ISO/IEC 27001 Lead Auditor

In this five day course our experienced tutors will teach you how to lead, plan, execute and report on an audit of an ISMS in an organization assessing its conformance with ISO/IEC 27001:2013 Information Security Management.

To attend this course, you should already have knowledge of the key Plan-Do-Check-Act (PDCA) cycle within management systems.

You should also have knowledge of Information Security Management principles, concepts and specifically the requirements of ISO/IEC 27001:2013.

Tutors on our lead auditor courses will expand on your existing knowledge of the standard and develop your skills and ability to lead a team to conduct audits of an ISMS to the standard.

Through a combination of tutorials, syndicate exercises and role play, you will learn everything you need to know about how an ISMS audit should be run including conducting second and third-party audits.

"As a leader of a large ISO certification program, I found the ISO/IEC 27001 Lead Auditor course offered immense benefits across multiple dimensions including course content, industry experience and auditing techniques. The course content is designed not only to deliver knowledge, but offers an experience through a comprehensive and collaborative program. The course delivered by experienced trainers amplified this experience enabling participants to develop and enhance their auditing skills." Michael Markarian, Asia-Pacific Regional Quality Manager, Hewlett-Packard Enterprise Services 

*This course is GST exempt


Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to ISO/IEC 27001:2013 in any organization.

Suggested job roles and their teams include:

  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants

Prerequisites:

You should already have knowledge how management systems work and in particular, the requirements of ISO/IEC 27001:2013 (for delegates who do not have these, we recommend attending our one day introduction course)

"The training methods, course material, and knowledge of the BSI team helped to make this course one of the most valuable and beneficial courses I have attended to date and helped me to deepen my knowledge of the ISO/IEC 27001 standard."

Learning objectives

  • Learn how to plan and execute an audit
  • Learn how to document a system and write reports
  • Understand the role of the auditor in the context of an Information Security Management System
  • How to build an Information Security Management System (ISMS) and understand the processes within the system
  • Learn how to manage and lead an ISO 27001:2013 audit team
  • Learn about interview techniques

Course Benefits

  • Your company will have an internal resource and process to be able to conduct its own audit of its ISMS to assess and improve conformance with ISO/IEC 27001:2013
  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization
  • Successful auditing will improve the protection of any organization’s private data to meet market assurance and corporate governance needs
  • Understand how to identify gaps in an ISMS system
  • Accurately be able to provide continuous improvement to a system

Next Steps

  • ISO/IEC 27001 Lead Implementer - Learn how to implement the ISO/IEC 27001 standard within your organization, and understand how to get the most out of your information security management system
  • Risk Management and Operational Planning - Learn how to develop and implement operational plans to help you identify and manage business risk with our two-day Risk Management and Operational Planning course
  • Auditing Cloud Security for STAR Certification - Led by an experienced tutor, this one day course will help you learn how to audit cloud security for the STAR certification programme and learn how to apply the maturity model when auditing a provider’s security controls