The ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
The Information Security Management System (ISO/IEC 27001:2022) Lead Implementer is a certification intended for individuals seeking to validate their advanced knowledge of the ISO/IEC 27001.
This exam includes topics such as terms and definitions, normative references, Context of the organization, Leadership (Leadership, commitment, policy, organizational roles, responsibilities and authorities), Planning, Support (Resources, Competence, Awareness, Communication, and Documented information), Operation (Operational planning and control, information security risk assessment, information security risk treatment), Planning (Actions to address risks and opportunities, information security objectives), Performance evaluation (Monitoring, Measurement, analysis, evaluation, internal audit, management review), and Improvement (Nonconformity and corrective action, continual improvement), Selection, Implementation and Management of Information Security Controls, Monitoring, Measurement, Analysis and Evaluation.
The Information Security Management System (ISO/IEC 27001:2022) Lead Implementer certification exam is an online, closed-book, and remotely-proctored exam. This exam consists of 40 multiple-choice questions. The passing score is 70%. Candidates will have 60 minutes to complete the exam. The exam is available in English and Portuguese (Brazilian). Validate your knowledge of the ISO/IEC 27001:2022 and advance your career in Information Security. Register for your online exam now!
Exam code |
ITC-067 |
Launch date |
December 4, 2021 |
Exam description |
The Information Security Management System (ISO/IEC 27001:2022) Lead Implementer exam tests the candidate's advanced knowledge of the ISO/IEC 27001:2022. |
Current version |
v2 (April 8, 2023) |
Exam format |
Multiple choice; computer-based; closed book (online proctored exam) |
Number of questions |
40 questions |
Passing score |
70% (28 out of 40) |
Exam duration |
60 minutes |
Level |
Advanced |
Languages |
English and Portuguese (Brazilian) |
Exam description |
This exam includes topics such as terms and definitions, normative references, Context of the organization, Leadership (Leadership, commitment, policy, organizational roles, responsibilities and authorities), Planning, Support (Resources, Competence, Awareness, Communication, and Documented information), Operation (Operational planning and control, information security risk assessment, information security risk treatment), Planning (Actions to address risks and oportunities, information security objectives), Performance evaluation (Monitoring, Measurement, analysis, evaluation, internal audit, management review), and Improvement (Nonconformity and corrective action, continual improvement), Selection, Implementation and Management of Information Security Controls, Monitoring, Measurement, Analysis and Evaluation. |
RECOMMENDED HOURS OF STUDY |
32 hours |
BLOOM'S TAXONOMY |
Level 2 (Understanding), Level 3 (Applying), Level 4 (Analyzing), and Level 5 (Evaluating) |
Recommended reading |
• ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary • ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements • ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance • ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation • ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection — Guidance on managing information security risks |
Prerequisites |
Pass the ITC-074: Information Security Management Foundation (ISO/IEC 27001:2022) exam. |
Recommended experience |
Six months of hands-on work experience in Information Security |
Validity period |
Lifetime |
CERTIFICATION EXEMPTIONS |
Candidates may be exempted from the Information Security Management Foundation (ISO/IEC 27001) prerequisite certification if they have earned an equivalent non-Itcerts industry certification. Only preapproved specific IT industry certifications are accepted (PECB ISO/IEC 27001 Foundation, APMG ISO/IEC 27001 Foundation, or EXIN Information Security Foundation based on ISO/IEC 27001). The non-Itcerts IT industry certification must have been earned in the last three years. |
Browse our certification programs and choose your certification.
Discover the exam objectives and prepare for your exam.
Register for your online proctored exam.
Take your online proctored exam in the comfort of your home or office.
Congratulations! You are certified!
After purchasing an exam voucher, candidates will have 180 days to take the exam.
The exam voucher includes 2 retakes in case the candidate fails the first attempt.
There are no prerequisites to take the exams. ITCERTS recommends that candidates have at least six months of work experience in the area that the certification exam covers.
If a candidate does not achieve a passing score on the first attempt, there is no waiting period between the first and the second attempt. If a candidate does not achieve a passing score on the second attempt, the candidate must wait at least 7 days before retaking the exam for a third time. A candidate may not take a given exam any more than three times per year (12 months).
Visit the Online Proctored Exam registration page to find complete instructions.
Training is recommended as part of your certification preparation, but it is not mandatory.
Our exams are currently available in English and Portuguese.
Exams are delivered online (Online Proctored Exams) and can be taken from anywhere in the world.
ITCERTS certifications are considered good-for-life and do not expire.
Your employer can verify your certification on our certification verification page. Your certification number will be needed in order to process the verification.
Subscribe to our newsletter