Guest user Created: Jan 14, 2020 Last commented: Jan 14, 2020

Certification of Lead Auditor for external ISO 27001 audit

Please clarify whether an accredited external third party must use an ISO certified Lead Auditor to conduct a certification audit. I found the following statement, but it is unclear whether the Lead Auditor must have professional certification in the ISO 27001 standard.

"If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006."

I signed a consultant agreement with a company to assist with the ISO 27001 ISMS, which has been awarded ISO certification annually for the past eight years. The external audits were performed by BSI.

The Company is considering using an accredited body other than BSI to conduct the ISO 27001 certification audit in 2020. The Statement of Work does not indicate that the audit team uses a certified Lead Auditor to complete the ISO 27001 certification audit. The auditors are Information Security Auditors certified by ISACA but they do not hold a professional certification in the ISO 27001 standard.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Jan 14, 2020

Not sure if I understood your question correctly, so let me try to clarify:

ISO 27001 certification can be done by an accredited certification body which employs qualified auditors - their qualification needs to include the Lead Auditor course
ISO 27001 implementation can be done by anyone, there is no formal requirement whatsoever for the implementation team

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 14, 2020

Expert Advice Community