Jump to content

ISO/IEC 27001 Lead Auditor

From Wikipedia, the free encyclopedia

The ISO/IEC 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO 19011.

The training of lead auditors normally includes a classroom/online training and exam portion and a requirement to have performed a number of ISO/IEC 27001 audits and a number of years of information security experience. The training course is provided by any organisation wishing to deliver the training. Some certification bodies offer ISO/IEC 27001 Lead Auditor training courses such as BEHAVIOUR,[1] TRECCERT,[2] IRCA and PECB. Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required. The specific requirements to obtain a certificate stating the qualification of "ISO/IEC 27001 Lead Auditor" vary depending on the organisation issuing the certificate. Usually, all these programs are accredited or are in compliance with the ISO/IEC 17024 standard.

The course usually consists of around forty hours (four days) of training and a final exam on the fifth day. This certification is different from the ISO/IEC 27001 Lead Implementer certification which is targeted for information security professionals who want to implement the ISO/IEC 27001 standard rather than audit it. Most of the five-day ISO/IEC 27001 Lead Auditor courses require some prerequisite knowledge of ISO/IEC 27001 but the content of the courses may vary, depending on the certification body.

A management systems certification body (or, MSCB) usually requires that the ISO/IEC 27001 auditors hold this type of certification. To issue ISO/IEC 27001 certificates to organisations, a management systems certification body shall be accredited, usually by an National Accreditation Body (or, NAB) by complying with ISO/IEC 17021-1 and ISO/IEC 27006.

The professionals that hold the ISO/IEC 27001 Lead Auditor certification, have the required knowledge and expertise to conduct and lead ISO/IEC 27001 internal and external audits, either, as part of consultancy services or as management systems certification body auditors.

The main benefit from achieving the ISO/IEC 27001 Lead Auditor certification is the recognition that the individual has the required skills in information security, the ISO/IEC 27001 standard, and the audit methods and techniques based on ISO 19011.

The main ISO/IEC 27001 auditor certifications normally follow these designations:

  • Provisional ISMS Auditor or Associate ISMS Auditor
  • ISMS Auditor/Internal Auditor
  • Lead ISMS Auditor


External links[edit]