The ISO/IEC 27006-1:2024 standard, "Requirements for Bodies Providing Audit and Certification of Information Security Management Systems - Part 1," was published on March 1, 2024, replacing ISO/IEC 27006:2015/AMD1:2020.
In accordance with the IAF MD 29 document, conditions for the transition have been established. TÜRKAK-accredited certification bodies providing ISO 27001 (Information Security Management System) certification services have been granted a two-year transition period from the publication date to align their operations and processes with the new standard. All certification bodies operating under this standard must complete the transition to ISO/IEC 27006-1:2024 by March 31, 2026.
Requirements for Accredited Bodies Transitioning to ISO/IEC 27006-1:2024:
Gap Analysis and Transition Planning
Certification bodies currently accredited under ISO/IEC 27006:2015/AMD1:2020 must review the new standard, perform a gap analysis, and create a transition plan to incorporate necessary changes (where applicable) into their management systems.
Documentation Submission
Accredited certification bodies must document their gap analysis and transition plan and upload them to TÜRKAK ASIST by November 30, 2024. A copy should also be emailed to their file managers.
TÜRKAK Transition Process:
The transition process will include the following evaluation stages:
Review of Gap Analysis, Plan, and Related Documents
1-Man-Day Office Audit
(If conducted alongside a surveillance or renewal audit, an additional 1 man-day will be added.)
Initial Accreditation or Scope Extension for ISO 27001:
As of November 30, 2024, applications for accreditation under the old version of the standard will no longer be accepted.
Validity of ISO/IEC 27006:2015/AMD1:2020:
The validity of ISO/IEC 27006:2015/AMD1:2020 will expire on March 31, 2026.
Certification bodies are advised to begin the transition process as soon as possible to ensure compliance and continuity in their accreditation status.
