Please clarify whether an accredited external third party must use an ISO certified Lead Auditor to conduct a certification audit. I found the following statement, but it is unclear whether the Lead Auditor must have professional certification in the ISO 27001 standard.
"If an individual wants to issue an ISO/IEC 27001 certificate of compliance then the audit must be done by a Lead Auditor working for an accredited certification body and done using all the rules of that certification body, which will need to adhere to ISO17021 and ISO27006."
I signed a consultant agreement with a company to assist with the ISO 27001 ISMS, which has been awarded ISO certification annually for the past eight years. The external audits were performed by BSI.
The Company is considering using an accredited body other than BSI to conduct the ISO 27001 certification audit in 2020. The Statement of Work does not indicate that the audit team uses a certified Lead Auditor to complete the ISO 27001 certification audit. The auditors are Information Security Auditors certified by ISACA but they do not hold a professional certification in the ISO 27001 standard.