CALL US 1-888-553-2256

ISO 27001/ISO 22301 Knowledge base

'. get_the_author_meta('first_name'). ' '.get_the_author_meta('last_name').'

How to become ISO 27001 Lead Auditor

Author: Dejan Kosutic

Many people think that just by attending the ISO 27001 Lead Auditor Course they have become the ISO 27001 Lead Auditor. Well, this is not entirely true.

This article will show the steps you need to take if you want to work as an auditor for a certification body. If you want to work as an internal auditor, you basically do not need the Lead Auditor Course or anything else mentioned here – you can perform internal audits by just proving you have enough experience and knowledge. To learn more about internal audits read this article Dilemmas with ISO 27001 & BS 25999-2 internal auditors.

Steps for becoming the ISO 27001 Lead Auditor

So, if you want to become lead auditor, here is what ISO 27006 (standard that defines the requirements for certification bodies) requires:

  1. Prior experience – You need to have at least four years of experience in information technology, of which at least two years on a job related to information security.
  2. Pass the exam – The ISO 27001 Lead Auditor Course lasts 5 days, and on the fifth day you need to pass the written exam. Therefore, you need to invest considerable effort, not only by studying for the exam but also for attending the full 5 days of the course (if you miss a single day you will not be permitted to take the exam).
  3. Find a certification body – You need to find a certification body which needs an ISO 27001 certification auditor – that may prove to be a difficult task, since most of the certification bodies already have their auditors.
  4. Go through training – When you find the certification body which is interested, this doesn’t mean you’ll start auditing tomorrow – ISO 27006 requires you to go through a trainee program (or similar) during which you will attend real certification audits (done by more experienced colleagues) where you will learn how to perform such audits. Usually, this trainee period lasts 20 audit days after which you’ll be entitled to perform ISMS audits as part of the audit team.
  5. Gain audit experience – To become the ISO 27001 Lead Auditor, i.e. to lead a team of auditors performing ISO 27001 audit, you need to have experience in at least three complete ISMS audits.

After you finish all these steps, you will be able to perform the ISMS audits as the team leader. So, the ISO 27001 Lead Auditor Course is just the beginning of your journey…

You can also check out our  ISO 27001 Lead Auditor Course preparation training – a webinar which describes the details of the course and helps you prepare for the exam.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 27001/ISO 22301 standards.

8 responses to “How to become ISO 27001 Lead Auditor”

  1. Dear Dejan, Planning to take up ISO27K1 Lead Auditor training and certification soon. Who certifies the final exam? I am hearing different answers from diferent quarters: PECB, IRQA etc.

  2. Acad emopedia says:

    I am a fresh computer science graduate, with experience of 2 years as a pentester. I am looking forward to take iso27001 certification. Is it the best time for me to take this certification? or i need experience first? i am a bit confused need guidance. please help?

  3. Anilkumar Karnati says:

    Hello,
    I would like to do ISMS certification, But my education is related to Management and Commerce, I did my MBA in Finance and Now i am pursuing CIMA. How this ISMS certification will build my career in current stream? Please advise me. Thanks a lot in advance.

  4. M H says:

    Is the training mandatory for the certification process or is it only a recommendation? Is there a central body which certifies individuals or can any training organization certify the individual? Is there a specific exam format, number of questions, modules, etc?

Leave a Reply

Your email address will not be published. Required fields are marked *

FREE ISO 27001/22301 CONSULTATION
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera

GET FREE ADVICE

Upcoming free webinar
Developing the business continuity strategy according to ISO 22301
Wednesday - September 12, 2018

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.