Certification Application

and Endorsement Kit

"Plan-Do-Check-Act" within the ISO 27001 ISMS requires auditing. The CIS ISO 27001 Lead Auditor training will complete
your ISO 27001 understanding gained in previous CIS risk management and information security courses by ensuring you
also understand how to apply the ISO 19011 and ISO 27007 ISMS auditing standards to an ISMS audit program.

ISO/IEC 27007:2011 provides guidance on managing an information security management system (ISMS) audit program, on
conducting the audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO
19011. ISO/IEC 27007:2011 is applicable to those needing to understand or conduct internal or external audits of an ISMS
or to manage an ISMS audit program.

Based upon the ISO 27001 related auditing standards ISO 27007:2011 and 19011:2011, this one-day additional course
will provide an intensive overview of how to manage an internal audit of an organization's risk management program in along
with its corresponding information security management system. This course will also provide valuable guidance on
conducting the internal audits, on establishing and validating the competence of ISMS auditors, and prepare you for
your ISO 27001 auditor certification exams required for the well-recognized ISO 27001 Lead Auditor professional
certification.

This credential is applicable to those needing to understand or conduct internal or external audits of a risk management
system supporting an ISMS, or how to manage an ISO 27001 ISMS audit program. This is the only ISO 27001 Lead Auditor
training and professional examination program to incorporate ISO's 27007 standard as core content within its program.
Building upon the foundation understanding of the ISO 27005 risk management framework and ISO 27001 framework
validated by the Certified Internal Controls Architect credential , the ISO 27001 Lead Auditor certification by CIS certifies your
ability to audit the formal structure, governance, and policy of an ISO 27001 conforming Information Security Management
System (ISMS). Furthermore, the ISO 27001 Lead Auditor certification ensures that you are qualified to assure strategic
objectives according to core ISO 27001, 27002, 27003, and 27005 best practices. Upon completion of this training and
certificate program, you will:

 be equipped with knowledge and skills required to perform audits of Information Security Management Systems
(ISMS) against the ISMS standards;

 expand your auditing competency;

 increase your credibility through gaining international recognition; and

 improve your résumé and help to increase your earning potential.

The ISO 27001 Lead Auditor certification is available to qualified candidates who:

1. Are a member of CIS in good standing. If you are not already an Associate member of the CIS certification
student body, you must first become a member to pursue the CICA credential. Please see
www.certifiedinfosec.com/about/becoming-a-member for further details.

2. Attend the required CIS approved curriculum courses. Seminars may be attended at live instructor-led
sessions, online, or a combination of both.
 CIS Policy Workshop: ISO 31000 Enterprise Risk Management
 CIS Policy Workshop: ISO 27001 Information Security Management
 ISO 27001 Lead Auditor
3. Pass the ISO 27001 Lead Auditor Exams.
For ISO 27001 Lead Auditor certification by CIS, candidates must pass CIS online exams RM101, ISMS101,
ISMS102, and ISMS103. CIS exams are administered online and can be taken at your convenience at your home
or work through the CIS Learning Center, where your progress and score are monitored and recorded centrally.
Your exam results are provided to you automatically upon completion of your exam.

4. Submit your professional endorsements and proof of required professional experience.

ISO 27001 Lead Auditor Candidate Endorsement Forms are included within this kit. Current experience
requirements can be viewed online. Submit this application kit including three completed CIS Candidate
Endorsement Forms and your professional résumé / curriculum vitae to the Certification Department at CIS
Headquarters. Your completed documentation can be mailed, transmitted by facsimile, or e-mailed to:

Certified Information Security

ATTN: Certification Department
1004 Green Pine Circle
Orange Park, FL 32246 USA
Fax: +1(786) 522-9063
E-mail: certification@certifiedinfosec.com

You will officially become certified (certificated) once your exam results and required documentation are validated and
approved by the certification committee. Your certification kit will be mailed to you at the address you provided when
setting up your online account at our online learning center or online training and certification store. Those who have
achieved a CIS credential will be invoiced for certification renewal annual maintenance fees upon annual membership
renewal.
 Complete
Complete
Choose your Complete
your entry-
your advanced your
Start here. level
certification level certification
training and
path. training and application!
exam.
exams.

Register for Risk ISO 31000 ISO 31000

Management Enterprise Risk
CIS Management CICRA
Membership ● CICRA (Exam #RM101) Certificate
ISO 27001
Information Security ISO 27001
Management CICA
Information (Exam #ISMS101
Security AND #ISMS102)
Certificate
● CICA
● ISO 27001
Lead Auditor

Business ISO 22301

Continuity ISO 22301
Business Continuity
● CBCS Management CBCS
● CBCA (Exam #BCMS101) Certificate
● CBCM
Best Practices to
Develop, ISO 22301
Exercise, and CBCA
Certify BCM /CBCM
(Exam
#BCMS102)
Certificate
 INSTRUCTIONS
For the Candidate For the Endorser
• Three completed endorsement forms must be completed by • You should have sufficient previous experience in working
people whom you have worked with, and whom can attest to with the candidate to be able to provide a well-founded
your experience, skills, and character. opinion of the candidate’s experience, skills, and character.
• The completed forms must be submitted with your proof of • Please complete and return the form to the candidate for
required experience. submission to Certified Information Security.

CANDIDATE INFORMATION
Your Name Home address
State
City /Province Zip/Postal Code Country

Home Telephone Home E-Mail

Employer Name Official Job Title

ENDORSER INFORMATION
How do you know the candidate in a professional capacity?
 I am the candidates supervisor (past or present)  I am the candidate’s co-worker or colleague

 Other (Please explain)

Please briefly describe your relationship with the candidate:

Dr. Mr. Mrs. Ms.

Your Name Business Address

State
City /Province Zip/Postal Code Country

Business Telephone Business E-Mail

Employer Name Official Job Title

Do you hold any current certifications by CIS?

Fraud Control: CFCA CFCP CFCM
Information Security:  CICRA CICA ISO27001 Lead Auditor
Business Continuity/Disaster Recovery: CICRA CBCS CBCA CBCM

Based upon your familiarity with the candidate on this form, do you feel this candidate has the character, skills, and professional integrity necessary to hold the ISO
27001 Lead Auditor certification?  Yes  No

With this signature, I endorse and recommend this candidate for certification as an ISO 27001 Lead Auditor:

 _________________________________________________ Date: _______________________

Candidate:
Please return this form and your completed certification application to :
Certified Information Security
By post: 1004 Green Pine Circle, Orange Park, FL, 32065 USA; or by fax: +1 (786) 522-9063; or by e-mail: Certification@certifiedinfosec.com

Certified Information Security  www.certifiedinfosec.com  US: (888) 547-3481  International: +1 (904) 406-4311