Monday, 25 May 2020

ISO 27001 implementation - INFORMATION SECURITY MANAGEMENT SYSTEM


ISO 27001 - Information  security Management System

The ISO 27001  certification consists of a professional certification for QMS team specializing in information security management systems (ISMS) based on the ISO27001 standard and ISO19001

The training of lead auditors normally includes a classroom/online training and exam portion and a requirement to have performed a number of ISO/IEC 27001 audits and a number of years of information security experience. 


The training course is provided by any organisation wishing to deliver the training. Some ISO27001 Lead Auditor training courses are formally accredited by training accreditation bodies.

Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required. The specific requirements to obtain a certificate stating the qualification of "ISO27001 Lead Auditor" vary depending on the organisation issuing the certificate.


The course usually consists of around forty hours (four days) of training and a final exam on the fifth day. This certification is different from the ISO 27001 Lead Implementer certification which is targeted for information security professionals who want to implement the ISO/IEC 27001 standard rather than audit it. Most of the five-day ISO27001 Lead Auditor courses require some prerequisite knowledge of ISO27001 but the content of the courses vary considerably.VQMS Pvt Ltd


If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006.

The main benefit from achieving the ISO 27001 Lead Auditor certification is the recognition that the individual has some skills in the topic.

The main ISO/IEC 27001 auditor certifications normally follow these designations:

  • Provisional ISMS Auditor
  • ISMS Auditor/Internal Auditor
  • Lead ISMS Auditor

11 comments: