INTRODUCTION

As both consumers and organizations are facing an increasing number of threats and attacks against their personal and financial data, information security has become more and more
important for all the organizations regardless of their size and complexity. Also, both consumers and legislators are expecting additional protection of information from the organizations they deal with. The need for information security is greater than ever and is expected to constantly increase.

To answer these issues, the International Organization for Standardization (ISO) jointly with the International Electro technical Commission (IEC) has developed the ISO/IEC 27001:2013 standard for information security. ISO/IEC 27001:2013 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

Since 2005, when the first ISO/IEC 27001 certification for an organization was granted, there is a lack of available qualified and certified ISMS professionals. Today’s employers are not just seeking information security professionals, but want proof that these professionals hold a predetermined set of knowledge and skills. Companies now place a high degree of importance on hiring, contracting with, and promoting certified security practitioners prepared to tackle today’s and tomorrow’s security challenges.

It is important to understand that PECB certifications are not a license or simply a membership. It is peer recognition that an individual has demonstrated proficiency in, and comprehension of, a series of competencies. PECB certifications are awarded to candidates that can provide proof of experience, professional references and have passed a standardized exam in the certification area.

To specify the PECB ISOIEC 27001 Master certification schemes in compliance with the ISO/IEC 17024:2012 standard (Conformity assessment — General Requirements for bodies operating certification of persons). Also, this handbook contains information about the process by which candidates may earn and maintain their credentials. It is very important that you read all the information before completing and submitting your application. If questions arise, please contact at hello@smatica.com .

ISO/IEC 27001 MASTER

ISO/IEC 27001 Master credential is a professional certification for candidates who intend to demonstrate the competence to manage and implement an information security management
System (ISMS) and master the audit techniques to manage (or be part of) audit teams and audit programs.

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

The principal competencies and knowledge skills needed by the market are the ability to support an organization in implementing and managing an information security management system as specified in ISO/IEC 27001:2013 as well as to proficiently plan and perform audits compliant with the certification process of the ISO/IEC 27001:2013 standard.

Various professions may apply for this certification:

• Senior managers or senior consultants seeking to master the implementation of an information security management system (ISMS)
• Senior auditors wishing to master the information security management system (ISMS) audit process
• Senior experts in information security management

The requirements for “ISO/IEC 27001 Master” certifications are:

GENERAL INFORMATION

Applying for Certification

Candidates who apply for PECB certification will need to provide the following:

• Two references, including their names and contact details;
• Their most recent CV;
• Their information security management project/audit log.

PECB will validate a candidate’s professional experience with the references to ensure the accuracy of all applications.

About Application

Language
PECB provides support in both English and French languages.

Application Fees for Certification
The application fee for certification is $100.

For all the candidates that have followed the training course and the exam with one of PECB’s resellers, the application fee includes the costs associated with examination, application for
certification, and the first year of Annual Maintenance Fee (AMF) only.

ABOUT CERTIFICATION

Professional References
For each certification application, two professional references are required. Professional references shall be the individuals who have worked with you in a professional environment and
can validate your quality management expertise, current, and previous work history. You cannot use as a professional reference the persons who fall under your supervision or are a relative of yours.

Professional Experience
Candidates shall provide complete information regarding their professional experience, including job title(s), commencement and end date(s), job description(s), and more. Candidates are advised to summarize their previous or current assignments, providing sufficient details to describe the nature of the responsibilities that they have had. More detailed information can be included in the résumé.

ISMS Audit Experience
The candidate’s audit log will be checked to ensure that the candidate has the required number of audit hours. The following audit types constitute valid audit experience: pre-audit, gap analysis, internal audits, second party audits, third party audits, or opinion audits.

ISMS Project Experience
The candidate’s information security management experience log will be checked to ensure that the candidate has required number of implementation-hours.

Evaluation of Certification Applications

The Certification Department will evaluate each application to validate the candidate’s eligibility for certification. A candidate whose application is being reviewed will be notified in writing and given a reasonable time frame to provide any additional documentation if necessary. If a candidate does not respond by the deadline, or does not provide the required documentation within the given time frame, he/she may be declared ineligible.

Denial of Certification
PECB can deny certification if candidates:

• Falsify the application
• Violate the exam procedures
• Violate the PECB Code of Ethics
• Fail the exam

Any concerns regarding the denial of certification can be appealed in writing to the Certification Board.

