Back to previous page   Print page
Home / News & press / ISMS auditor transition requirements
  resize text Set Text Size to Normal Increase Text Size

IRCA announces requirements for Information Security Management Systems Auditor transition to ISO 27001:2005

The IRCA Information Security Management Systems Auditor programme is undergoing a major revision and will be based on the new ISO 27001:2005, Information technology -- Security techniques -- Information security management systems -- Requirements, replacing BS 7799-2:2002 as the reference standard for this programme.

This important change will require certificated ISMS auditors to demonstrate that they have updated themselves with the standard and that they understand the implications of these changes in the context of their ISMS auditing activities.

What is the transition requirement for IRCA certificated ISMS auditors?

All IRCA certificated ISMS auditors will need to complete 4 hours of continuing professional development (CPD) focused on ISO 27001:2005 before completing any acceptable audits to the standard. This CPD and auditor’s completed audits will be reviewed during the normal tri-annual renewal of certification. Auditors must include details of their relevant CPD in the CPD log that they submit as part of this process, and clearly note which standard each audit was conducted against in their audit log.

When does this start?

IRCA will accept transition CPD and audits to the new standard from January 2006.

What kind of CPD will IRCA accept?

IRCA does not require ISMS auditors to complete a specific transition CPD, and auditors may achieve this in a number of ways as is consistent with usual IRCA approach to CPD:

  • On the job training
  • In-house training and seminars with your company
  • Attendance at relevant conferences, seminars and workshops
  • Reading (including the IRCA/299 briefing note and other relevant articles)
  • A specific ISMS auditor transition course

IRCA will provide a list of ISO 27001:2005 events and seminars that are acceptable for CPD: this will not be an exhaustive list and other CPD is acceptable. These events are offered by IRCA approved training organizations and OEAs, but are not formally certified by IRCA and, therefore, do not fall under IRCA control even though IRCA accepts them for CPD along with other training and events.
 
Download the ISMS auditor briefing note and transition requirements (IRCA/299)