The Competency-based Information Security Management System (ISMS) Auditor Certification program has been developed with advice from industry on the specific competencies required by, Information Security Management System (ISMS) auditors to ensure the effective conduct of audits. This in turn provides confidence by organizations in the outcomes of ISMS audits. The benefits being:

  • Provides international recognition for professionals managing Information Security Management Systems in accordance with ISO27001:2005 & ISO19011:2011
  • Provides proof of competence to effectively manage Information Security issues via extensive examination of Knowledge, Work Experience and competence to audit
  • Once certified as a Professional, gain your passport to the world!

This table provides a summary of certification requirements:

Grade Knowledge Competencies Skill Competencies Personal Attributes Qualifications
Provisional ISMS Auditor Exemplar Global-AU,
Exemplar Global-IS
N/A N/A N/A
ISMS Auditor Exemplar Global-AU,
Exemplar Global-IS
Auditing a ISMS as team member PAAS Master® Tertiary + 2 years relevant work experience
Principal ISMS Auditor Exemplar Global-AU,
Exemplar Global-IS
Auditing a ISMS as solo auditor PAAS Master® Tertiary + 2 years relevant work experience
Lead ISMS Auditor Exemplar Global-AU,
Exemplar Global-IS,
Exemplar Global-TL
Auditing a ISMS as audit team leader PAAS Master® Tertiary + 2 years relevant work experience
Business Improvement ISMS Auditor Exemplar Global-AU,
Exemplar Global-IS,
Exemplar Global-TL,
Exemplar Global-OI
Auditing a ISMS as audit team leader PAAS Master® Tertiary + 2 years relevant work experience
The Qualification-based Information Security Management System (ISMS) Auditor Certification program has been developed with advice from industry on the specific competencies required by, Information Security Management System (ISMS) auditors to ensure the effective conduct of audits. This in turn provides confidence by organizations in the outcomes of ISMS audits. The benefits being:

  • Provides international recognition for professionals managing Information Security Management Systems in accordance with ISO 27001:2005 & ISO 19011:2011
  • Provides proof of competence to effectively manage Information Security issues via extensive examination of Knowledge, Work Experience and competence to audit
  • Once certified as a Professional, gain your passport to the world!

This table provides a summary of certification requirements:

GRADE KNOWLEDGE COMPETENCIES (SECTION 3) AUDIT EXPERIENCE QUALIFICATIONS
[EDUCATION,
TRAINING,
WORK EXPERIENCE]
(SECTION 5)
Associate ISMS Auditor (ISMS-AA) Exemplar Global-AU,
Exemplar Global-IS
N/A Secondary Education Certificate.
2 years ISMS work experience obtained in the last 4 years.
ISMS Auditor (ISMS-A) Exemplar Global-AU,
Exemplar Global-IS
20 audit days, with at least 4 complete audits as member of audit team. Secondary Education Certificate.
2 years ISMS work experience obtained in the last 4 years.
Principal ISMS Auditor (ISMS-PR) Exemplar Global-AU,
Exemplar Global-IS
20 audit days, with at least 4 complete audits. At least 10 days and 2 complete audits as a solo auditor. Secondary Education Certificate.
2 years’ experience in a technical or managerial position with direct information security management responsibilities obtained within the last 4 years
Lead ISMS Auditor (ISMS-LA) Exemplar Global-AU,
Exemplar Global-IS,
Exemplar Global-TL
35 audit days, with at least 7 complete audits. At least 15 days and 3 complete audits as Team Leader. Secondary Education Certificate.
2 years’ experience in a technical or managerial position with direct information security management responsibilities obtained within the last 4 years
Business Improvement ISMS Auditor (ISMS-BI) Exemplar Global-AU,
Exemplar Global-IS,
Exemplar Global-TL 
Exemplar Global-OI
35 audit days, with at least 7 complete audits. A least 15 days and 3 complete audits as Team Leader. Secondary Education Certificate.
2 years’ experience in a technical or managerial position with direct information security management responsibilities obtained within the last 4 years