除了ISO/IEC 17021-1和ISO/IEC 27001中包含的要求外，ISO/IEC 27006:2015还规定了信息安全管理系统（ISMS）审计和认证机构的要求并提供了指导。它主要用于支持提供ISMS认证的认证机构的认证。 本国际标准中包含的要求需要由提供ISMS认证的任何机构在能力和可靠性方面进行证明，本国际标准所包含的指南为提供ISMS证书的任何机构提供了对这些要求的额外解释。 注:本国际标准可用作认证、同行评估或其他审计过程的标准文件。

ISO/IEC 27006:2015 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021‑1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification. The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification. NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.