Home Certification Schemes ISO/IEC 27001
Information Security & AI ISO/IEC 27001 2022

Information Security Management

International standard for information security management systems (ISMS). Helps organisations manage the security of financial data, intellectual property, employee details, and third-party information through a risk-based approach.

technology finance healthcare government
About This Standard

ISO/IEC 27001 is the world's leading information security management system standard, specifying requirements for establishing, implementing, maintaining, and continuously improving an ISMS. The 2022 revision restructured Annex A into four control themes — organisational, people, physical, and technological — and introduced 11 new controls addressing areas including threat intelligence, cloud security, and data masking.

The standard's core is a risk-based approach: organisations identify information security risks, select appropriate controls from Annex A (or elsewhere), and continuously monitor their effectiveness. The Statement of Applicability documents which controls apply and why.

ACI-certified ISO/IEC 27001 auditors demonstrate competency in assessing ISMS design, evaluating risk treatment decisions, and reviewing the effectiveness of all 93 Annex A controls.

Examination Topic Areas
ISMS scope definition and information security risk assessment
Risk treatment and Annex A control selection (all 93 controls)
Organisational, people, physical and technological control themes
Asset management, classification, and information labelling
Access control, identity management, and cryptography
Supplier relationships, cloud security, and supply chain security
Security incident management, forensics, and business continuity
Compliance monitoring, internal ISMS audit, and management review
Examination & Certification Process
01
Attend Training

Attend an ACI-Approved Training Provider (ATP) course for your chosen grade level. ACI-approved courses are aligned to the examination syllabus for ISO/IEC 27001.

02
Sit the Examination

Examinations are administered exclusively through ACI Approved Training Providers. Foundation and Internal Auditor examinations require 70% to pass; Lead Auditor requires 65%.

03
Apply for Certification

Submit your application through the ACI portal with your examination result, training certificate, and relevant audit experience log. Upon approval you receive your ACI Card ID and digital certificate.

Scheme Details
Standard ISO/IEC 27001
Edition 2022
Category Information Security & AI
Cert. Period 3 years
Framework ISO/IEC 17024 Aligned
Available Grades PA · AA · AU · LA · PR · FACI
Get Certified
Apply for Certification → Find an ATP Entry Requirements
All Certification Schemes
Auditor Grades

Available Grades for ISO/IEC 27001

All six ACI auditor grades are available for this scheme. Each grade has defined competence, experience, and examination requirements.

PA
Provisional Auditor

Entry-level certification for those beginning their auditing career. Suitable for individuals who have completed foundation training but have limited audit experience.

Foundation examination pass (70%)
No prior audit experience required
Annual CPD requirement applies
AA
Associate Auditor

For auditors who have completed Internal Auditor training and have begun accumulating audit experience under supervision or in an internal audit role.

Internal Auditor examination pass
Minimum 2 internal audits conducted
Annual CPD requirement applies
AU
Auditor

Full auditor grade for practitioners with demonstrated audit experience. Recognised as a competent independent auditor of management systems.

Internal Auditor examination pass
Minimum 5 complete audits
Annual CPD requirement applies
LA
Lead Auditor

Senior grade for experienced auditors capable of leading audit teams and managing full audit programmes. The most widely recognised auditor grade internationally.

Lead Auditor examination pass (65%)
Lead Auditor training course
Minimum 10 complete audits as team lead
PR
Principal Auditor

Advanced grade for highly experienced auditors demonstrating sustained performance in complex audit environments and contributions to the auditing profession.

Lead Auditor grade prerequisite
Minimum 5 years audit experience
Professional development portfolio
FACI
Fellow of ACI

The highest ACI designation, awarded to individuals who have made an exceptional contribution to the management system auditing profession and to the ACI community.

By nomination and committee review
Exceptional professional contribution
Sustained ACI membership
Ready to certify in ISO/IEC 27001?

Find an Approved Training Provider, sit the examination, and submit your application to ACI.

How to Apply → Find an ATP