Who Should Apply?
The objective of the “Certified ISO/IEC 27001 Lead Auditor” examination is to ensure that the candidate has the knowledge and the skills to audit an Information Security Management System (ISMS) based on ISO 27001 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. If you’re a consultant and/or ISO auditor in information security management looking to understand the value of an ISMS for an organisation, to certify your skills, stand out to employers/clients and maximize your earning potential, PECB’s “Certified ISO/IEC 27001 Lead Auditor” credential is the right choice for you.
Content of the Exam
Prepare for the Exam
Candidates are responsible for their own study and preparation for the exam. No specific set of courses or curriculum of study is mandatory as part of the certification process. The completion of a “Certified ISO/IEC 27001 Lead Auditor” course that being held by Fedco (one of global PECB’s partner) can significantly enhance your chance of passing a the certification examination.
Fedco’s Certified ISO 27001 Lead Auditor training + exam schedule is available ISO 27001 Lead Auditor Agenda.
Take the Exam
The exam fee is included in one package with the Certified ISO 27001 Lead Auditor training, so it is all in one fee covering training and exam. The candidates will do the exam on the fifth day from total 5 days (Certified ISO 27001 Lead Auditor).
Candidates will be required to arrive at their chosen location at least 30 minutes before the beginning of the certification exam. Candidates arriving late will not be given additional time to compensate for the late arrival and if late more than 30 minutes after the beginning will not be allowed to enter the examination room. They will also be required to remain outside the examination room and to be given an individual briefing prior to being permitted to enter the examination room and commence the examination.
All candidates will need to present to the proctor one example of photo-id issued by a national, regional or state body, along with their exam confirmation letter.
The exam consists of essay-type questions. During the examination participants may use all the provided documentation such as Certified ISO 27001 Lead Auditor material plus their own course notes but will not be permitted to use any computer, laptop or any other electronic device. The exam lasts 3 hours. Minimum passing score: 70%.
The “Certified ISO/IEC 27001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form).
Title
Title
After the Exam and Application for Certification
It may take up to 8 weeks for candidates to receive their exam results. All results are sent via email. The examination results will not include the exact grade that you had, only whether you passed or failed. In the case of a failure, the results will be accompanied with the list of domains in which you had a mark lower than the passing grade to provide guidance in preparing yourself to retake the exam.
After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Auditor, CertifiedISO/IEC 27001 Auditor or Certified ISO/IEC 27001 Lead Auditor, depending on their level of experience. The requirements for certification are explained in detail as per following:
The ISO/IEC 27001 Auditor certifications are credentials for professionals needing to audit an Information Security Management System (ISMS) and, in case of the ISO/IEC 27001 Lead Auditor” Certification, able to manage a team of auditors.
The principal competencies and knowledge skills needed by the market are the ability to proficiently plan and perform audits compliant with the certification process of the ISO/IEC 27001:2013 standard and to master the audit techniques and to manage (or be part of) audit teams and audit program.
Various professions may apply for this certification:
- Auditor wanting to perform and lead an Information Security Management System (ISMS) audits as the responsible of an audit team
- Project manager or consultant wanting to master the Information Security Management System audit process
- Person responsible for the Information security or conformity in an organization
- Member of the information security team
- Expert advisor in information technology
- Technical expert wanting to prepare for an Information security audit function
The requirements for “Auditor” certifications are:
Certification |
Exam |
Professional experience |
ISMS Audit experience |
ISMS project experience |
Other requirements |
ISO 27001 Provisional Auditor |
ISO 27001 Lead Auditor Exam |
None |
None |
None |
Signing the PECB code of ethics |
ISO 27001 Auditor |
ISO 27001 Lead Auditor Exam |
Two years |
Audit activities totalling 200 hours |
None |
Signing the PECB code of ethics |
ISO 27001 Lead Auditor |
ISO 27001 Lead Auditor Exam |
Five years |
Audit activities totalling 300 hours |
None |
Signing the PECB code of ethics |
If an applicant doesn’t have all requirements to apply for the credentials of ISO 27001 Lead Auditor he/she may apply for the credentials of ISO 27001 Auditor or ISO 27001 Provisional auditor.
For certification purposes, the following audit types constitute valid audit experience:
- Pre-assessment/pre-audit
- Gap analysis
- Internal audits
- Second party audits
- Third/external audits
- Opinion audit
To be considered valid, these audits should follow best audit practices and include most of the following activities:
- Audit planning
- Audit interview
- Managing an audit program
- Drafting audit reports
- Drafting non-conformity reports
- Drafting audit working documents
- Documentation review
- On-Site Audit
- Non-conformity follow-up actions
- Leading a team of auditors
Certification fees are included in the examination price.
A certificate will be issued to participants who successfully pass the exam and comply with all other requirements related to the selected level of credential.