Certification as an audit team leader

Before an "ISO 27001 certificate on the basis of IT-Grundschutz" is issued, an audit of the information domain under consideration according to the current edition of "Certification according to ISO 27001 on the basis of IT-Grundschutz - auditing scheme" must be performed. This audit is performed by audit team leaders who have previously proven their mastery of domain skills as an individual in relation to information security and IT-Grundschutz, and their qualification to perform this audit as part of a personal certification process, and have thus been certified by the BSI.

This certification process is based on the Federal Office for Information Security Act (BSI Act) of 14 August 2009 as well as ISO/IEC 27006, a standard for bodies who offer audits and certification for information security management systems (ISMS). To safeguard the quality of the audit team leaders certified by the BSI, this group of people must meet stringent requirements to acquire the qualification. These include: a degree or comparable level of education, five years of professional experience - two of which must have been in information security - and adequate experience of the audit process.

Proof of training as an audit team leader must also be provided, as well as completion of a course on IT-Grundschutz according to BSI Standard 200 - each with a pass in the final exam.

For further details, please see the process description for auditor certification. Only when all of these requirements are fulfilled will interested applicants be invited to complete a written, multiple-choice examination. If candidates fail to pass, one retake of the exam is permitted. Exam costs are included in the fees charged by the BSI for certification. Further details can be found in the certification scheme.

Written exams are organised on an ad hoc basis, there is no fixed schedule or timetable.

Please send your completed and signed documents for personal certification to: