ISO/IEC 27001 (sometimes shorted as ISO 27001) is an international standard on how to manage information security in an organization. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005, but has been reviewed since them.
People who work on ISO/IEC 27001 can get personal certifications related to this standard, mostly as either auditor or implementer.
There are different certifications to become a certified ISO/IEC 27001 implementer, and they have been reviewed on this post.
PECB (Professional Evaluation Certification Board) is a certification body that issues certificates to candidates. Among its available certifications, there are the PECB ISO/IEC 27001 Lead Implementer and PECB ISO/IEC 27001 Lead auditor certifications.
ISO/IEC 27001 Lead Implementer is sometimes shorten as ISO 27001 LI.
This current post explains the steps required to get the ISO/IEC 27001 Lead Implementer Certification issued by PECB.
I prepared and passed the exam on February 2021. There is no intention to update the post, so please take note that information provided here may become outdated over the time.
How much cost to get a PECB ISO/IEC 27001 Lead Implementer Certification?
As of 2021, the exam fee costs around $1,000, and it does not include preparation material or formal training. So that would be the minimum cost of this certification.
After that, maintaining the certification requires a minimum amount of $100 on annual fees, in 2021.
What are the different ISO/IEC 27001 Lead Implementer credentials available?
There are different types of ISO/IEC 27001 Lead Implementer certification, and they are called ‘credentials’. The more experience you are in ISO/IEC 27001 implementation and IT security, the more senior credential you can achieve.
There are four different credentials for ISO/IEC 27001 Implementer certification, in seniority ascending order:
- PECB Certified ISO/IEC 27001 Provisional Implementer
- PECB Certified ISO/IEC 27001 Implementer
- PECB Certified ISO/IEC 27001 Lead Implementer
- PECB Certified ISO/IEC 27001 Senior Lead Implementer
Each credential requires different prerequisites.
What are the prerequisites to get a PECB ISO/IEC 27001 Implementer credential?
Prerequisites may vary depending on the credential you apply for.
The summary prerequisites to get a PECB ISO/IEC 27001 Lead Implementer certification are:
- Pass the PECB ISO/IEC 27001 Lead Implementer exam (all credentials)
- Adhere to PECB Code of Ethics (all credentials)
- Have a minimum professional experience:
- Provisional Implementer: no experience required
- Implementer: 2 years, 1 in information security management
- Lead Implementer: 5 years, 2 in information security management
- Senior Lead Implementer: 10 years, 7 in information security management
- Have a minimum ISMS project experience:
- Provisional Implementer: no experience required
- Implementer: 200 hours
- Lead Implementer: 300 hours
- Senior Lead Implementer: 1,000 hours
- Provide 2 professional references
What is the PECB ISO/IEC 27001 Master Certification?
PECB ISO/IEC 27001 Master is a certification granted by PECB when the candidate has passed different exams and have pass professional experience related to both auditing and implementing ISO 27001.
The prerequisites to get the PECB ISO/IEC 27001 Master certification is:
- Passing a series of exam, detailed below
- Having a minimum professional experienced, detailed below
- Adhere to PECB Code of Ethics
The exams that the candidate must pass to get the PECB ISO/IEC 27001 Master certification are:
- PECB ISO/IEC 27001 Lead Implementer, or equivalent
- PECB ISO/IEC 27001 Auditor, or equivalent
- Any of the 4 additional exams related to the PECB ISO/IEC 27001 Master scheme:
- ISO/IEC 27005 FD
- ISO/IEC 27002 FD
- ISO 27799 Foundation
- HR Security Foundation
- ISO/IEC 27032 FD
The required experience for PECB ISO/IEC 27001 Master certification is:
- 15 years of professional experience
- 10 years of professional experience in information security management
- 700 hours of experience in project activities
- 700 hours of experience in audit activities
The PECB ISO/IEC 27001 Master scheme can be found on this link.
You can read more info about master certifications on this link.
How long does it take to prepare PECB ISO/IEC 27001 LI exam?
The short answer is from 1 to 2 weeks, if we are dedicated full-time or part-time to its preparation.
The default preparation program considers that the candidate studies the preparation material from Monday to Thursday, and does the exam on Friday. That would be the minimum time, and requires full-time dedicated to preparing the exam.
In any case, trainers recommend not to exceed 2 weeks since we start preparing the course and we do the exam.
If you are studying the material while full-time working or being busy, it may take longer.
How is PECB ISO/IEC 27001 Lead Implementer certification exam?
It lasts a maximum of 3 hours.
If the exam is performed in a language that is not your mother tongue, you get additional 30 minutes, so total time would be 3 hours and 30 minutes.
There are two types of PECB ISO/IEC 27001 Lead Implementer certification exam modes:
The main difference is that multiple-choice is a more typical test exam with short questions with multiple answers and only one valid, and essay is an exam that implies writing and developing answers.
PECB is progressively transitioning to PECB multiple-choice exams, so we will focus on them.
How is multiple-choice exam?
Multiple-choice mode is open-book and has 80 questions. Passing score is 70%.
Maximum time is 3 hours, or 3:30 is you perform the exam in not your native language.
There are 3 possible answers an only one correct. You have 2.25 minutes to answer each question, so there is plenty of time.
Most questions are scenario-based; there is an scenario in one question and then the following 4-5 questions are related to this scenario. Some questions are scenario-independent.
It is an open-book exam, it means, you can bring your own preparation material in paper and look it up during the exam. You do not need to show your preparation material.
You will get the exam result on screen as soon as you finish the exam. Then you will receive an e-mail with the results.
You can find the candidate handbook here.
How is the PECB online exam?
You install an executable file in your computer with webcam, run it the day of the exam and login with your PECB credentials.
The proctor may ask you to turn the camera so he/she can explore the room and check that there is nobody there, that there are not additional screens, etc.
This application allows you to read and answer the exam questions. It also has a shortcut to the course material, that you can look up during the exam.
Take note that the PECB exam application has two important restrictions:
- You cannot change the application on your computer (alt + tab) while PECB app is open
- While browsing the course material through the PECB app, “Find” function (ctrl + F) is unavailable
You can read the PECB online exam guide on this link.
What happens if I fail the exam?
There is no limit to the number of times a candidate can retake an exam. However, there are certain limitations in terms of the allowed time span between exam retakes.
- If a candidate does not pass the exam on the 1st attempt, they must wait 15 days from the initial date of the exam for the next attempt (1st retake). Retake fees apply.
Note: Candidates who have completed the training course but failed the exam are eligible to retake the exam once for free within a 12-month period from the initial date of the exam.
- If a candidate does not pass the exam on the 2nd attempt, they must wait three months after the initial date of the exam for the next attempt (2nd retake). Retake fees apply.
Note: For candidates that fail the exam in the 2nd retake, PECB recommends them to attend a training course in order to be better prepared for the exam.
- If a candidate does not pass the exam on the 3rd attempt, they must wait six months after the initial date of the exam for the next attempt (3rd retake). Retake fees apply.
- After the 4th attempt, the waiting period for further retake exams is 12 months from the date of the last attempt. Retake fees apply
How is PECB Code of Ethics?
You can read the PECB Code of Ethics on this link.
Does PEC ISO/IEC 27001 Lead Implementer certification expire?
Yes, it does, but it can be renewed by accomplishing certain conditions.
If you do nothing, it expires after 3 years.
There is more info about this in the step “Maintain certification”.
Steps to get PECB ISO/IEC 27001 Lead Implementer Certification
Find a training school for the course (optional)
Go to the PECB Training Event search page and check among the available events.
You can filter by location or language.
Contact the academy and enroll for the course.
You will receive an exam code once process is completed.
It is not mandatory that you receive formal training or official material to pass the exam.
Create an account on PECB site
Follow all steps to register on PECB website.
Create an examination profile on PECB site
To perform this step, you need a computer with a webcam and a browser to register for the exam.
Go to PECB website and log in. You will be redirected to myPECB dashboard automatically. Go to tab “Examination profile”. Complete the information there.
You need to take one picture of yourself and another one of an ID. You may need to hide some personal data on your ID card, using opaque tape or post-its. Read carefully the instructions about what do you need to hide, otherwise they will reject your application.
It may take half a day to get an answer about whether your examination profile has been created or rejected. You will receive the answer by e-mail. If they rejected you, read carefully the feedback and repeat the process.
Study preparation material
Receive or access the training material and complete the course. It is planned to take you 4 days, 5 hours a day.
I recommend to become familiar with the preparation material, and even make an index with the course day and page where a topic subject to be questioned is located. This will make up much easier to look up for an specific topic during the exam, and we do not need to memorize so much information.
Test the exam questions
There is a quizzes sheet included in the official PECB material that includes test questions. Perform all of them.
