A fundamental understanding of ISO/IEC 27001 and comprehensive knowledge of audit principles.
Day 1: Introduction to Information Security Management Systems (ISMS) and ISO/IEC 27001
Day 2: Audit principles, preparation and launching of an audit
Day 3: On-site audit activities
Day 4: Closing the audit
Day 5: Certification Exam
The “Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the Examination and Certification Programme (ECP). The exam covers the following competency domains:
Domain 1: Fundamental principles and concepts of Information Security Management System (ISMS)
Domain 2: Information Security Management System (ISMS)
Domain 3: Fundamental audit concepts and principles
Domain 4: Preparation of an ISO/IEC 27001 audit
Domain 5: Conducting an ISO/IEC 27001 audit
Domain 6: Closing an ISO/IEC 27001 audit
Domain 7: Managing an ISO/IEC 27001 audit program
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.
The requirements for Auditor Certifications are:
|Credential||Exam||Professional experience||ISMS audit/ assessment experience||Other requirements|
|Certified ISO/IEC 27001 Provisional Auditor||Certified ISO/IEC 27001 Lead Auditor exam or equivalent||None||None||Signing the Code of Ethics|
|Certified ISO/IEC 27001 Auditor||Certified ISO/IEC 27001 Lead Auditor exam or equivalent||Two years: One year of work experience in Information Security Management||Audit activities: a total of 200 hours||Signing the Code of Ethics|
|Certified ISO/IEC 27001 Lead Auditor||Certified ISO/IEC 27001 Lead Auditor exam or equivalent||Five years: Two years of work experience in Information Security Management||Audit activities: a total of 300 hours||Signing the Code of Ethics|
Please be informed: Certified individuals who possess the Lead Implementer and Lead Auditor credentials are qualified for a Certified Master credential. More detailed information will be provided soon.
To be considered valid, these audits should follow best audit practices and include the following activities: