This course is presented as
Live Virtual Training.
Click for more details.
ISO 27001 Lead Auditor
- Practical orientation - not just theory. Features extensive use of real-world examples from trainer personal experience
- The ONLY independently accredited ISO 27001 Lead Auditor training in Asia-Pacific.
- Certificate exam 3rd-party set and marked
- Based on most recent version ISO 27001:2013 updated to include latest changes in the ISO/IEC 27002:2022 standard
ISO 27001 is the recognised international standard for best practice in information security management systems (ISMS) within any organisation. This course will prepare you to plan and execute audits of information security management systems in line with the international standard ISO/IEC 27001.
Using the most recent version ISO 27001:2013 updated to include latest changes in the ISO/IEC 27002:2022 standard, this training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). An audit kit developed by experienced auditors will be distributed to participants.
The trainer makes the difference!
When you attend a training course there are actually two costs – the course fee, and the value of your time. You can see the fee. But whether you get value for your time and money depends totally on the quality of the course.
Lots of things go into making a great course, but the single most important is always the trainer - their knowledge of the subject, their real-world experience that they can draw upon in class, their ability to answer questions, their communication skills and their obvious enthusiasm for the subject. This is what makes the difference. When it comes to ISO 27001 Lead Auditor, ALC offers two outstanding trainers. Please contact us if you wish to know the designated trainer for your course.
Mike has more than thirty years’ experience in risk-based IT assurance in NZ, PNG, Australia and USA. Exceptional IT technical and security skills combined with sound business and risk management experience provide the foundation for the identification and management of IT related business risks. Full bio here.
Gary Gaskell is a highly regarded information and cyber security specialist serving industry and government for 28 years. He has published 50 articles in Australia and internationally. He combines excellent communications and business analysis skills with a thorough mix of technical, process and governance related security controls. Full bio here.
- Acquiring the expertise to perform an ISO 27001 internal audit as specified by ISO 19011
- Acquiring the expertise to perform an ISO 27001 certification audit as specified by ISO 19011, ISO 17021 and ISO 27006
- Acquiring the expertise necessary to manage an ISMS audit team
- Understanding the application of the information security management system in the context of ISO 27001
- Understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organisation
- Improve the ability to analyse the internal and external environment of an organisation, risk assessment and audit decision-making in the context of an ISMS
Who should attend
- Internal auditors
- Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
- Project managers or consultants wanting to master the Information Security Management System audit process
- Persons responsible for the Information security or conformity in an organisation
- Members of an information security team
- Expert advisors in information technology
- Technical experts wanting to prepare for an Information security audit function
Day 1: Introduction to the management of an Information Security Management System based on ISO 27001
- Normative and regulatory and legal framework related to information security
- Fundamental principles in Information Security
- ISO 27001 certification process
- Information Security Management System (ISMS)
- Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard
Day 2: Launching an ISO 27001 audit
- Fundamental audit concepts and principles
- Audit approach based on evidence and on risk
- Preparation of an ISO 27001 certification audit
- Documenting of an ISMS audit
- Conducting an opening meeting
Day 3: Conducting an ISO 27001 audit
- Communication during the audit
- Audit procedures:
- document review
- sampling techniques
- technical verification
- Corroboration and evaluation
- Drafting test plans
- Formulation of audit findings
- Drafting of nonconformity reports
Day 4: Closing an ISO 27001 audit
- Audit documentation
- Quality review
- Review of audit notes
- Conducting a closing meeting and conclusion of an ISO 27001 audit
- Evaluation of corrective action plans
- Surveillance audit
- Audit management program
- Completion of training
- Course review
- Exam preparation
- Certificate exam
Fees are per person and include:
- Course presentation
- Course workbook
- Supplementary materials
- Certificate exam
ISO 27001 Foundation certification or basic knowledge of ISO27001 and ISO 27002 is recommended.
Live Virtual Training – At course completion participants will receive an online exam voucher. The online exam is web-based and hosted by the PECB Exam System which is accessed via a web browser. The exam can be taken at any time after the course. The exam voucher has a 12 month validity period.
Face-to-Face Training – Participants will be provided with a paper-based exam which is completed whilst at the course in the same venue of the course itself.
- 80 questions
- Multiple choice
- Open book
- 3 hours (30 additional mins for EASL)
- Pass mark 70%
- If delegates fail their first attempt they can retake it for free within 12 months
There are three levels of accreditation that you can apply for after passing the exam, depending on professional experience:
- ISO/IEC 27001 Provisional Auditor - exam passed, no direct professional experience, no MS audit/assessment experience
- ISO/IEC 27001 Auditor - exam passed, two years professional experience with at least one year in information security, audit experience of at least 200 hours
- ISO/IEC 27001 Lead Auditor - exam passed, five years professional experience with at least two years in information security, audit experience of at least 300 hours
Candidates can apply for the appropriate level of accreditation once exam results have been received.
There is no limit to the number of times a candidate can retake an exam. However, there are certain limitations in terms of the time span between exam retakes.
- If a candidate does not pass the exam on the 1st attempt, s/he must wait 15 days after the initial date of the exam for the next attempt (1st retake).
Note: Candidates who have completed the training course with ALC and failed the first exam attempt, are eligible to retake for free the exam within a 12-month period from the date the coupon code is received (because the fee paid for the training course, includes a first exam attempt and one retake). