ISO/IEC 27001:2013
Information Security Management System | Auditor CertificationIGC provides certification services such as ISO/IEC 27001(ISMS) Information security management system provisional auditor, auditor, lead auditor, internal auditor, and senior auditor based on cooperation with GPC (Global Personnel Certification), an accredited personnel certification body based on ISO/IEC 17024.
-
-
ISO/IEC 27001:2013 Overview
ISO/IEC 27001 is an international standard for information security management system established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and the most authoritative international certification standard in the field of information security. It covers 133 items in 11 areas related to information security such as information protection policy, physical security, and information access control etc.
ISO/IEC 27001 consists of 10 items and 14 control items (refer to ISO/IEC 27002 for control items) of organizational environment, leadership, planning, support, operation, performance evaluation, and improvement. The requirements of this standard have been formulated to be general and applicable to any organization, regardless of its type, size or characteristics.
-
-
ISO/IEC 27001 Auditor Certification Requirements
Lead auditor
Auditor
Senior Auditor
Internal Auditor
Provisional Auditor
Education
Secondary education or higher
Work experience
5 years and more (Including 2 years or more of experience in quality or environment field related to the standard)
10 years and more (Including 2 years or more of experience in quality or environment field related to the standard)
3 years and more (Including 1 year or more experience in quality or environment field related to the standard)
None
Audit experience
Audit log of 20 M/D or higher as an auditor or lead auditor within the last 3 years
Audit log of 35 MD or higher as an auditor or lead auditor within the last 3 years (of which 15 M/D or more are audit log as lead auditor)
Audit log of 15 M/D or more as a lead auditor within the last 3 years (only the log after acquiring lead auditor certification from an accredited personnel certification body is acceptable)
Within the last 3 years awarded 5 times + audit log of at least 15 M/D
None
Education training
* Completion of auditor training course within the last 3 years (Only a certificate of completion issued by an accredited personnel certification body or a training provider designated by it can be accepted)
Exam
GPC knowledge and personality exam pass
-
-
-
ISO/IEC 27001 Auditor Certification Procedure
-
1. Receipt of application documents
- The applicants fill out the application form and submit materials to prove their background.
-
2. Review of application documents and other materials
- After reviewing the submitted application documents and other materials, if they are not sufficient, applicants should prove their history by supporting additional data.
-
3. Performing GPC exam
- The applicants should take the knowledge and attribution test and are granted certification upon passing the test.
-
4. Review by Certification Panel
- Based on the submitted data and test results, the certification panel makes a certification decision.
-
5. Certification issuance
- When the certification is determined, a certificate is issued and delivered to the applicant.
The certification is valid for 3 years from the date of issue, and maintenance fees must be paid annually in accordance with the certified cycle, and additional requirements must be met at the 3rd year in the renewal cycle. -
Related Services from IGC