ISMS).
The new version of ISO/IEC 27006 replaces ISO/IEC 27006-2015 and all certification bodies accredited under the previous version are required to complete their transition to the 2024 version within a period of 2 years (24 months) from the publication date, as defined by the International Accreditation Forum (IAF) and our accreditation bodies.
Although the standard applies directly to MSECB as the certification body rather than to certified organizations, some of the updates will affect also how the certification audit and documentation of our ISO/IEC 27001 clients are managed. Certified clients may notice procedural updates designed to align with ISO/IEC 27006-1:2024 requirements, including:
- Enhanced audit reporting for remote audits, now including a statement on the extent and effectiveness of remote audits methods.
- New provisions for fully remote organizations (with few or no physical sites), requiring both audit reports and certification documents to indicate when client activities are conducted entirely remotely.
- Updated audit time calculation methods, introducing the concept of individuals performing identical activities and clarifying how to determine the initial number of people for audit planning.
- Clearer guidance and approaches for multi-site audit time calculation and new guidance on audit time for scope extension.
If your organization holds an ISO/IEC 27001 certificate issued MSECB, no immediate action is required. Our team will communicate any updates related to audit duration, reporting or certificate as the transition progresses and as your next annual surveillance audit approaches. We are committed to ensuring a smooth transition with minimal impact on your certification process while maintaining the highest standards of quality, impartiality, and trust.
About MSECB
MSECB is specialized in the certification of management systems on a wide range of international standards. As a global provider of audit and certification services, MSECB offers expertise in multiple fields, with a focus on Information Security and Privacy; Quality, HSE, and Sustainability; and Corporate Governance and Resilience.
MSECB has earned an international reputation for integrity, value, and best practice by providing this assurance through the evaluation and certification of organizations with rigorous, internationally recognized competence requirements. Our mission is to provide prompt audit and certification services with integrity and excellent customer service that adds value and gives global recognition to our clients. For more information, visit our website: www.msecb.com.
Latest News Releases
The Rron Islami Awards Honoring Outstanding Auditors of 2024
MSECB Achieves IAS Accreditation for ISO/IEC 42001 Certification
