The nature and complexity of the IT industry has created hundreds of training courses and qualifications over the years. Many are vendor-specific and – in terms of training staff to configure and operate these products – provide a perfectly adequate demonstration of knowledge and skills. They are, however, often linked to the purchase of products and, as such, are subject to the commercial bias of a very competitive IT marketplace.
Technical qualifications – a necessary evil?
A successful information security manager will, of course, have had some technical training and will likely hold qualifications associated with the key vendors, such as Microsoft, IBM, and Cisco. Information security management is a complex, multidisciplinary field and requires knowledge of IT systems (hardware, software, networks), applications, and the people who use them. It also requires an understanding of the bewildering array of threats and vulnerabilities that characterize the modern-day cyber attack. And, yes, it also needs an awareness of the security provided by commercial products from vendors large and small. (It’s a necessary evil.)
ISO 17024 – recognized by employers worldwide
Independent and accredited exam bodies such as ISACA, (ISC)2, CompTIA, APMG, and IBITGQ have been created to counteract the commercial bias of vendors, and to provide consistent and comparable qualifications on an international basis.
But who verifies the independence and quality of the courses and exams offered by these organizations?
The ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons) specifies that accredited exam bodies:
- Meet a global, industry-recognized benchmark
- Are consistent, comparable and reliable worldwide
- Demonstrate that holders have the necessary knowledge and skills
- Are validated to ensure they are recognized by employers and peers
Employers and training development managers recognize the value of ISO 17024, and it’s no coincidence that the careers of senior cybersecurity and IT governance managers are built on the foundations of ISO 17024-accredited qualifications.
There are also many organizations that deliver training and award their own qualifications associated with international IT standards and regulations such as ISO 27001, ISO 22301, the PCI DSS, and the EU GDPR. These include certification bodies such as BSI and LRQA, which, while fully accredited to audit and certify ISO standards, are not accredited to ISO 17024.
I am pleased to confirm that we deliver a unique and unrivalled portfolio of training courses that all deliver ISO 17024 qualifications (assuming delegates pass their exams!). We are particularly proud of our partnership with the International Board for IT Governance Qualifications (IBITGQ), whose qualifications are certified by gasq, which is fully accredited to the ISO/IEC 17024:2012 standard.
All IBITGQ training courses are created by IT Governance Ltd, which is IBITGQ’s lead training development partner and Accredited Training Organization (ATO) in the USA. These courses include the unique ISO 27001 Leaning Pathway, which was created by leading ISO 27001 experts Alan Calder and Steve Watkins. This pathway includes an introductory ISO27001 Certified ISMS Foundation course, and our internationally renowned ISO27001 Certified ISMS Lead Implementer and Lead Auditor courses.