Guest
Certification of Lead Auditor for external ISO 27001 audit
Please clarify whether an accredited external third party must use an ISO certified Lead Auditor to conduct a certification audit. I found the following statement, but it is unclear whether the Lead Auditor must have professional certification in the ISO 27001 standard.
"If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006."
I signed a consultant agreement with a company to assist with the ISO 27001 ISMS, which has been awarded ISO certification annually for the past eight years. The external audits were performed by BSI.
The Company is considering using an accredited body other than BSI to conduct the ISO 27001 certification audit in 2020. The Statement of Work does not indicate that the audit team uses a certified Lead Auditor to complete the ISO 27001 certification audit. The auditors are Information Security Auditors certified by ISACA but they do not hold a professional certification in the ISO 27001 standard.Assign topic to the user
Expert
Dejan Kosutic
Jan 14, 2020
Not sure if I understood your question correctly, so let me try to clarify:
- ISO 27001 certification can be done by an accredited certification body which employs qualified auditors - their qualification needs to include the Lead Auditor course
- ISO 27001 implementation can be done by anyone, there is no formal requirement whatsoever for the implementation team
See also:
- Accreditation vs. certification vs. registration in the ISO world https://advisera.com/blog/2016/02/29/accreditation-vs-certification-vs-registration-in-the-iso-world/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
Comment as guest or Sign in
Jan 14, 2020
Jan 14, 2020
Jan 14, 2020