The ISO 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/ICE 27001 standard and ISO/IEC 19011. This certification is provided by certification bodies, some accredited and some not. Accredited means having gone through an Accrediation process via a national accreditation body such as ANSI (US) or UKAS (UK)). Examples of international certification bodies are the International Register of Certificated Auditors (IRCA), the Registrar Accreditation Board - Quality Society of Australasia (RABQSA International) and the Professional Evaluation and Certification Board (PECB).

The certification of lead auditor normally includes a classroom and exam portion and a requirement to have performed a number of ISMS audits. Attending the course and passing the exam is not sufficient for an individual to use the credentials of Lead Auditor as professional and audit experience is required.

The course usually consists of 40 hours (four days) of training and a final exam of the fifth day. This certification is different from the ISO 27001 Lead Implementer certification which is targeted for information security professionals who want to implement the ISO 27001 standard rather than audit it or the ISO/IEC 27005 Risk Manager certification which focuses only on the risk management portion of ISO/IEC 27001.

The main benefit from achieving the ISO 27001 Lead Auditor certification is the recognition that the individual can conduct process-based audits competently against ISO 27001 for clients worldwide.

The main ISO 27001 auditor certifications normally follow these designations:

§  Provisional ISMS Auditor

§  ISMS Auditor/Internal Auditor

§  Lead ISMS Auditor

ISO Consulting