Certus ISMS auditor certification provides the rigor and validity to demonstrate your knowledge, skills, and competence to a global audience at a low price with no hassles and no extra fees. Just pay a low application fee and a low annual certification fee. No exam fees, no behavioral assessments. Plus, you can save up to 30% more with our multiple certification discount and senior discounts.
Transfer your existing auditor certification to Certus at no cost for up to 12 months. More info here.
We’re so proud of our low-cost approach to certification that we put our prices front and center:
Application Fee—All Grades (nonrefundable)
Provisional Auditor Grade Certification Fee (Per Year)
Auditor Grade Certification Fee (Per Year)
Lead Auditor Grade Certification Fee (Per Year)
Master Auditor Grade Certification Fee (Per Year)
The Certus Information Security Management System (ISMS) auditor certification program provides international recognition for auditors who conduct ISMS audits based on the ISO 27001:2013 standard.
This certification is designed for:
- ISMS auditors, such as those employed by third-party certification bodies/registrars or by purchasing organizations (second-party auditors)
- Information security management practitioners, such as information security management consultants, information security managers, and third-party certification managers
- Employees conducting information security management system audits within their own organizations (internal audits)
A grade is a specific level within a personnel certification program that best describes the job role for that certification program. Available grades for the Certus ISMS auditor certification are:
- Provisional Auditor: For those who have completed an auditor training course, but who do not yet meet the audit requirements of their desired grade. You may maintain provisional auditor certification for up to two years. After which, you must transition to a higher grade to maintain your certification. This is a good way to begin your auditing career as it gives you formal recognition of your training and abilities.
- Auditor: For those who audit solo or as a member of an audit team.
- Lead Auditor: For those who lead audits and audit teams.
- Master Auditor: For experienced auditors with at least ten years of lead auditor experience. This grade is for senior audit professionals with an extensive history of conducting audits, but who may no longer lead teams or audit regularly. Master auditors may move into training, consulting, or management roles.
All applicants for all grades are required to submit evidence of the successful completion of a management system-based auditor or lead auditor training course (e.g., ISO 27001 lead auditor course). The course must be a minimum of four days (32 hours).
Certus does not provide training. Applicants may choose the training provider of their choice and are not required to attend a certified training course.
Training must have been completed within five years of the application date.
All applicants for all grades are required to successfully pass the Certus ISMS auditor exam prior to certification. This will be administered online as part of your certification application.
The following professional experience is required:
- Provisional Auditor: None
- Auditor: At least two years’ work experience, with at least one year of work experience in information security management.
- Lead Auditor: At least five years’ work experience, with at least two years of work experience in information security management.
- Master Auditor: At least ten years’ work experience, with at least ten years’ audit experience at a lead auditor grade.
All applicants for all grades except provisional auditor are required to demonstrate the following audit experience:
- Provisional Auditor: None
- Auditor: You must have successfully completed a minimum of four management system audits that cover all elements of the audit cycle, amount to a minimum of 20 days, and include a minimum of 15 days on site.
- Lead Auditor: You must have successfully completed a minimum of three full management system audits as leader of an audit team, that are a minimum of 15 days in total, with a minimum of 10 days on site.
- Master Auditor: No specific audit experience requirement beyond the 10 years of lead auditor experience.
Audits must have been completed after completing an auditor/lead auditor training course and within five years of the date of application.