The PECB Certified ISO/IEC 27001 Auditor certifications are credentials for professionals needing to audit an Information Security Management System (ISMS) and, in case of the PECB Certified ISO/IEC 27001 Lead Auditor” Certification, able to manage a team of auditors.
The principal competencies and knowledge skills needed by the market are the ability to proficiently plan and perform audits compliant with the certification process of the PECB Certified ISO/IEC 27001:2013 standard and to master the audit techniques and to manage (or be part of) audit teams and audit program.
Various professions may apply for this certification:
- Auditor wanting to perform and lead an Information Security Management System (ISMS) audits as the responsible of an audit team
- Project manager or consultant wanting to master the Information Security Management System audit process
- Person responsible for the Information security or conformity in an organization
- Member of the information security team
- Expert advisor in information technology
- Technical expert wanting to prepare for an Information security audit function
The requirements for “Auditor” certifications are:
| Credential | Exam | Professional experience | MS audit/ assessment experience | Other requirements |
| ISO/IEC 27001 Provisional Auditor | PECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalent | None | None | Signing the PECB code of ethics |
| ISO/IEC 27001 Auditor | PECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalent | Two years: One year of information security work experience | Audit activities totaling 200 hours | Signing the PECB code of ethics |
| ISO/IEC 27001 Lead Auditor | PECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalent | Five years: Two years of information security work experience | Audit activities totaling 300 hours | Signing the PECB code of ethics |
For certification purposes, the following audit types constitute valid audit experience:
If an applicant doesn’t have all requirements to apply for the credentials of PECB Certified ISO/IEC 27001 Lead Auditor he/she may apply for the credentials of PECB Certified ISO/IEC 27001 Auditor or PECB Certified ISO/IEC 27001 Provisional auditor.
- Pre-assessment/pre-audit
- Gap analysis
- Internal audits
- Second party audits
- Third/external audits
- Opinion audit
To be considered valid, these audits should follow best audit practices and include most of the following activities:
- Audit planning
- Audit interview
- Managing an audit program
- Drafting audit reports
- Drafting non-conformity reports
- Drafting audit working documents
- Documentation review
- On-Site Audit
- Non-conformity follow-up actions
- Leading a team of auditors
Leave a Reply
Your email is safe with us.