Expert Advice Community

Guest

IT Auditing

  Quote
Guest
Guest user Created:   Dec 20, 2020 Last commented:   Dec 20, 2020

IT Auditing

I am working with companies as a consultant and helping them prepare policies they require for ISO27001 and ISAE3402 (also SOC1 and SOC2). I have also managed the audit process for my own business.


My question is what can I do if I get certified that I can't do now? Secondly, do I have to get certified for all 4 - ISAE3402/ISO27001/SOC1/SOC2 or can I do one overarching certification that will apply to all? Also what are the global bodies that accredit ISO certifications and does that apply to Advisera?

Thanks for your help.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 20, 2020

1 - I am working with companies as a consultant and helping them prepare policies they require for ISO27001 and ISAE3402 (also SOC1 and SOC2). I have also managed the audit process for my own business. My question is what can I do if I get certified that I can't do now?

Answer: ISAE3402 is out of our fields of expertise to provide a proper answer, but regarding ISO 27001, if you are a certified ISO 27001 Lead Auditor, you can work for certification bodies as a certification auditor.

Another available ISO 27001 certifications are ISO 27001 lead auditor and ISO 27001 lead implementer, but they are not required for performing internal audit, or ISO 27001 implementation, respectively, but they can improve your chances to get related jobs.

For further information, see:
- ISO 27001 Internal Auditor training – Is it good for my career?  https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/  

- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like

- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/

About courses related to these certifications, see:
If your intent is to apply for ISO 27001 information security-related jobs, you should consider these courses:

- ISO 27001:2013 Internal Auditor Course https://training.advisera.com/course/iso-27001-internal-auditor-course/

- ISO 27001 Lead Auditor Course https://training.advisera.com/course/iso-27001-lead-auditor-course/
- ISO 27001:2013 Lead Implementer Course https://training.advisera.com/course/iso-27001-lead-implementer-course/

2 - Secondly, do I have to get certified for all 4 - ISAE3402/ISO27001/SOC1/SOC2 or can I do one overarching certification that will apply to all? 

Answer: We are unaware of single certifications that cover all these standards, so you should contact ISO accredited training providers, or the organizations responsible for ISAE 3402 and SOC1/SOC2 frameworks, the ask for such information.

3 - Also what are the global bodies that accredit ISO certifications and does that apply to Advisera? Thanks for your help.

Answer: Considering ISO 27001 personal certification, the most recognized accreditation bodies for training providers are IRCA, PECB, and Exemplar Global (formerly RABQSA).

Advisera is accredited by Exemplar Global for 27001, 9001, and  14001 Foundations, Internal audit and Lead audit courses.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 20, 2020

Dec 20, 2020

Suggested Topics