ISO 27001 lead auditor

ISO 27001 lead auditor

The ISO 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard. This certification is provided mainly by two personnal certification bodies, the International Register of Certificated Auditors (IRCA) and the Registrar Accreditation Board - Quality Society of Australasia (RABQSA International). Both organizations mutually recognize each other's certifications.

The course consists generally of four days of training and a final exam of the fifth day.

The main benefit from achieving the ISO 27001 Lead Auditor certification is the recognition that the individual can conduct process-based audits competently against ISO 27001 for clients worldwide.

The main ISO 27001 auditor certifications are as follow:

* Provisional ISMS Auditor
* ISMS Auditor
* ISMS Internal Auditor
* Lead ISMS Auditor

Provisional ISMS Auditor

The Provisional ISMS Auditor / Provisional Internal ISMS Auditor certification is for an individual who doesn't have enough experience to conduct audits. Requirements are:

* Secondary education (minimum)
* 5 years of work experience (or 4 years plus degree / near degree)
* 1 year of work experience - information security related
* Having successfully completed an ISMS foundation course and an ISMS auditor course
* No audit experience

ISMS Auditor

The ISMS Auditor certification is for an individual with substantial audit experience but no experience in leading an audit. Requirements are:

* Secondary education (minimum)
* 5 years of work experience (or 4 years plus degree / near degree)
* 2 year of work experience - information security related
* Having successfully completed an ISMS foundation course and an ISMS auditor course
* Having completed at least 4 audits for a total duration of at least 20 days.

ISMS Internal Auditor

The ISMS Internal Auditor certification is for an individual with substantial internal audit experience. Requirements are:

* Secondary education (minimum)
* 5 years of work experience (or 4 years plus degree / near degree)
* 1 year of work experience - information security related
* Having successfully completed an ISMS foundation course and an ISMS auditor course
* Having completed at least 5 audits for a total duration of at least 15 hours.

Lead ISMS Auditor

The Lead ISMS Auditor is for an individual with substantial experience in leading an audit. Requirements are:

* Secondary education (minimum)
* 5 years of work experience (or 4 years plus degree / near degree)
* 2 year of work experience - information security related
* Having successfully completed an ISMS foundation course and an ISMS auditor course
* Having completed at least 4 audits for a total duration of at least 20 days, as well as 3 audits as a lead auditor for a total duration of at least 15 days.

Other Auditors Grades

* Principal ISMS Auditor (RABQSA only)
* Business Improvement ISMS Auditor (RABQSA only)
* Principal auditor - consultant (IRCA only)
* Principal auditor - team leader (IRCA only)

List of organizations providing RABQSA or IRCA certified ISO 27001 Lead Auditor courses

* BSI Group
* Bureau Veritas
* SAI Global
* Veridion

External links

* [http://www.rabqsa.com RABQSA]
* [http://www.irca.org IRCA]
* [http://www.bsi-global.com BSI]
* [http://www.bvqi.com Bureau Veritas]
* [http://www.sai-global.com SAI Global]
* [http://www.veridion.net Veridion]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • ISO 27001 Lead Implementer — The ISO 27001 Lead Implementer certification consists of a professional certification for professionals specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard. This professional certification is… …   Wikipedia

  • Lead Auditor — The certified Lead Auditor designation is a professional certification for audit team leaders who typically work for certification bodies or perform supplier audits for large organizations. This certification is normally provided by the… …   Wikipedia

  • Information technology audit — An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization s… …   Wikipedia

  • International Register of Certificated Auditors — Based in London, the International Register of Certificated Auditors (IRCA) was formed in 1984 as part of the UK government s enterprise initiative, designed to make industry and business more competitive through the implementation of quality… …   Wikipedia

  • Seguridad de la información — Este artículo o sección necesita ser wikificado con un formato acorde a las convenciones de estilo. Por favor, edítalo para que las cumpla. Mientras tanto, no elimines este aviso. También puedes ayudar wikificando otros artículos o cambiando este …   Wikipedia Español

  • RABQSA International — Based in Milwaukee, the RABQSA is one of the leading personnel and training certification body. RABQSA was created in 2004 from the merger of United States of America based Registrar Accreditation Board (RAB) and Australia based Quality Society… …   Wikipedia

  • Information Technology Security Assessment — (IT Security Assessment) is an explicit study to locate IT security vulnerabilities and risks. BackgroundIn an assessment, the assessor should have the full cooperation of the organization being assessed. The organization grants access to its… …   Wikipedia

  • Comsec Consulting — Ltd Type private TASE: CMSC L[1][2] Industry Information Security …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”