Re: ISO27001 Internal Audit

richapau · ‎07-05-2019

Hi - I find myself in the strange position of rolling out ISO27001 globally, but I don't hold an ISO 27001 Internal Auditor certification. I am CISSP Certified but would like to plug a certification gap.

Does anyone have access to the ISO27001 Internal Auditor exam syllabus so I can register for the exam? I'm confident of content and subject matter, I just want to make sure that I don't miss something obvious.

Thanks

AppDefects · ‎07-05-2019

@richapau wrote:
Hi - I find myself in the strange position of rolling out ISO27001 globally, but I don't hold an ISO 27001 Internal Auditor certification. I am CISSP Certified but would like to plug a certification gap.

Does anyone have access to the ISO27001 Internal Auditor exam syllabus so I can register for the exam? I'm confident of content and subject matter, I just want to make sure that I don't miss something obvious.

Thanks

Here's a (high-level) syllabus from BSI. They have a great training catalog that offers in-person and online training courses to prepare for the exam. It also helps tremendously if you have an audit background or you are a CISA...

Steve-Wilme · ‎07-05-2019

There are a number of providers of the ISO 27001 internal auditor and lead auditor training in addition to BSI.

You're first step would be to get hold of ISO 27001 and 27002. 27005 and 27035 are also pretty useful too.

You may also want to consider ISO 27001 lead implementer.

I would put too much emphasis on the training though. You can implement 27001 without training. I managed to run a BS7799 implementation programme without any training, although I'd worked in IT and telecomms for about a decade at that time.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

richapau · ‎07-05-2019

Thanks for the info AppDefects. I'm trying to get to the level below this so I can prepare and take the exam without a 3 day course. There's a squeeze on training budget 😕

richapau · ‎07-05-2019

Hi Steve - I've already implemented ISO27001 and completed the re-certification audit in the UK. I just want to take the exam to plug a certification gap, but there's no budget for training. I just want to see what areas the exam covers to reassure myself and then sit it.

Thanks for responding.

AppDefects · ‎07-05-2019

@richapau wrote:
Thanks for the info AppDefects. I'm trying to get to the level below this so I can prepare and take the exam without a 3 day course. There's a squeeze on training budget 😕

Sounds like you have the right skills with having experienced an audit. Did you get to view any of the audit notes during the surveillance audits?

I know there are lots of accredited exam providers out there. Which one did you land on?

Steve-Wilme · ‎07-05-2019

If you bide your time you can find the training courses cheaper at holiday and busy vacation time. I took my ISO 27001 lead auditor in the run up to Christmas, when the training companies get very few bookings and got it for less than half price. Obviously they can't have trainers with low or no utilisation on their payroll, so look at a few companies announced training course schedule and prices. You may also want to consider subscribing to any email alerts on special offers. I am of course assuming you may consider paying for yourself.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

richapau · ‎07-30-2019

Hi Appdefects - sorry for the delay. Having read up on the material and seen some content, I don’t think I’ll bother. It’s behind me now and I’ll live with the certification gap.

Thanks for responding. My preferred examiner is Pearson Vue as they have a test facility about 20 miles from where I work.