ISO 9001 Lead Auditor training program

courtesy: ISO 9001 Lead Auditor training program

Most publicly traded corporations typically have an internal auditing department, led by a chief audit executive (“CAE”), with lead internal auditors managing small teams of internal auditors for one audit engagement. Lead auditor is a position between senior auditor and head of division.

In public accounting firms, a lead auditor for an audit engagement is usually chosen from among the senior auditors.

The ISO/IEC 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO/IEC 19011.

The training of lead auditors normally includes a classroom/online training and exam portion and a requirement to have performed a number of ISO/IEC 27001 audits and a number of years of information security experience. The training course is provided by any organisation wishing to deliver the training. Some ISO27001 Lead Auditor training courses are formally accredited by training accreditation bodies such as IRCA and PECB. Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required. The specific requirements to obtain a certificate stating the qualification of “ISO27001 Lead Auditor” vary depending on the organisation issuing the certificate.

The course usually consists of around forty hours (four days) of training and a final exam on the fifth day. This certification is different from the ISO/IEC 27001 Lead Implementer certification which is targeted for information security professionals who want to implement the ISO/IEC 27001 standard rather than audit it. Most of the five-day ISO27001 Lead Auditor courses require some prerequisite knowledge of ISO27001 but the content of the courses vary considerably.

If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006.

The main benefit from achieving the ISO/IEC 27001 Lead Auditor certification is the recognition that the individual has some skills in the topic.

The main ISO/IEC 27001 auditor certifications normally follow these designations:

  • Provisional ISMS Auditor
  • ISMS Auditor/Internal Auditor
  • Lead ISMS Auditor