Master the audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

ISO/IEC 27001 Lead Auditor

 Who should attend?

  • Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
  • Managers or consultants seeking to master an Information Security Management System audit process
  • Individuals responsible for maintaining conformance with Information Security Management System requirements
  • Technical experts seeking to prepare for an Information Security Management System audit
  • Expert advisors in Information Security Management

Learning objectives

  • Understand the operations of an Information Security Management System based on ISO/IEC 27001
  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
  • Learn how to lead an audit and audit team
  • Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
  • Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011

Educational approach

  • This training is based on both theory and best practices used in ISMS audits
  • Lecture sessions are illustrated with examples based on case studies
  • Practical exercises are based on a case study which includes role playing and discussions
  • Practice tests are similar to the Certification Exam

Prerequisites

A fundamental understanding of ISO/IEC 27001 and comprehensive knowledge of audit principles.

Course agenda

Day 1: Introduction to Information Security Management Systems (ISMS) and ISO/IEC 27001

Day 2: Audit principles, preparation and launching of an audit

Day 3: On-site audit activities

Day 4: Closing the audit

Day 5: Certification Exam

Examination

The “Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the Examination and Certification Programme (ECP). The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of Information Security Management System (ISMS)

Domain 2: Information Security Management System (ISMS)

Domain 3: Fundamental audit concepts and principles

Domain 4: Preparation of an ISO/IEC 27001 audit

Domain 5: Conducting an ISO/IEC 27001 audit

Domain 6: Closing an ISO/IEC 27001 audit

Domain 7: Managing an ISO/IEC 27001 audit program

Certification

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.

The requirements for Auditor Certifications are:

Credential Exam Professional experience ISMS audit/ assessment experience Other requirements
Certified ISO/IEC 27001 Provisional Auditor Certified ISO/IEC 27001 Lead Auditor exam or equivalent None None Signing the Code of Ethics
Certified ISO/IEC 27001 Auditor Certified ISO/IEC 27001 Lead Auditor exam or equivalent Two years: One year of work experience in Information Security Management Audit activities: a total of 200 hours Signing the Code of Ethics
Certified ISO/IEC 27001 Lead Auditor Certified ISO/IEC 27001 Lead Auditor exam or equivalent Five years: Two years of work experience in Information Security Management Audit activities: a total of 300 hours Signing the Code of Ethics

Please be informed: Certified individuals who possess the Lead Implementer and Lead Auditor credentials are qualified for a Certified Master credential. More detailed information will be provided soon.

To be considered valid, these audits should follow best audit practices and include the following activities:

  1. Audit planning
  2.  Audit interview
  3. Managing an audit program
  4. Drafting audit reports
  5. Drafting non-conformity reports
  6. Drafting audit working documents
  7.  Documentation review
  8. On-site Audit
  9. Follow-up on non-conformities
  10. Leading an audit team

General Information

  • Certification fees are included on the exam price
  • Training material containing over 450 pages of information and practical examples will be distributed
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
  • In case of exam failure, you can retake the exam within 12 months for free

Download the course agenda