What does a certified Manager for information security management system manager do?
Manager of the information security management system is the person in charge to:
- plan, develop, applies and implement information security management system in organization;
- monitor implementation of objectives;
- manages the interconnections between processes;
- analyzes process performance;
- leads projects to improve information security management system;
- plan and organize implementation of internal audit program;
- identifies deviations in information security management system, defines nonconformities;
- assesses the adequacy of proposed corrective measures;
- report to top management on the state of information security management system.
Who is the certification for?
- Persons responsible for managing information security management system in organization;
- Persons involved in teams for development and maintenance of information security management systems;
- Consultants working on the implementation of information security management systems etc.
Why to get certified?
- Your knowledge and skills for information security management system manager have been confirmed by a third party (certification body);
- Your organization, the organization that hires you to plan, develop, apply, and implement information security management system, is sure to have a qualified person;
- Increases your chances of getting a job;
- Provides you with greater credibility with the employer;
- Obliges you to continuous professional development.
What are the conditions for certification?
Applicant for certification/person must:
- meet certain conditions related to education, work experience, training (see table below);
- pass a written test.
|Total work experience (years)
|Work experience (years) related to the scheme
|Training||Experience in audits|
|MANAGER FOR INFORMATION SECURITY MANAGEMENT SYSTEM||higher education||2||
(in information security management system and/or on jobs in the field related to information security management system)
|training for manager of information security management system for a period of 40 hours conducted by a training organization approved by StandCert*||–|
*Appropriate additional training (if the person is already manager for another management system) lasting 24 hours, implemented by a training organization approved by StandCert, can be recognized as adequate.
StandCert also accepts as adequate the trainings that are approved within the widely accepted certification schemes of persons in the field of management systems.
StandCert will also accept, as an adequate precondition for certification of persons, training with equivalent education and alternative education for which there is evidence that they meet the established criteria for recognition.
A person who has applied for certification and who meets the precondition for certification takes a written test lasting 120 minutes.
The test consists of two parts of a total of 30 questions. In the first part there are questions with offered answers from which the candidate should choose correct answer(s), and in the second part there are open questions in which the candidate is expected to give written answers (eg. on a specific example identification of interested parties, context of the organization, risk assessment, etc.).
The pass criterion is 70% of the possible number of points, provided that in both parts of the test a pass rate of at least 50% + 1 point is achieved.
Validity of the certificate
If a person has passed the test and met all the conditions for certification, he is awarded with a certificate for a period of 3 years.