In a different file you will find the correction sheet with correct answers.
Ensure you know all the correct answers to questions before the exam.
Schedule the exam
Go to PECB website and log in. You will be redirected to myPECB dashboard automatically.
Go to “Events” > “Exam Events” to go to the Exam Find search screen.
Select exam category “ISO 27001 Lead Implementer Multiple Choice” (there is also “Essay type”) and your preferred language. Click “Choose exam slot”.
Choose a date and click again on ”Choose exam slot”.
You can get the official instructions about how to schedule for the exam on this link.
Test the online exam app
You can ask PECB organization to perform a mock test, to ensure that your computer and network meets the criteria. Unfortunately most system checks done by the applications are performed only once the exam is started, so it is better to do this dummy test some days before the actual exam.
You need to install an executable file on your computer, that does not need installation. However, it requires admin privileges to add firewall exceptions and also needs specific ports to be open in your network.
The computer needs to have a webcam.
I strongly recommended that you perform the exam in a computer with the most standard configuration possible (i.e., running Windows 10/11) where you have full privileges (i.e., non-corporate) and in a network where there are no strong firewall restrictions (e.g., a home network).
Perform the exam
Perform the online exam from a computer with a web cam.
Take into account that the exam time displayed in PECB application is UTC, so you may adjust it to your local time.
You can enter the exam 30 minutes before it actually starts, but you will have to wait until the planned start time to start reading and answering questions. It is recommended to enter the exam with plenty of time in advance in case there is any technical issue (networks, computer, exam place, etc.). Also try always to have a back-up solution for each possible issue (example: mobile tethering available in case your home connection fails, a second computer available, full-charged batteries in your laptop(s), an alternative place to go in case you must leave your house, etc.).
You will get the exam result on screen as soon as you finish the exam. Then you will receive an e-mail with the results; please keep this e-mail safe as information contained on it is necessary to apply for the exam.
Apply for certification
To apply for certification you need to provide all the prerequisites info and apply for a specific credential.
You have up to 3 years after you passed the exam to claim your certification.
The free certification included in the coupon code may be valid only during one year.
Go to pecb.com, log in and you will be redirected automatically to “myPECB Dashboard”. Go to “My certification” tab and click on “Apply for certification” button.
The info you need to provide during certification application is:
- Certification Type
- Select certification scheme “ISO 27001 / Information Security”, then check “ISO/IEC 27001 Lead Implementer”, select your level and click “Save and continue”,
- Certification Exam
- Work Experience
- Education and Certification
- Professional References: provide
- Certification Payment
You can read more about how to apply for a PECB certification on this link.
In the list, select “ISO 27001″, then “ISO/IEC 27001 Lead Implementer” and finally any of the 4 credentials available (check the FAQ section to know more about credentials). Click “Save and continue”.
In the next screen, mark the checkbox with your credential and enter the following info:
- Exam number (included in the e-mail with exam results)
- Date of Achievement (date of the e-mail with exam results)
- Exam Issuer (school that provided the course)
- Attendance record (it is optional; it did not apply in my case as I had not receive it)
Enter work experience info.
Education and certification
Enter education and certification info.
You need to provide the contact to 2 colleagues that provide professional references. They will receive an e-mail and then they will have to reply.
If they do not reply, you will have the change to ask references to other collegues.
Accept the PECB code of ethics and other declarations.
Review the info provided.
Pay or use the coupon code provided during the course enrollment to apply for free.
Maintain the certification
After getting ISO/IEC 27001 Lead Implementer exam for the first time, its validity is 3 years starting to count from the day you started the exam.
You need to fulfill some requirements to maintain the certification:
- Submit a given number of Continual Professional Development (CPD) credits annually
- Pay an Annual Maintenance Fee annually. As of 2021, AMF was $100
- Keep adhering to PECB Code of Ethics
To submit CPDs:
- Go to PECB Dashboard > “My Certifications” tab > CPD Info > “Submit CPD” button.
For more information, please visit the Certification Maintenance page on the PECB website.
Upgrade the credentials
If you meet the requirements of a superior credential over time, you can apply for it.
To upgrade your current certificate:
- Visit PECB portal
- From the myPECB dashboard, click on tab “My certificationss”
- Next to the certificate you want to upgrade, click on the button “Upgrade”.
As of 2021, upgrade fee was $100, in addition to Annual Maintenance Fee.