Certus ISMS auditor certification provides the rigor and validity to demonstrate your knowledge, skills, and competence to a global audience at a low price with no hassles and no extra fees. Just pay a low application fee and a low annual certification fee. No exam fees, no behavioral assessments. Plus, you can save up to 30% more with our multiple certification discount and senior discounts.
Transfer your existing auditor certification to Certus at no cost for up to 12 months. More info here.
We’re so proud of our low-cost approach to certification that we put our prices front and center:
Application Fee—All Grades (nonrefundable)
Provisional Auditor Grade Certification Fee (Per Year)
Auditor Grade Certification Fee (Per Year)
Lead Auditor Grade Certification Fee (Per Year)
Master Auditor Grade Certification Fee (Per Year)
The Certus Information Security Management System (ISMS) auditor certification program provides international recognition for auditors who conduct ISMS audits based on the ISO 27001:2013 standard.
This certification is designed for:
- ISMS auditors, such as those employed by third-party certification bodies/registrars or by purchasing organizations (second-party auditors)
- Information security management practitioners, such as information security management consultants, information security managers, and third-party certification managers
- Employees conducting information security management system audits within their own organizations (internal audits)
A grade is a specific level within a personnel certification program that best describes the job role for that certification program. Available grades for the Certus ISMS auditor certification are:
- Provisional Auditor: This grade is for people who have completed an auditor training course but have not yet met the auditor grade requirements. You may maintain provisional auditor certification for up to two years. After which, you must transition to a higher grade to maintain your certification. This is a good way to begin your auditing career as it gives you formal recognition of your training and knowledge.
- Auditor: For those who audit solo or as a member of an audit team.
- Lead Auditor: For those who lead audits and audit teams.
- Master Auditor: For experienced auditors with at least ten years of lead auditor experience. This grade is for senior audit professionals with an extensive history of conducting audits, but who may no longer lead teams or audit regularly. Master auditors may move into training, consulting, or management roles.
All applicants for all grades are required to submit evidence of the successful completion of a management system-based auditor or lead auditor training course (e.g., ISO 27001 lead auditor course).
The course must be a minimum of 16 hours for auditors and 32 hours for lead auditors.
Certus does not provide training
All applicants for all grades are required to successfully pass the Certus ISMS auditor/lead auditor exam prior to certification. This will be administered online as part of your certification application.
Applicants must submit all required documents and successfully complete the knowledge exam within 60 days of submitting their application. Applications that are not completed within 60 days will be withdrawn. No refund of the application fee will be made. Applicants will have to re-apply and pay the respective application fee.
The following professional experience is required:
- Provisional Auditor: None
- Auditor: At least two years’ work experience, with at least one year of work experience in information security management.*
- Lead Auditor: At least five years’ work experience, with at least two years of work experience in information security management.*
- Master Auditor: At least ten years’ work experience, with at least ten years’ audit experience at a lead auditor grade.
*Work experience in information security management may have been gained through one or a combination of the following: information security management system implementation or maintenance or having worked in an information security management role either as part of the organization or as a consultant.
All applicants for all grades except provisional auditor are required to demonstrate the following audit experience:
- Provisional Auditor: None
- Auditor: You must have successfully completed a minimum of three information security management system audits, amounting to a minimum of six days in total.
- Lead Auditor: You must have successfully completed a minimum of three full information security management system audits as leader of an audit team, amounting to a minimum of nine days in total.
- Master Auditor: A minimum of ten years as a lead auditor.