The PECB Certified ISO/IEC 27001 Implementer certifications are professional certifications for specialists needing to implement an Information Security Management System (ISMS) and, in case of the PECB Certified ISO/IEC 27001 Lead Implementer Certification, needing to manage an implementation project.
PECB Certified ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements, specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in PECB Certified ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
Various professions may apply for this certification:
- Compliance project managers
- Information Security consultants
- Internal and external PECB Certified ISO/IEC 27001 auditors
- Members of an Information Security team
The requirements for “Implementer” certifications are:
| Credential | Exam | Professional experience | ISMS project experience | Other requirements |
| ISO/IEC 27001 Provisional Implementer | PECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalent | None | None | Signing the PECB code of ethics |
| ISO/IEC 27001 Implementer | PECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalent | Two years: One year of information security work experience | Project activities totalling 200 hours | Signing the PECB code of ethics |
| ISO/IEC 27001 Lead Implementer | PECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalent | Five years: Two years of information security work experience | Project activities totaling 300 hours | Signing the PECB code of ethics |
For certification purposes, the following implementation types constitute valid implementation experience:
If an applicant doesn’t have all requirements to apply for the credentials of PECB Certified ISO/IEC 27001 Lead Implementer, he/she may apply for the credentials of PECB Certified ISO/IEC 27001 Implementer or PECB Certified ISO/IEC 27001 Provisional Implementer.
- Internal implementation
- External/consulting implementation
- Partial implementation
To be considered valid, these implementation activities should follow best implementation practices and include most of the following activities:
- Drafting an ISMS implementation business case
- Managing an ISMS implementation project
- Implementing information security controls
- Managing information security controls
- Implementing metrics
- Implementing corrective or preventive action
- Performing a management review
- Performing a risk assessment
- Managing incidents
- Managing an information security team
Leave a Reply
Your email is safe with us.