External Auditor versus Lead Auditor
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: An external auditor can be a second-party auditor (who performs audits in an organization in name of another organization) or a third-party auditor (who performs audits in an organization in the name of a certification body). For third-party auditors the lead auditor qualification is mandatory. As for the second-party auditor, the lead auditor qualification may be optional, depending on the requirements of the organization demanding the audit (in general organizations the lead auditor qualification is required, because the interaction with other organizations has additional steps and phases that are not covered by internal auditor qualifications).
If your purpose is to audit other sites of your own organization, then the internal audit qualification is sufficient.
These articles will provide you further explanation about internal and external auditor qualification:
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jan 11, 2018