EN IS0/IEC 27706 EUROPEANSTANDARD NORMEEUROPEENNE EUROPAISCHENORM October2025 ICS 03.120.20; 35.030 Supersedes CENIS0/IEC/TS 27006-2:2022 English version Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of privacy information management systems (IsO/IEC 27706:2025) Sécurité de I'information, cybersécurité et protection Anforderungen an Stellen,die Informationssicherheits dela vie privée- Exigences pour les organismes Managementsysteme auditieren und zertifizieren procedant a I'audit et a la certification des systemes de (ISO/IEC 27706:2025) managementde la protection dela vie privee (ISo/IEC 27706:2025) This European Standard was approved by CEN on 22 March 2025. CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to anyCENand CENELECmember. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centrehasthesamestatusasthe officialversions CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkiyeand United Kingdom. cen CENELEC CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2025 CEN/CENELEC All rights of exploitation in any formand by anymeans Ref.No.EN IS0/IEC 27706:2025 E reserved worldwide for CEN national Members and for CENELEC Members. ENIS0/IEC27706:2025 (E) Contents Page European foreword. 2 ENIS0/IEC27706:2025 (E) European foreword This document (EN IS0/IEC 27706:2025) has been prepared by Technical Committee IS0/IEC JTC 1 "Information technology"in collaboration with Technical Committee CEN-CENELEC/ JTC 13 "Cybersecurity and Data Protection" the secretariat of which is held by DIN. This European Standard shall begiven the status of a national standard, either by publication of an identical text or by endorsement, at the latest by April 2026, and conflicting national standards shall be withdrawn at the latest by April 2026. Attention is drawn to the possibility that some of the elements of this document may be the subject of ThisdocumentsupersedesCENIS0/IEC/TS27006-2:2022. Any feedback and questions on this document should be directed to the users' national standards body/national committee.Acomplete listingof thesebodies can be found on the CENand CENELEC websites. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkiye and the United Kingdom. Endorsement notice Thetext ofIS0/IEC27706:2025hasbeen approved by CEN-CENELECas ENIS0/IEC27706:2025 without any modification. 3 IEC International ISo Standard ISO/IEC 27706 First edition Information security, cybersecurity 2025-10 and privacy protection : Requirements for bodies providing audit and certification of privacy information management systems Sécurite de I'information, cybersecurite et protection de la vie privee-Exigences pour les organismes procedanta I'audit et a la certification des system