The nature and complexity of the IT industry has created hundreds of training courses and qualifications over the years. Many are hardware- or software-vendor-specific, and – in the context of training staff to configure and operate these products – provide a perfectly adequate demonstration of knowledge and skills. They are, however, often linked to the purchase of products and, as such, are subject to the commercial bias of a very competitive IT marketplace.
Technical qualifications – a necessary evil?
A successful information security manager will, of course, have had some technical training, and will likely hold qualifications associated with the key vendors, which include Microsoft, IBM and Cisco. Information security management is a complex, multidisciplinary field, and requires a knowledge of IT systems (hardware, software, networks), applications and the people who use them. It also requires an understanding of the bewildering array of threats and vulnerabilities that characterise the modern-day cyber attack. And, yes, it also needs an awareness of the security provided by commercial products from vendors large and small. (It’s a necessary evil.)
ISO 17024 – recognised by employers worldwide
Independent and accredited exam bodies such as ISACA, (ISC)2, BCS, CompTIA, APMG and IBITGQ have been created to counteract the commercial bias and provide consistent and comparable qualifications on an international basis.
But who verifies the independence and quality of the courses and exams offered by these organisations?
The ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons) specifies that accredited exam bodies will:
- Meet a global, industry-recognised benchmark;
- Be consistent, comparable and reliable worldwide;
- Demonstrate that holders have the necessary knowledge and skills;
- Be validated to ensure they are recognised by employers and peers.
Employers and training development managers worldwide recognise the value of ISO 17024, and it’s no coincidence that the careers of senior cyber security and IT governance managers are built on the foundations of ISO 17024-accredited qualifications.
There are also many organisations that deliver training and award their own qualifications associated with international IT standards and regulations, such as ISO 27001, ISO 22301, the PCI DSS and the EU GDPR. These include certification bodies such as BSI and LRQA, which, while fully accredited to audit and certificate ISO standards, are not accredited to ISO 17024.
IBITGQ and ISO 17024
I am pleased to confirm that IT Governance Ltd delivers a unique and unrivalled training portfolio of training courses that all deliver ISO 17024-accredited qualifications (assuming all delegates pass their exams!). We are particularly proud of our partnership with the International Board for IT Governance Qualifications (IBITGQ), whose qualifications are certified by gasq, which is fully accredited to the ISO/IEC 17024:2012 standard.
All IBITGQ training courses are created by IT Governance Ltd, which is IBITGQ’s lead training development partner and Accredited Training Organisation (ATO) in the UK.
These courses include the unique ISO 27001 Leaning Pathway, which was created by leading ISO 27001 experts Alan Calder and Steve Watkins.