The ISMS certification bodies of information security management systems (ISO/IEC 27001) are accredited in accordance with the requirements of ELOT EN ISO/IEC 17021-1:2015 and ISO/IEC 27006.
From 27 March 2020 the revised version ISO/IEC 27006:2015/Amd1:2020 is available. It is noted that six paragraphs of the corresponding 2015 version are amended in the new 2020 version.
IAF decision, dated 27 July 2020, “Transition Treatment for ISO/IEC 27006:2015 AMD 1:2020” is available on the https://www.iaf.nu/articles/ ISO_IEC_27006_2015_AMD_1_2020_Transitional_Arrangement_/661. According to this decision, deadline for transition to ISO/IEC 27006:2015 AMD 1:2020 is 31.03.2022. Moreover, the transitional assessments will be carried out at the certification bodies offices during their annual surveillances. ESYD, as a full member of the EA and the IAF, adopts the above IAF decision and decides the following schedule of actions for the transition of ISMS accredited certification bodies:
1. Deadline of transition to ISO/IEC 27006:2015 AMD 1:2020 is 31.03.2022.
2. From now on, initial assessments shall be carried out in accordance with ISO/IEC 27006:2015 AMD 1:2020 and ELOT EN ISO/IEC 17021-1:2015.
3. Accredited certification bodies shall send the following documentation to ESYD until 31.12.2020 at the latest:
(a) Application for extension of accreditation.
(b) Analysis of changes and identification of the measures necessary to adapt the certification process.
(c) Information about the training of auditors and decision-makers.
(d) Updated documents and procedures relating to ISO/IEC 27001 certification.
Certification bodies operating abroad should also communicate the relevant documentation to the ESYD.
4. Transitional assessments shall be carried out in the context of the annual surveillance assessments, provided that CABs submit to ESYD the documentation referred to in subparagraph 3 above, prior to assessment date.