Certification Criteria

The requirements for certifications issued by the Information Security Leadership Forum are provided below. Please note certification criteria is subject to change at any time, without notice.

Please note when calculating hours of experience, operational includes any role where you were involved in performing or managing security functions. For project experience this relates to direct involvement in project-based implementation of controls, or the management of data protection projects. The ISLF will consider hours worked on any recognized framework, not just ISO, e.g. SOX 404, NIST-CSF, HIPAA, GLBA, etc.

ISO 27001 - Foundations (ISO27K-F™)

Certification

Level

Professional Experience

Experience - Data Protection Operations

(in hours)

Experience - Data Protection Project

(in hours)

ISLF Training

ISLF Exam

ISO 27001 Foundation

Foundation

0

0

0

ISO 27001 Lead Implementer (ISO27K-LI™)

Certification

Level

Professional Experience

(in years)

Experience - Data Protection Operations

(in hours)

Experience - Data Protection Project

(in hours)

ISLF Training

ISLF Exam

ISO 27001

Associate

0

0

0

ISO 27001

Professional

3

1000

500

ISO 27001

Lead

5

2000

1000

ISO 27001 Lead Auditor (ISO27K-LA™)

Certification

Level

Professional Experience

(in years)

Experience - Data Protection Operations

(in hours)

Experience - Data Protection Project

(in hours)

ISLF Training

ISLF Exam

ISO 27001

Associate

0

0

0

ISO 27001

Professional

3

1000

500

ISO 27001

Lead

5

2000

1000

ISO 27001 Master (ISO27K-MA™)

Certification

Level

Professional Experience

Experience - Data Protection Operations

Experience - Data Protection Project

ISLF Training

ISLF Exam

ISO 27001

Master

5

4000

2000

Information Security Portfolio Manager (CISPM)

Certification

Level

Professional Experience

(in years)

Experience - Data Protection Operations

(in hours)

Experience - Data Protection Project

(in hours)

ISLF Training

ISLF Exam

Information Security Program Manager

Project

0

0

0

Information Security Program Manager

Program

3

0

1000

Information Security Program Manager

Portfolio

5

0

2000

>