ISO 27001 Lead Auditor certification requires successful completion of four exams:
Exam #RM101 maps to ISO/IEC 31000, 31010, and 27005 risk management content areas taught in IRMCB's authorized course, "Policy Workshop: ISO 31000 Enterprise Risk Management."
- Required for CICRA, CICA, CBCS, CBCA, and CBCM certifications.
- Number of questions: 65
- Passing score: 75%
- Time limit: 70 minutes
RM101 Content Areas
- Context establishment
- Risk assessment
- Risk treatment
- Risk acceptance
- Risk communication
- Risk monitoring and review
Exam #ISMS101 maps to ISO/IEC 27001, 27002, and 27003 content areas associated with ISMS planning and strategy, as taught in IRMCB's authorized course, "Policy Workshop: ISO 27001 Information Security Management."
- Required for ISO 27001 CICA and ISO 27001 Lead Auditor certification
- Number of questions: 65
- Passing score: 75%
- Time limit: 70 minutes
Content Areas
- Developing an Information Security Management System program
- Project managing a successful ISO 27001 internal controls implementation
- Establishing the ISMS organization
- Core ISO 27001 and 27002 best practices relating to:
- Information security policy and scope
- Risk assessment and Statement of Applicability
- Understanding the organization
Exam #ISMS102 maps to ISO/IEC 27001 and 27002 content areas associated with ISMS deployment, monitoring, exercising, and maintenance, as covered in Certified Information Security's course, "CIS Policy Workshop: ISO 27001 Information Security Management".
- Required for CICA and ISO 27001 Lead Auditor certification
- Number of questions: 65
- Passing score: 75%
- Time limit: 70 minutes
Content Areas
Core ISO 27001 and 27002 best practices relating to:
- External party controls
- Asset management
- Human Resources security
- Physical and environmental security
- Equipment security
- Communications and operations management
- Malicious software controls
- Network security management and media handling
- Business continuity management
- Compliance
- Exchange of information
- Electronic commerce, e-mail and internet security
- General, network, operating system, and application access control
- Systems acquisition, development and maintenance
- Cryptographic controls
- Development and support process security
- Monitoring of information security and incident management
- Preparing for an ISO 27001 audit
Exam #ISMS103 maps to ISO/IEC 27001, 27002, 27007, and TR27008 content areas associated with ISMS deployment, monitoring, exercising, and maintenance, as covered in Certified Information Security's course, "ISO 27001 Lead Auditor."
- Required for ISO 27001 Lead Auditor certification
- Number of questions: 65
- Passing score: 75%
- Time limit: 70 minutes
Content Areas
- Auditing the Audit Function & Program
- Principles of auditing
- Managing an audit program
- Establishing the audit program objectives
- Establishing the audit program
- Role and responsibilities of the person managing the audit program
- Competence of the person managing the audit program
- Determining the extent of the audit program
- Identifying and evaluating audit program risks
- Establishing procedures for the audit program
- Identifying audit program resources
- Implementing the audit program
- Monitoring the audit program
- Reviewing and improving the audit program
- Performing an audit
- Initiating the audit
- Preparing audit activities
- Conducting the audit activities
- Preparing and distributing the audit report
- Completing the audit
- Conducting audit follow-up
- Auditing the ISMS Scope, Policy, Risk Assessment Approach, and ISMS Implementation
- ISO 27001 Audit Criteria
- ISO 27005 Best Practices
- ISO 27007 Evidence Collection Recommendations
- Auditing the ISMS Monitoring and Review
- ISO 27001 Audit Criteria
- ISO 27007 Evidence Collection Recommendations
- Audit the ISMS Documentation Fulfillment
- ISO 27001 Audit Criteria
- Audit the ISMS Organization and Management Commitment
- ISO 27001 Audit Criteria
- ISO 27002 Best Practices
- ISO 27007 Evidence Collection Recommendations
- Auditing ISMS Internal Audit against ISO 27001 Requirements
- ISO 27001 Audit Criteria
- ISO 27007 Evidence Collection Recommendations
- Auditing Management Review
- An overview of using ISO TR 27008 to audit internal controls