ISO/IEC 27001 Lead Auditor
The ISO/IEC 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO/IEC 19011. This certification is provided by accredited certification bodies or unaccredited ones. Accredited means having gone through an accreditation process via a national accreditation body such as American National Standards Institute.
The training of lead auditors normally includes a classroom and exam portion and a requirement to have performed a number of ISO/IEC 27001 audits. Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required. If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006.
The course usually consists of around forty hours (four days) of training and a final exam of the fifth day. This certification is different from the ISO/IEC 27001 Lead Implementer certification which is targeted for information security professionals who want to implement the ISO/IEC 27001 standard rather than audit it, or the ISO/IEC 27005 Risk Manager certification which focuses only on the risk management portion of ISO/IEC 27001.
The main benefit from achieving the ISO/IEC 27001 Lead Auditor certification is the recognition that the individual can be engaged by certification bodies to perform information management system audits under their direction and management system.
The main ISO/IEC 27001 auditor certifications normally follow these designations:
- Provisional ISMS Auditor
- ISMS Auditor/Internal Auditor
- Lead ISMS Auditor