ISO 27001 Lead Auditor Exam and Certification

Who Should Apply?

The objective of the “Certified ISO/IEC 27001 Lead Auditor” examination is to ensure that the candidate has the knowledge and the skills to audit an Information Security Management System (ISMS) based on ISO 27001 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. If you’re a consultant and/or ISO auditor in information security management looking to understand the value of an ISMS for an organisation, to certify your skills, stand out to employers/clients and maximize your earning potential, PECB’s “Certified ISO/IEC 27001 Lead Auditor” credential is the right choice for you.

Content of the Exam

Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can understand, interpret and illustrate the main information security concepts related to an Information Security Management System (ISMS).
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can understand, interpret and illustrate the main concepts and components of an Information Security Management System based on ISO/IEC 27001.
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can understand, interpret and apply the main concepts and principles related to an ISMS audit in the context of ISO/IEC 27001.
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can prepare appropriately an ISMS audit in the context of ISO/IEC 27001.
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can conduct efficiently an ISMS audit in the context of ISO/IEC 27001.
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor candidate can conclude an ISMS audit and conduct follow-up activities in the context of ISO/IEC 27001.
Main objective: To ensure that the ISO/IEC 27001 Lead Auditor understands how to establish and manage an ISMS audit program.

Prepare for the Exam

Candidates are responsible for their own study and preparation for the exam. No specific set of courses or curriculum of study is mandatory as part of the certification process. The completion of a “Certified ISO/IEC 27001 Lead Auditor” course that being held by Fedco (one of global PECB’s partner) can significantly enhance your chance of passing a the certification examination.

Fedco’s Certified ISO 27001 Lead Auditor training + exam schedule is available ISO 27001 Lead Auditor Agenda.

Take the Exam

The exam fee is included in one package with the Certified ISO 27001 Lead Auditor training, so it is all in one fee covering training and exam. The candidates will do the exam on the fifth day from total 5 days (Certified ISO 27001 Lead Auditor).

Candidates will be required to arrive at their chosen location at least 30 minutes before the beginning of the certification exam. Candidates arriving late will not be given additional time to compensate for the late arrival and if late more than 30 minutes after the beginning will not be allowed to enter the examination room. They will also be required to remain outside the examination room and to be given an individual briefing prior to being permitted to enter the examination room and commence the examination.

All candidates will need to present to the proctor one example of photo-id issued by a national, regional or state body, along with their exam confirmation letter.

The exam consists of essay-type questions. During the examination participants may use all the provided documentation such as Certified ISO 27001 Lead Auditor material plus their own course notes but will not be permitted to use any computer, laptop or any other electronic device. The exam lasts 3 hours. Minimum passing score: 70%.

The “Certified ISO/IEC 27001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form).

Title

Alt Text
Alt Text

Title

After the Exam and Application for Certification

It may take up to 8 weeks for candidates to receive their exam results. All results are sent via email. The examination results will not include the exact grade that you had, only whether you passed or failed. In the case of a failure, the results will be accompanied with the list of domains in which you had a mark lower than the passing grade to provide guidance in preparing yourself to retake the exam.
After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Auditor, CertifiedISO/IEC 27001 Auditor or Certified ISO/IEC 27001 Lead Auditor, depending on their level of experience. The requirements for certification are explained in detail as per following:
The ISO/IEC 27001 Auditor certifications are credentials for professionals needing to audit an Information Security Management System (ISMS) and, in case of the ISO/IEC 27001 Lead Auditor” Certification, able to manage a team of auditors.
The principal competencies and knowledge skills needed by the market are the ability to proficiently plan and perform audits compliant with the certification process of the ISO/IEC 27001:2013 standard and to master the audit techniques and to manage (or be part of) audit teams and audit program.
Various professions may apply for this certification:

  • Auditor wanting to perform and lead an Information Security Management System (ISMS) audits as the responsible of an audit team
  • Project manager or consultant wanting to master the Information Security Management System audit process
  • Person responsible for the Information security or conformity in an organization
  • Member of the information security team
  • Expert advisor in information technology
  • Technical expert wanting to prepare for an Information security audit function

The requirements for “Auditor” certifications are:

Certification

Exam

Professional experience

ISMS Audit experience

ISMS project experience

Other requirements

ISO 27001 Provisional Auditor

ISO 27001 Lead Auditor Exam

None

None

None

Signing the PECB code of ethics

ISO 27001 Auditor

ISO 27001 Lead Auditor Exam

Two years
One year of information security work experience

Audit activities totalling 200 hours

None

Signing the PECB code of ethics

ISO 27001 Lead Auditor

ISO 27001  Lead Auditor Exam

Five years
Two years of information security work experience

Audit activities totalling 300 hours

None

Signing the PECB code of ethics

If an applicant doesn’t have all requirements to apply for the credentials of ISO 27001 Lead Auditor he/she may apply for the credentials of ISO 27001 Auditor or ISO 27001 Provisional auditor.
For certification purposes, the following audit types constitute valid audit experience: 

  1. Pre-assessment/pre-audit
  2. Gap analysis
  3. Internal audits
  4. Second party audits
  5. Third/external audits
  6. Opinion audit 

To be considered valid, these audits should follow best audit practices and include most of the following activities:

  1. Audit planning
  2. Audit interview
  3. Managing an audit program
  4. Drafting audit reports
  5. Drafting non-conformity reports
  6. Drafting audit working documents
  7. Documentation review
  8. On-Site Audit
  9. Non-conformity follow-up actions
  10. Leading a team of auditors

Certification fees are included in the examination price.
A certificate will be issued to participants who successfully pass the exam and comply with all other requirements related to the selected level of credential.