CAREERS
CERTIFICATE SEARCH
COTECNA GROUP WEBSITES
EN
COTECNA GROUP WEBSITES
Cotecna is a leading provider of testing, inspection
and certification services. Discover our full range of
dedicated country websites and businesses.

NEWS

HOME/NEWS/Notifications

Announcement on the Transition Arrangement for the ISO/IEC 27006-1:2024 (CNAS-CC170:2024) Certification Standard

Dear Certified Organizations,

We sincerely appreciate your trust and support in KCB Certification (Beijing) Co., Ltd. (hereinafter referred to as "KCB") and for choosing KCB to provide certification services.

The International Organization for Standardization (ISO) released ISO/IEC 27006-1:2024 — Information security, cybersecurity, and privacy protection — Requirements for bodies providing audit and certification of information security management systems — Part 1: General — in March 2024, replacing ISO/IEC 27006:2015 and its amendments. Subsequently, the International Accreditation Forum (IAF) issued the mandatory document IAF MD29:2024 — ISO/IEC 27006-1:2024 Transition Requirements (Version 1) in May 2024, specifying the transition period and requirements for IAF member accreditation and certification bodies.

To comply with IAF MD29, the China National Accreditation Service for Conformity Assessment (CNAS) implemented CNAS-CC170:2024 — Requirements for Bodies Providing Certification of Information Security Management Systems (equivalent to ISO/IEC 27006-1:2024) on September 30, 2024. Additionally, CNAS revised and released CNAS-SC170:2024 — Accreditation Scheme for Bodies Providing Certification of Information Security Management Systems (hereinafter collectively referred to as the "New Accreditation Standards"), incorporating insights from ISMS accreditation experience.

In accordance with IAF and CNAS requirements, KCB will initiate the transition to ISO/IEC 27006-1:2024 (CNAS-CC170:2024). Please take note of the following transition arrangements:

1. Transition Timeline

The transition period for ISO/IEC 27006-1:2024 (CNAS-CC170:2024) is two years from the standard’s release, ending on March 31, 2026. Certificates issued under the old standard must be transitioned to the new standard by this date.

From April 1, 2026, certificates not transitioned will be automatically invalidated, reported for withdrawal, and organizations may reapply for initial certification.

2. Transition Methods and Work Arrangements

After CNAS approves KCB’s transition review, all new ISMS certification applications will be processed under the New Accreditation Standards.

For existing certified organizations, KCB will implement the transition during their next audit (surveillance, recertification, or special audit). Note that the new standards may affect audit duration, contractual terms, audit plans, and certification fees due to revised requirements.

3. Key Notes on Transition

The updated accreditation standards do not involve changes to certification criteria (ISO/IEC 27001 remains the basis).

If an organization’s reference controls include additional national or international standards beyond ISO/IEC 27001 Annex A, these may now be referenced on the certificate.

For any questions regarding the transition, please contact KCB for support.

Sincerely,

 

KCB Certification (Beijing) Co., Ltd.

March 28, 2025

BACK TO NEWS