Information Security Management Systems Certification Scheme (ISMS) | CQI | IRCA Skip to main content

Information Security Management Systems Certification Scheme (ISMS)

Progress indicator

The IRCA Information Security Management Systems (ISMS) Certification Scheme is for auditors using ISO/IEC 27001.

To be certificated in this scheme, you'll need to demonstrate that you have the skills to audit the proper implementation of ISO/IEC 27001.

Who the scheme is for

  • ISMS auditors, such as those employed/contracted by third-party certification/registration bodies and those involved in first or second-party ISMS audits
  • Information security practitioners, such as information security consultants, IT security managers and IT personnel
  • Employees conducting ISMS audits within their own organisation (internal audits).


As an information security management systems auditor, you need to demonstrate that you:

  • Know the range of application for an ISMS
  • Know information security-related legislation applicable to the country(s) of operation
  • Know the techniques and tools used in information security management
  • Understand the potential business impacts of ISMS
  • Understand the importance of asset and owner identification
  • Know the control objectives and how these are addressed
  • Understand risk assessment and identification
  • Understand threats, vulnerabilities and impacts
  • Understand the difference between risk assessment and risk evaluation
  • Understand the methodology of risk treatment, application, residual risk and review of the risk treatment plan
  • Know and understand the importance of the statement of applicability in the ISMS, and how it is used
  • Know the difference between an IS event and an incident.

The ISMS scheme is based on the following key standards:

  • ISO/IEC 27001:2022 Information technology – Security techniques – Information security management systems – Requirements
  • ISO 19011:2018 Guidelines for auditing management systems

Join IRCA as an ISMS auditor

Begin your application to become an IRCA registered Information Security Management systems auditor


Take your career to the next level and become a member.

Applying for IRCA certification FAQs

Frequently asked questions about applying for IRCA certification – covering application requirements, training courses and how to record your audit experience.