Consultants are trained and recertified exclusively through the IT security cluster. They are appointed, confirmed and recertified in their role as consultants. To become a consultant, the following requirements apply:
- Certification as ISO/IEC 27001-Auditor or as IT baseline auditor, OR
- At least 5 years of relevant professional experience in the field of IT, of which at least 4 years must have been in the field of information security, OR
- Completed studies in the field of IT and/or information security + at least 4 years work experience in the field of information security.
The information is obtained via a questionnaire/self-disclosure and is reviewed by an expert panel of the IT security cluster. If one of the three requirements is met, a five-day course on CISIS12 must be attended. This concludes with a 90-minute exam (online) at the ICO (Multiple Choice, closed book). If the exam is passed, the the board/managing director of the IT Security Cluster gives a certificate and a consultant role.
If there is a valid ICO-Advisor certificate, it must be upgraded for the consulting of CISIS12. For this purpose, a two-day training course is attended at Cluster. This concludes with a 60-minute exam (multiple choice, closed book) at the ICO. If this is passed and the consultant commits to attending three further training workshops per year, the CISIS12-Consultant role will be granted by the managing directorship/CEO of the IT security cluster.