I’m proud to share a significant milestone in my professional journey: I have officially obtained the ISO/IEC 27001:2022 Lead Auditor certification, issued by CSQA, a nationally and internationally accredited certification body.
This qualification formally attests to my competence in planning, conducting, evaluating, and reporting audits of Information Security Management Systems (ISMS), in accordance with the ISO/IEC 27001:2022 standard and the ISO 19011 auditing guidelines.
Throughout the certification process, I deepened my knowledge and practical skills in:
• The core principles of information security management;
• Process-based auditing techniques and the PDCA (Plan-Do-Check-Act) approach;
• Critical analysis of documentation and audit evidence, with constant reference to the standard’s structure from clauses 4 to 10 and the updated Annex A (2022 version);
• Identification and classification of non-conformities, observations, and improvement opportunities based on objective criteria;
• Drafting structured audit reports and managing formal communications with auditees and stakeholders.
This certification aligns with my long-standing professional experience in ICT, networking, and cybersecurity, with a strong focus on regulatory compliance, risk analysis, and the protection of sensitive data and critical infrastructure.
Becoming an ISO/IEC 27001 Lead Auditor is not only a recognition of my technical and methodological expertise, but also a commitment to supporting organizations in their efforts toward certification, risk governance, and the establishment of effective, measurable security practices.