ISO/IEC 27002 Certified Lead Implementer

Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met.

Image description

ISOLI Certification Overview

ISO/IEC 27002 Lead Implementer is a professional certification for professionals specializing in information security management systems (ISMS) based on the ISO/IEC 27002 standard. This professional certification is intended for information security professionals wanting to understand the steps required to implement the ISO 27002 standard (as opposed to the ISO 27002 Lead Auditor certification which is intended for an auditor wanting to audit and certify a system to the ISO 27002 standard).


The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27002 is the best-known standard in the family providing requirements for an information security management system (ISMS).


Exam Pattern

The exam comprises of 100 Multiple Choice Questions out of which the candidate needs to score 70% (70 out of 100 correct) to pass the exam.


Duration of exam
The total duration of the exam is 2 hours (120 Minutes)

Retaking of exam

If a Candidate does not pass the exam in the second (2nd) attempt, the candidate must wait for a period of at least fourteen (14) calendar days from the date of their attempt to retake the exam for third (3rd) time or any subsequent time. The exam can be taken any number of times.


Certification Validity
The ISO/IEC 27002 Lead Implementer Certificate is valid for four (4) years

Displaying your certificate

1. Remember, when labelling a product or system as certified to an ISO standard:
2. Don't say: "ISO certified" or "ISO certification"
3. DO say: "ISO 9001:2008 certified" or "ISO 9001:2008 certification" (for example).


Topics Covered in the Exam

  • Understanding the application of an ISMS in the context of ISO 27002
  • Mastering the concepts, approaches, standards, methods and techniques required in an effective management of an ISMS
  • Understanding the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • Acquiring expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO 27002
  • Acquiring the necessary expertise to manage a team implementing the ISO 27002 standard
  • Developing skills and knowledge required to advise organizations on best practices in management of information security
  • Improving the capacity for analysis and decision making in a context of information security management

Target Audience

  • Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS)
  • ISO 27002 auditors who wish to fully understand the Information Security Management System implementation process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an information security function or for an ISMS project management function