The Certified ISO/IEC 27035 Lead Incident Manager certifications are professional certifications for professionals needing to implement an incident management process throughout their organization using the ISO/IEC 27035 standard as a reference framework and, in the case of ISO/IEC 27035 Lead Incident Manager Certification, to manage an Information Security Incident Management process.
The principal competencies and knowledge skills needed by the market are the ability to support an organization in implementing and managing an incident management process: planning, implementation, surveillance, re-examination and operation of security incidents, continual improvement of security incidents, management’s commitment, follow-up and review.
Various professions may apply for this certification:
- Incident managers
- Business Process Owners
- Information Security Risk Managers
- Regulatory Compliance Managers
- Members of Incident Response Team
- Persons responsible for information security or conformity within an organization
- Business Continuity Managers
- Security and Business Process consultants
The requirements for “Certified ISO/IEC 27035 Lead Incident Manager” certifications are:
|Credential||Exam||Professional experience||IMMS project experience||Other requirements|
|ISO/IEC 27035 Provisional Incident Manager||PECB Certified ISO/IEC 27035 Lead Incident Manager exam or equivalent||None||None||Signing the PECB code of ethics|
|ISO/IEC 27035 Incident Manager||PECB Certified ISO/IEC 27035 Lead Incident Manager exam or equivalent||Two years: One year of Incident Management work experience||Project activities totaling 200 hours||Signing the PECB code of ethics|
|ISO/IEC 27035 Lead Incident Manager||PECB Certified ISO/IEC 27035 Lead Incident Manager exam or equivalent||Five years: Two years of Incident Management work experience||Project activities totaling 300 hours||Signing the PECB code of ethics|
For certification purposes, the following implementation types constitute valid implementation experience:
- External/consulting implementation
- Partial implementation
To be considered valid, these implementation activities should follow best implementation practices and include most of the following activities:
- Drafting an incident management implementation business case
- Managing a incident management implementation project
- Implementing Incident Management processes
- Managing Incident processes
- Implementing objectives
- Implementing corrective or preventive action
- Performing internal controls
- Performing a management review
- Managing a Project team
Professional references must be from individuals who have professionally worked with you and can validate your Service expertise, current and previous work history, as well as your job performance. You cannot use anyone as a reference who falls under your supervision nor is a relative. At least two professional references are required.
Complete information is required: including job title, beginning dates, end dates, responsibilities and more. Summarize each assignment, providing sufficient detail to describe the nature of the responsibilities that you have had. This information can be detailed in your resume.
IM Project experience
The candidate’s implementation log will be checked to ensure that the applicant has the minimal required number of implementation hours. The following implementation types constitute valid implementation experience: internal implementation, external/consulting implementation or partial implementation of Guidance on Project system. This information can be detailed in your resume.
Auditing of Certification Applications
PECB randomly audits applications to validate the candidate’s eligibility to certification. A candidate whose application is being audited will be notified in writing office and given a reasonable timeframe to provide any additional documentation if required. If a candidate does not respond by the deadline, or does not provide the required documentation within the given time frame, he or she may be declared ineligible.
Denial and Revocation of Certification
Certification will be denied or revoked for any of the following reasons:
- Falsification of application
- Violation of testing procedures
- Failure to pass the examination
- Denials or revocations of certification may be appealed to the Certification Board in writing.
Annual Renewal Certification Fee
To maintain your credentials active, there is an annual maintenance fee for each calendar year. Registrants who pay their annual maintenance fee will appear online in the PECB Directory of Certified Manager.
Maintain your Certification (Recertification)
The PECB designations are valid for three years. To maintain your certification, you must have accumulated the necessary 90 Continuing Professional Development credits (CPD) by the end of that three-year period and pay the recertification fee. CPD hours need to be inputted in your online PECB profile. PECB Certified Professionals who fail to provide the required CPD hours will have their PECB credentials revoked and will no longer be allowed to present themselves as certified PECB professionals.
Informations and registration:
Alexandra Niculae, Training Director ENVISO