ISO 27001 lead auditor
Encyclopedia
The ISO 27001 Lead Auditor
certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001
standard and ISO/IEC 19011. This certification is provided by training companies, some accredited and some not. Accredited means having gone through an Accreditation
process via a national accreditation body such as Professional Evaluation and Certification Board
(PECB).
The training of lead auditors normally includes a classroom and exam portion and a requirement to have performed a number of ISMS audits. Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required.
The course usually consists of 40 hours (four days) of training and a final exam of the fifth day. This certification is different from the ISO 27001 Lead Implementer
certification which is targeted for information security professionals who want to implement
the ISO 27001 standard rather than audit
it or the ISO/IEC 27005
Risk Manager certification which focuses only on the risk management portion of ISO/IEC 27001
.
The main benefit from achieving the ISO 27001 Lead Auditor certification is the recognition that the individual can be engaged by information security managers and certification bodies to perform information management system audits under their direction.
The main ISO 27001 auditor certifications normally follow these designations:
Lead Auditor
Most Publicly-traded corporations typically have an internal auditing department, led by a Chief Audit Executive , with lead internal auditors managing small teams of internal auditors for one audit engagement...
certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001
ISO/IEC 27001
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
standard and ISO/IEC 19011. This certification is provided by training companies, some accredited and some not. Accredited means having gone through an Accreditation
Accreditation
Accreditation is a process in which certification of competency, authority, or credibility is presented.Organizations that issue credentials or certify third parties against official standards are themselves formally accredited by accreditation bodies ; hence they are sometimes known as "accredited...
process via a national accreditation body such as Professional Evaluation and Certification Board
Professional Evaluation and Certification Board
Based in New York, USA the Professional Evaluation and Certification Board is an American Personnel Certification Body. Its activities are to design, develop, and deliver personnel certification services for various industries....
(PECB).
The training of lead auditors normally includes a classroom and exam portion and a requirement to have performed a number of ISMS audits. Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required.
The course usually consists of 40 hours (four days) of training and a final exam of the fifth day. This certification is different from the ISO 27001 Lead Implementer
ISO 27001 Lead Implementer
The ISO 27001 Lead Implementer certification consists of a professional certification for professionals specializing in information security management systems based on the ISO/IEC 27001 standard...
certification which is targeted for information security professionals who want to implement
Implement
Implement may refer to:* Implementation — the process for putting a design, plan or policy into effect.* A class of tools — such as farm implements or writing implements....
the ISO 27001 standard rather than audit
Audit
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, and energy conservation.- Accounting...
it or the ISO/IEC 27005
ISO/IEC 27005
ISO/IEC 27005, part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series', is an information security standard published by the International Organization for Standardization and the International Electrotechnical Commission...
Risk Manager certification which focuses only on the risk management portion of ISO/IEC 27001
ISO/IEC 27001
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
.
The main benefit from achieving the ISO 27001 Lead Auditor certification is the recognition that the individual can be engaged by information security managers and certification bodies to perform information management system audits under their direction.
The main ISO 27001 auditor certifications normally follow these designations:
- Provisional ISMS Auditor
- ISMS Auditor/Internal Auditor
- Lead ISMS Auditor
Provisional ISMS Auditor
The Provisional ISMS Auditor / Provisional Internal ISMS Auditor certification is for an individual who doesn't have enough experience to conduct audits. Requirements are:- Secondary education (minimum)
- 5 years of work experience (or 4 years plus degree / near degree)
- 1 year of work experience - information security related
- Having successfully completed an ISMS foundation course and an ISMS auditor course
- No audit experience
ISMS Auditor/Internal Auditor
The ISMS Auditor certification is for an individual with substantial audit experience but no experience in leading an audit. The ISMS Internal Auditor certification is for an individual with substantial internal audit experience. Requirements are:- Secondary education (minimum)
- 5 years of work experience (or 4 years plus degree / near degree)
- 2 year of work experience - information security related
Lead ISMS Auditor
The Lead ISMS Auditor is for an individual with substantial experience in leading an audit. Requirements are:- Secondary education (minimum)
- 5 years of work experience (or 4 years plus degree / near degree)
- 2 year of work experience - information security related
- Having successfully completed an ISMS foundation course and an ISMS auditor course
- Having completed at least 4 audits for a total duration of at least 20 days, as well as 3 audits as a lead auditor for a total duration of at least 15 days.