Update to EXIN Information Security Management Program Following Insightful Market Research

Earlier this year the EXIN Program Management team conducted a survey amongst candidates and partners to find out what they thought about the Information Security Management program. After a review of the results, the feedback was taken a jumping off point to implement changes that bring the Information Security program firmly in line with market needs.

The survey, which took place in May, was taken by Accredited Training Organizations and a hundreds of candidates. It was commissioned after some initial signals from the market that the name of the program did not completely hit the mark. Aside from the very concrete feedback that led to the changes to the program, there were also some extra insights about the market which support EXIN’s program.

Amongst the ATO’s surveyed, the majority expressed that they expect considerable growth in the field of Information Security Management. The reasons behind this expectation is clear, major news and media companies have been covering the global shortage of information security professionals for several years now. The Global Information Security Workforce Study predicts a shortage of 1.8 million professionals by 2022. This is an increase of 20% on forecasts made in 2015.

With the demand for skilled professionals increasing it is more important than ever that there are certifications in the market to address this need. The changes made to the EXIN Information Security Management program ensure it more accurately and clearly makes the connection between the certifications and this need.

The main changes to the Information Security programs are as follows:
 

  • The name of the program will change from EXIN Information Security based on ISO/IEC 27002 to EXIN Information Security Management based on ISO/IEC 27001.
  • The recommended course duration for the foundation level certification will be extended from 1 day to 2 days. The exam itself will not change.
  • EXIN Information Security Management Advanced based on ISO/IEC 27002 will be renamed to Information Security Management Professional based on ISO/IEC 27001. The foundation certificate will be removed as a pre-requisite for the advanced level. It will still be mandatory to follow a training. Practical assignments should be a part of the accredited training.
  • EXIN Information Security Management Expert based on ISO/IEC 27002 will also undergo a slight name change to EXIN Information Security Management Expert based on ISO/IEC 27001. The advanced level is removed as a pre-requisite. The other prerequisites remain the same.


The change of reference in the name was necessary to more accurately express the strong relationship with the ISO/IEC 27001 standard. This is because ISO/IEC 27001 is the recognized global standard now whereas the Code of Practice (ISO/IEC 27002) was more popular 10 years ago. The program is still geared towards testing a professional’s understanding of Information Security Management practices, as opposed to only testing their knowledge of the requirements of a management system.

The certificate-based prerequisites have been removed on all levels to create easy and fair access to the program. Professionals who are interested in the Information Security Management Professional certificate usually already have enough Foundation level knowledge or are able to easily acquire it. Professionals interested in the Expert certification need to have two years of management experience in Information Security. This prerequisite alone is sufficient as an entry level to this certification which consists of a coaching track and an oral exam.

The changes will be implemented by the 1st of October 2017.

A pdf document with FAQs about the Information Security Management changes can be found below under the heading Downloads.

For more information, please contact our marketing department at marketing@exin.com