ISO 27001 Lead Auditor & Implementer
- 22 April 2020
- Posted by: mahesh.pande
- Category: Quality Management
ISO 27001 is Information Security Management System i.e. ISMS.
ISO 27001 is one of the very high in demand standard across the world. ISO 27001 standard is called as “Requirement for organizations to fulfill” to achieve International Standard where Independent Certification audit shall be carried out by Certification Body (like TUV-SUD, BSI, DNV, PECB and many others).
An organization can get certified to showcase their adoption to International Standard based on the scope that is decided by the respective organization.
Now for an individual, there are two option/choices, ISO 27001 Lead Auditor & Lead Implementer.
Lead Auditor certification covers following aspects,
- Initiating the Audit
- Stage 1 Audit (Audit Planning, Audit check list, Onsite visit, stakeholder meeting, document verification)
- Preparing for Stage 2 (Stage 2 Audit Planning, test case preparation, + some activities mentioned in Stage 1)
- Stage 2 Audit (Evidence collection with difference approach, Initial & Closure Management Meeting & many other factors).
- Audit Conclusions
- Beyond Stage 2 Audit
In this case stage 1 is called as document verification audit and stage 2 will be on assessment of ISO 27001 requirements that are being adhered too.
Professional should be equipped with ISO 27001 Auditing best practices and all the above activities to become a successful ‘Lead Auditor” Yes, there are some more requirements and we can discuss in next question “How to become a successful auditor”
Now we shall discuss on Lead Implementer focuses majorly focus on implementation of ISO 27001 Requirements and detailed in ISO 27003 Standard.
Here are some key factors that should be trained to enable participant on ISO 27001 LI.
- Selection of Core Team
- Leadership Buy-in
- Setting up the context to the organization
- As is state analysis
- Scope Definition
- Preparing Statement of Applicability
- Project Planning
- Communication Plan
- Developing ISMS
- Deigning ISM Policies (Information Security, Risk Management, Department specific policies (IT, HT, Business, Finance, Procurement, Admin & Legal). All these departments/Business Units are depend on the organization defined scope document.
- Implementing ISMS
- Implementation of Security Operations
- Implementation of IS Incident Management Practice
- Continual Improvement
- Measurement, Analysis and Reporting
- Readiness for ISO 27001 International Standard including Internal Audit and Verification
Hope this answer will help you to gain broad understanding of difference between ISO 27001 Lead Implementer and ISO 27001 Lead Auditor. If you have any further queries, I shall be happy to assist you.
You also have option to join my ISO 27001 Instructor Led Live Virtual Classroom or self study module of ISO 27001 Lead Auditor training and certification programs.
You can choose the module to get certified based on the nature of role that you are currently delivering or aspire to work on. However, my recommendations shall be to that you should learn both. If you are an independent professional you may gain auditing or implementation assignment. Ideally, you would not want to loose.