ISO 27001 Lead Auditor certification requires successful completion of four exams:


Required Exam: RM101

Exam #RM101 maps to ISO/IEC 31000, 31010, and 27005 risk management content areas taught in IRMCB's authorized course, "Policy Workshop: ISO 31000 Enterprise Risk Management."

  • Required  for CICRA, CICA, CBCS, CBCA, and CBCM certifications.
  • Number of questions: 65
  • Passing score: 75%
  • Time limit: 70 minutes

RM101 Content Areas

  1. Context establishment
  2. Risk assessment
  3. Risk treatment
  4. Risk acceptance
  5. Risk communication
  6. Risk monitoring and review

Required Exam: ISMS101

Exam #ISMS101 maps to ISO/IEC 27001, 27002, and 27003 content areas associated with ISMS planning and strategy, as taught in IRMCB's authorized course, "Policy Workshop: ISO 27001 Information Security Management."

  • Required for ISO 27001 CICA and ISO 27001 Lead Auditor certification
  • Number of questions: 65
  • Passing score: 75%
  • Time limit: 70 minutes 

Content Areas

  1. Developing an Information Security Management System program
  2. Project managing a successful ISO 27001 internal controls implementation
  3. Establishing the ISMS organization
  4. Core ISO 27001 and 27002 best practices relating to:
    • Information security policy and scope
    • Risk assessment and Statement of Applicability
    • Understanding the organization

Required Exam: ISMS102

 Exam #ISMS102 maps to ISO/IEC 27001 and 27002 content areas associated with ISMS deployment, monitoring, exercising, and maintenance, as covered in Certified Information Security's course, "CIS Policy Workshop: ISO 27001 Information Security Management".

  • Required  for CICA and ISO 27001 Lead Auditor certification
  • Number of questions: 65
  • Passing score: 75%
  • Time limit: 70 minutes

Content Areas

Core ISO 27001 and 27002 best practices relating to:

  • External party controls
  • Asset management
  • Human Resources security
  • Physical and environmental security
  • Equipment security
  • Communications and operations management
  • Malicious software controls
  • Network security management and media handling
  • Business continuity management
  • Compliance
  • Exchange of information
  • Electronic commerce, e-mail and internet security
  • General, network, operating system, and application access control
  • Systems acquisition, development and maintenance
  • Cryptographic controls
  • Development and support process security
  • Monitoring of information security and incident management
  • Preparing for an ISO 27001 audit

Required Exam: ISMS103

Exam #ISMS103 maps to ISO/IEC 27001, 27002, 27007, and TR27008 content areas associated with ISMS deployment, monitoring, exercising, and maintenance, as covered in Certified Information Security's course, "ISO 27001 Lead Auditor."

  • Required  for ISO 27001 Lead Auditor certification
  • Number of questions: 65
  • Passing score: 75%
  • Time limit: 70 minutes

Content Areas

  • Auditing the Audit Function & Program
  • Principles of auditing
  • Managing an audit program
    • Establishing the audit program objectives
    • Establishing the audit program
    • Role and responsibilities of the person managing the audit program
    • Competence of the person managing the audit program
    • Determining the extent of the audit program
    • Identifying and evaluating audit program risks
    • Establishing procedures for the audit program
    • Identifying audit program resources
    • Implementing the audit program
    • Monitoring the audit program
    • Reviewing and improving the audit program
  • Performing an audit
    • Initiating the audit
    • Preparing audit activities
    • Conducting the audit activities
    • Preparing and distributing the audit report
    • Completing the audit
    • Conducting audit follow-up
  • Auditing the ISMS Scope, Policy, Risk Assessment Approach, and ISMS Implementation
    • ISO 27001 Audit Criteria
    • ISO 27005 Best Practices
    • ISO 27007 Evidence Collection Recommendations
  • Auditing the ISMS Monitoring and Review
    • ISO 27001 Audit Criteria
    • ISO 27007 Evidence Collection Recommendations
  • Audit the ISMS Documentation Fulfillment
    • ISO 27001 Audit Criteria
  • Audit the ISMS Organization and Management Commitment
    • ISO 27001 Audit Criteria
    • ISO 27002 Best Practices
    • ISO 27007 Evidence Collection Recommendations
  • Auditing ISMS Internal Audit against ISO 27001 Requirements
    • ISO 27001 Audit Criteria
    • ISO 27007 Evidence Collection Recommendations
    • Auditing Management Review
  • An overview of using ISO TR 27008 to audit internal controls

ISO 31000 Risk Management certification courses

Risk management certification exam training

ISO 31000 Certification Training and exam

Risk management courses and training
online risk management training

professional risk management certification exam

 risk manager certification exam training
 risk manager certification course
 risk manager certification exam training

risk manager certifidation course program

 risk manager certification training program

enterprise risk management training program

 risk manager certification exam training

risk manager management trainingpolicy templates, iso 31000 risk management trainingpolicy workshop,risk management trainingrisk management manager trainingrisk management trainingEnterprise Risk Management Trainingcomplete risk management manager training, risk management trainingiso 31000 certification training

 iso 31000 certification risk management certification risk management courses