What is included?

• You have 12 months time as of reception of the learning material to learn, do the exam and get your certification
  
• Certification and examination fees are included in the price of the training course 
• Training material containing over 450 pages of information and practical examples will be distributed  
  
• An Attestation of Course Completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course. 
• In case candidates do not pass the exam, they are entitled to a free retake within 12 months from the date the coupon code is received  
• + 20% reduction on the first year subscription for our all-in-one ISMS/GRC management solution
  

Why should you take this training course?

The PECB ISO 28000 Lead Auditor training course enables you to develop the necessary competencies to perform security management system (SeMS) audits by applying widely recognized audit principles, procedures, and techniques. This training course integrates the ISO/IEC 17021-1 requirements, the ISO 19011 guidelines, and other best practices of auditing, in order to equip you with the necessary competencies for planning, conducting, and closing ISO 28000 conformity assessment audits successfully. 

Besides the theoretical basis, the training course also provides a hands-on approach by providing examples, exercises, and quizzes to reinforce your understanding of the key aspects of ISO 28000 conformity assessment audits, including the interpretation of ISO 28000 requirements in the context of an audit, the principles of auditing, the application of audit methods and approaches to evidence collection and verification, leading an audit team, drafting nonconformity reports, preparing the audit report, and following up on nonconformities.

After completing the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certified ISO 28000 Lead Auditor” credential. The internationally recognized “PECB ISO 28000 Lead Auditor” certificate validates your professional expertise and demonstrates that you have the knowledge and skills to audit an SeMS based on ISO 28000.

Who should attend?

The ISO 28000 Lead Auditor training course is intended for:

• Auditors seeking to perform and lead SeMS audits 
• Individuals responsible for maintaining conformity to the ISO 28000 requirements
• Technical experts seeking to prepare for an SeMS audit
• Professionals wanting to pursue a career in management systems conformity assessments
• Security management consultants 
• Regulators responsible for ensuring compliance with security standards and regulations 
• Management representatives seeking to master the SeMS audit process 

Training course structure

Module 1: Introduction to the security management system (SeMS) and ISO 28000

• Training course objectives and structure
• Standards and regulatory frameworks
• Certification process
• Fundamental concepts and principles of security management
• Overview of ISO 28000 requirements

Module 2: Audit principles and the preparation for and initiation of an audit

• Fundamental audit concepts and principles
• The impact of trends and technology in auditing
• Evidence-based auditing
• Risk-based auditing
• Initiation of the audit process
• Stage 1 audit

Module 3: On-site audit activities

• Preparing for stage 2 audit
• Stage 2 audit
• Communication during the audit
• Audit procedures
• Creating audit test plans

Module 4: Closing of the audit

• Drafting audit findings and nonconformity reports
• Audit documentation and quality review
• Closing of the audit
• Evaluation of action plans by the auditor
• Beyond the initial audit
• Managing an internal audit program
• Closing of the training course

Certification Exam

Learning objectives

Upon successfully completing the training course, you will be able to:

• Explain the fundamental concepts and principles of a security management system based on ISO 28000
• Interpret the ISO requirements of 28000 for a SeMS from the perspective of an auditor
• Evaluate the SeMS conformity to ISO 28000 requirements by applying and utilizing widely recognized audit concepts and principles
• Plan, conduct, and close an ISO 28000 conformity assessment audit, in accordance with the requirements of ISO/IEC 17021-1, the guidelines of ISO 19011, and other best practices of auditing
• Manage an ISO 28000 audit program

Examination

The “PECB Certified ISO 28000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

• Domain 1: Fundamental principles and concepts of a security management system
• Domain 2: Security management system requirements
• Domain 3: Fundamental audit concepts and principles
• Domain 4: Preparing an ISO 28000 audit
• Domain 5: Conducting an ISO 28000 audit 
• Domain 6: Closing an ISO 28000 audit
• Domain 7: Managing an ISO 28000 audit program

Duration: 3 hours
Location: Online through the PECB app OR in person in one of the PECB exam centers
Preparation: PECB Exam Preparation Guides
Language: The exam is available in multiple other languages and does not need to be taken in the same language as the training material. Additional time can be requested when your native language is not available in your mother tongue (to be requested by candidates on the exam day)
Retake: In case you fail the exam, you can retake it within 12 months following the initial attempt for free

For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification

After successfully completing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate as soon as you fulfill all the requirements related to the selected credential. 

For more information about the ISO 28000 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

The table below presents the requirements for PECB ISO 28000 Auditor certifications:

Credential	Exam	Professional experience	MS audit/assessment experience	Other requirements
PECB Certified ISO 28000 Provisional Auditor	PECB Certified ISO 28000 Lead Auditor Exam or equivalent	None	None	Signing the PECB Code of Ethics
PECB Certified ISO 28000 Auditor	PECB Certified ISO 28000 Lead Auditor Exam or equivalent	Two years: One year of work experience in Supply Chain Security Management	Audit activities: a total of 200 hours	Signing the PECB Code of Ethics
PECB Certified ISO 28000 Lead Auditor	PECB Certified ISO 28000 Lead Auditor Exam or equivalent	Five years: Two years of work experience in Supply Chain Security Management	Audit activities: a total of 300 hours	Signing the PECB Code of Ethics
PECB Certified ISO 28000 Senior Lead Auditor	PECB Certified ISO 28000 Lead Auditor Exam or equivalent	Ten years: Seven years of work experience in Supply Chain Security Management	Audit activities: a total of 1,000 hours	Signing the PECB Code of Ethics

Note: PECB Certified Individuals who do possess the Lead Implementer and Lead Auditor Credentials are qualified for the respective PECB Master Credential, given they have taken 4 additional Foundation Exams which are related to this scheme. For more detailed information about the Foundation Exams and the overall Master Requirements, please visit the following link: https://pecb.com/en/master-credentials

To be considered valid, the audit activities should follow best audit practices and include the following:

• • Planning an audit
  • Managing an audit program
  • Drafting audit reports
  • Drafting nonconformity reports
  • Drafting audit working documents
  • Reviewing documented information
  • Conducting an on-site audit
  • Following up on nonconformities
  • Leading an audit team 

​

Contact us on [email protected] if you have other questions