IIBA CCA vs. ISO 27001 Lead Auditor: Which one should you go for?
This is a question that arises in many information security and business analysis professional’s mind. Both IIBA CCA and ISO 27001 deal with information security. So, which one should pursue?
I am among very few BA professionals who have done both the certifications. I consulted more than 10 clients to implement ISO 27001 in their organizations and it was indeed a great learning process. I thoroughly enjoyed my ISO 27001 Lead Auditor training.
Similarly, I took IIBA CCA certification few months back and again was pleasantly surprised about new aspects those I learnt as part of my CCA preparations process.
Let's do a comparison between the 2 certifications below.

Domain |
IIBA CCA Domains |
ISO 27001 Domains |
1 |
Cybersecurity Overview and Basic Concepts |
Information security policies |
2 |
Enterprise Risk |
Organization of information security |
3 |
Cybersecurity Risks and Controls |
Human resource security |
4 |
Securing the Layers |
Asset management |
5 |
Data Security |
Access control |
6 |
User Access Control |
Cryptography |
7 |
Solution Delivery |
Physical and environmental security |
8 |
Operations |
Operations security |
9 |
|
Communications security |
10 |
|
System acquisition, development and maintenance |
11 |
|
Supplier relationships |
12 |
|
Information security incident management |
13 |
|
Information security aspects of business continuity management |
14 |
|
Compliance |
IIBA-CCA Recommended -
- Business analysts
- To become enterprise / strategic level BA
- If your organization has IIBA CCA certifications as part of the competency framework
- Part of BA Center of Excellence/BA Competency team
ISO 27001 LA Recommended –
- Members of Organizational Infosec team
- If your organization has ISO 27001 LA certifications as part of the competency framework
- If your organization has implemented or plan
You May Also Like
These Related Stories

Everything You Wanted to Know About IIBA Certifications

CBAP vs. AAC: Which One to Pursue?

Comments (1)