Role of an ISO Lead Auditor and Implementer
1. What is the role of the lead auditor and lead implementer in ISO processes?
2. What should an organization have such persons?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. What is the role of the lead auditor and lead implementer in ISO processes?
First is important to note that ISO management system standards do not require a lead auditor and/or lead implementer to perform ISO processes, so the organizations are free to adopt these roles or not according to their needs.
Considering that, the lead implementer's role is to guide the management system implementation, from the identification of requirements to implementation of corrective actions and opportunities for improvement identified in the management review.
The role of the lead auditor is to define the audit program, perform audits, and elaborate audit reports, according to the requirements of the ISO management standard. In case there is more than one auditor involved, the lead auditor is the responsible person for the team.
For further information about these roles, see:
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- Free online training ISO 27001 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
- Free online training ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/
2. What should an organization have such persons?
Lead implementers are not normally considered for regular positions in organizations, because in most cases management systems implementation are project-related activities, with a defined date to start and finish (it is best to hire than as consultants).
On the other hand, internal audits are regular activities to be performed in a management system, and depending on the complexity of the audit program, when a single internal auditor is not enough to ensure a proper audit process, the presence of a lead auditor can bring benefits in terms or organizations and dissemination of competencies (they are qualified for training internal auditors).
For further information, see:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Dec 14, 2020