ISO 27001

ISO/IEC 27001 Foundation

The PECB Certified ISO/IEC 27001 Foundation certification is a professional certification for professionals seeking to prove that they have an overall understanding of the ISO/IEC 27001 standard and its requirements.

The principal competencies and knowledge skils demanded by the market are the ability to support an organization in managing Information Security Management Systems and implementing Information Security controls as specified in ISO/IEC 27001:2013.

Various professions may apply for this certification:

• People responsible for Information security in an organization
• Member of an information security team
• Expert adviser in information technology
• Technical expert seeking to prepare for an Information security audit

The requirements for this certification are:

ISO/IEC 27001 Lead Auditor

The PECB Certified ISO/IEC 27001 Auditor certifications are credentials for professionals needing to audit an Information Security Management System (ISMS) and, in case of the PECB Certified ISO/IEC 27001 Lead Auditor" Certification, able to manage a team of auditors.

The principal competencies and knowledge skills needed by the market are the ability to proficiently plan and perform audits compliant with the certification process of the PECB Certified ISO/IEC 27001:2013 standard and to master the audit techniques and to manage (or be part of) audit teams and audit program.

Various professions may apply for this certification:

• Auditor wanting to perform and lead an Information Security Management System (ISMS) audits as the responsible of an audit team
• Project manager or consultant wanting to master the Information Security Management System audit process
• Person responsible for the Information security or conformity in an organization
• Member of the information security team
• Expert advisor in information technology
• Technical expert wanting to prepare for an Information security audit function

The requirements for "Auditor" certifications are:

For certification purposes, the following audit types constitute valid audit experience:

If an applicant doesn't have all requirements to apply for the credentials of PECB Certified ISO/IEC 27001 Lead Auditor he/she may apply for the credentials of PECB Certified ISO/IEC 27001 Auditor or PECB Certified ISO/IEC 27001 Provisional auditor.

1. Pre-assessment/pre-audit
2. Gap analysis
3. Internal audits
4. Second party audits
5. Third/external audits
6. Opinion audit

To be considered valid, these audits should follow best audit practices and include most of the following activities:

1. Audit planning
2. Audit interview
3. Managing an audit program
4. Drafting audit reports
5. Drafting non-conformity reports
6. Drafting audit working documents
7. Documentation review
8. On-Site Audit
9. Non-conformity follow-up actions
10. Leading a team of auditors

ISO/IEC 27001 Lead Implementer

The PECB Certified ISO/IEC 27001 Implementer certifications are professional certifications for specialists needing to implement an Information Security Management System (ISMS) and, in case of the PECB Certified ISO/IEC 27001 Lead Implementer Certification, needing to manage an implementation project.

PECB Certified ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements, specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in PECB Certified ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

Various professions may apply for this certification:

• Compliance project managers
• Information Security consultants
• Internal and external PECB Certified ISO/IEC 27001 auditors
• Members of an Information Security team

The requirements for "Implementer" certifications are:

For certification purposes, the following implementation types constitute valid implementation experience:

If an applicant doesn't have all requirements to apply for the credentials of PECB Certified ISO/IEC 27001 Lead Implementer, he/she may apply for the credentials of PECB Certified ISO/IEC 27001 Implementer or PECB Certified ISO/IEC 27001 Provisional Implementer.

1. Internal implementation
2. External/consulting implementation
3. Partial implementation

To be considered valid, these implementation activities should follow best implementation practices and include most of the following activities:

1. Drafting an ISMS implementation business case
2. Managing an ISMS implementation project
3. Implementing information security controls
4. Managing information security controls
5. Implementing metrics
6. Implementing corrective or preventive action
7. Performing a management review
8. Performing a risk assessment
9. Managing incidents
10. Managing an information security team

ISO/IEC 27001 Master

The PECB Certified ISO/IEC 27001 Master certification is a professional certification for professionals needing to implement an Information Security Management System (ISMS) and to master the audit techniques and to manage (or be part of) audit teams and audit program.

The principal competencies and knowledge skills needed by the market are the ability to support an organization in implementing and managing an Information Security Management System as specified in PECB Certified ISO/IEC 27001:2013 as well as manage an audit program.

Various professions may apply for this certification:

Senior manager or senior consultant wanting to implement an Information Security Management System (ISMS)
Senior project manager or senior consultant wanting to master the Information Security Management System implementation process

The requirements for this certification are: