Home / Certifications / ISO/IEC 27001 / Internal Auditor Certification

Information Security Management System – Internal Auditor Certification

Professional certification program in Information Security Management System at the internal auditor level

This internal auditor level certification validates foundational to advanced competence in Information Security Management System. Professionals certified at this level demonstrate comprehensive understanding and practical application of Information Security Management System requirements and principles within their organizations.

This scheme certifies competence to plan, conduct, report, and follow up ISO/IEC 27001:2022 ISMS internal audits in accordance with ISO 19011:2018 and ISO/IEC 27007:2020 (ISMS audit guidelines), including auditing information security risk processes, control effectiveness, legal compliance, and generating formal ISMS audit reports.

Who Is This For?

Internal Auditors
Quality Assurance Professionals
ISMS Consultants
Compliance Officers
Process Owners
Audit Team Members

Purpose & Objectives

This certification program is designed to validate your competence and knowledge of Information Security Management System requirements. Upon completion, you will be able to:

  • Plan and conduct internal audits per ISO 19011:2018
  • Identify nonconformities and opportunities for improvement
  • Generate structured audit reports with evidence-based findings
  • Evaluate the effectiveness of ISMS controls and processes
  • Follow up on corrective actions and verify their effectiveness

Eligibility Requirements

Experience

2+ years in management systems

Prerequisites

Foundation or equivalent knowledge

Competency Framework

Candidates for the Internal Auditor certification in Information Security Management System must demonstrate competence in:

  • Audit planning and preparation per ISO 19011:2018
  • Audit evidence gathering and evaluation techniques
  • Nonconformity identification and classification
  • Audit reporting and documentation
  • Corrective action follow-up and verification

Assessment & Examination

60
Questions
90
Minutes
  • Multiple-choice examination format
  • Minimum passing score: 70%
  • Online proctored examination available
  • Results provided within 48 hours

Certificate Validity & CPD

  • Certificate validity period: 3 years from date of issue
  • Continuing Professional Development (CPD) required for renewal
  • Minimum 15 CPD hours per year in relevant domain
  • Recertification examination or portfolio assessment at renewal
  • Digital certificate and verification via QA Assessor registry

Code of Conduct

All certified professionals must adhere to the QA Assessor Code of Conduct:

  • Acting with integrity, objectivity, and professional competence
  • Maintaining confidentiality of all information obtained during professional activities
  • Reporting any conflicts of interest or ethical concerns
  • Committing to continuous professional development
  • Upholding the reputation of the certification and the profession

Certification Details

📄
Scheme Code
QA-CB-27001-04
🏛
Certification Body
QA Assessor
🏆
Level
Internal Auditor
📚
Standard
ISO/IEC 27001:2022
📅
Validity
3 Years
ISO/IEC 17024:2012
Compliant Personnel Certification Body

Other ISMS Certification Levels

Foundation

40 Questions · 60 minutes

Associate

40 Questions · 60 minutes

Implementer

60 Questions · 90 minutes

Lead Auditor

80 Questions · 120 minutes

Other ISO Standards

ISO 13485

Medical Devices Quality Management System

ISO 14001

Environmental Management System

ISO 22000

Food Safety Management System

ISO 22301

Business Continuity Management System

ISO 37001

Anti-Bribery Management System

ISO/IEC 42001

AI Management System

ISO 45001

Occupational Health & Safety Management System

ISO 50001

Energy Management System

ISO 9001

Quality Management System

Ready to Get Certified?

Start your journey to becoming a certified information security management system professional today

Apply for Certification