The application payment for the certificate is non-refundable. This is because of the process of verifying the application, verifying the evidence submitted by the candidates, and verifying the engagement of the relevant units in this process.

Suspension of Certification
PECB can temporarily suspend certification if the candidate fails to satisfy the requirements of
PECB. Additional reasons for suspending certification can be if:

• PECB receives excessive or serious complaints by interested parties (Suspension will be applied until the investigation has been completed.).
• The logos of PECB or Accreditation Bodies are willfully misused.
• The candidate fails to correct the misuse of a certification mark within the determined time by PECB.
• The certified individual has voluntarily requested a suspension.
• PECB deems appropriate other conditions for suspension of certification

Revocation of Certification
PECB can revoke (that is, to withdraw) certification if the candidate fails to satisfy the PECB requirements. Candidates are then no longer allowed to represent themselves as PECB certified professionals. Additional reasons for revoking certification can be if candidates:

• Violate the PECB Code of Ethics
• Misrepresent and provide false information of the scope of the certificate
• Break any other PECB rules

Annual Renewal Certification Fee
To maintain your credentials active, there is an annual renewal fee for each calendar year. Registrants who pay their annual renewal fee will appear online in the PECB Directory of Certified Professional.

Recertification
PECB certificates are valid for three years. In order to maintain a certificate, candidates are required to provide evidence that they are performing activities related to the respective certification on an annual basis. In addition, candidates are also required to pay the Annual Maintenance Fee (AMF).

After successfully maintaining a PECB certificate for three years, candidates can then apply for a renewal of their certificate.

Note: PECB Certified Professionals who hold Lead Certificates and fail to provide evidence of certification maintenance requirements will have their credentials downgraded. On the other hand, holders of Master Certificates who fail to submit CPDs and pay AMFs will have their certificates revoked.
To find out more about the Recertification process, please visit: https://pecb.com/en/certification-maintenance.

PECB Code of Ethics
You can find the PECB Code of Ethics at: https://pecb.com/en/pecb-code-of-ethics

PECB CERTIFICATION PROCESS STEPS

1. Decide which certification is right for you Each PECB certification has specific education and a set of experience requirements. To determine which credential is right for you, verify all eligibility requirements for the different Information Security Management certifications and your professional needs.
2. How to get PECB master credential?
   In order to become a PECB Master certified, an individual should fulfill all the PECB requirements. PECB certified individuals who possess the Lead Implementer and Lead Auditor credentials or passed the respective exams are qualified for a PECB Certified Master Credential. Furthermore, individuals should accomplish a number of hours of activities in implementation and auditing of ISO/IEC 27001 Master and also pass four foundation exams related to the certification field.
3. Apply for certification
   All candidates who successfully pass the exam (or an equivalent accepted by PECB) are entitled to apply for the PECB credentials they were examined for. Specific educational and professional requirements need to be fulfilled in order to obtain a PECB certification. Candidates are required to fill out the online certification application form https://pecb.com/en/user/checkEmail, and fill out all other online forms (that can be accessed via their PECB online profile), including contact details of references who will be contacted to validate the candidate’s professional experience. Lastly, before submitting the application, the candidate can choose to pay online or be billed. For
   additional information, the candidate can contact hello@smatica.com .
   • The approval of the application occurs as soon as the Certification Department validates that the candidate fulfils all the certification requirements regarding the respective credential. An email will be sent to the email address you provided during your application process to communicate your application status. If approved, the candidate will then be able to download the certificate from their PECB Account.
4. Maintain your certification
   PECB certifications are valid for three years. To maintain the certification, the applicant shall demonstrate every year that he/she is still performing tasks that are related to the certification. PECB Certified professionals shall annually provide PECB with the number of hours of auditing and/or implementation related tasks they have performed, along with the contact details of individuals who can validate such tasks. Additionally, certified professionals should regularly pay the annual PECB certification maintenance fees.
   A notification email is sent to the certified members, who are required to submit their Continuing Professional Development (CPD) credits along with the Annual Maintenance Fee (AMF) three months before the annual date of their certification. The PECB certified members will then be able to submit their CPD credits by visiting their account and providing the required information for the respective certification.