""

Auditor / Lead Auditor ISO 27001 Certification – Security Audit

This certification applies to all information security professionals, particularly those wishing to acquire or demonstrate their know-how in internal audits or ISO/IEC 27001 compliance audits.

What is it?

The SO/IEC 27001:2022 Auditor/Lead Auditor certification attests that the certified person :

  • Possesses or has acquired the knowledge and skills required to audit information security management systems in compliance with ISO/IEC 27001 "Information technology - Security techniques - Information security management systems - Requirements", either as a member of an audit team or alone.
  • Has the know-how and personal qualities required to conduct an audit, as defined in ISO/IEC 19011 "Guidelines for auditing management systems" and associated guides (ISO, IAF, EA).

Who can take the exam?

All security professionals wishing to master the audit and certification process in order to prepare or carry out internal audits or ISO/IEC 27001 compliance audits:

  • Auditors wishing to carry out and lead information security management system certification audits
  • Managers or consultants wishing to master the information security management system audit process
  • Anyone responsible for maintaining compliance with ISMS requirements
  • Technical experts wishing to prepare an information security management system audit
  • Consultants specializing in information security management

How does the exam work?

The exam, in the form of MCQs and a case study, is designed to assess :

  • Mastery of ISO/IEC 27001 and ISO/IEC 27002 (principles, vocabulary, organization),
  • Knowledge of auditing and certification principles (ISO 19011, ISO 17021-1 and ISO 27006),
  • Ability to analyze audit evidence,
  • Ability to prepare, conduct and conclude an audit in a relevant and effective manner,
  • Knowledge of risk management (principles and processes),
  • Ability to analyze compliant and non-compliant situations.

Certification is based on passing the ISO/IEC 27001:2022 Auditor/Lead Auditor written exam organized by LSTI, and on auditing experience.

This exam is available on our online exam platform. To register, visit our Registration page.

When registering, please provide your DT138 certificate and proof of experience:

  • For ISO/IEC 27001:2022 Auditor certification, proof (from a client or employer) of at least 20 audit days on ISO/IEC 27001 over the last three years;
  • For ISO/IEC 27001:2022 Lead Auditor certification, proof (from a customer or employer) of at least 20 days' auditing on ISO/IEC 27001 over the last three years, including at least 3 full audits in the role of audit manager, and successful completion of the advanced level exam;
  • Without prior experience, you will sit the exam as a Provisional Auditor.

If you have any questions, please fill in our form by selecting the subject "information about certification personal skills", and we'll get back to you within a few days.

TéléchargezAuditor/Lead Auditor certification rules ISO/IEC 27001:2022 - Q080 v. 2.2

Register for the exam

Why choose LSTI?

1

Recognized expertise

With over twenty years' experience, LSTI supports more than 300 organizations in France and Europe as a certification body and benchmark assessment center in the fields of cybersecurity, digital trust and information security.assessment center, in the fields of cybersecurity, digital trust and information security.
2

Specialized auditors

Our teams of auditors are made up of experienced professionals who are fully conversant with the ANSSI's cybersecurity standards, information security management practices and European digital trust frameworks.curity standards, information security management practices and European digital trust frameworks. Their approach guarantees assessments that are demanding, balanced and adapted to the operational contexts of each organization.
3

Independent third party and dedicated support

Authorized by ANSSI, LSTI guarantees impartiality, transparency and consistency throughout the entire cycle: preparation, audits, monitoring and renewals. A dedicated contact ensures continuity and clarity throughout the certification process.

Discover our news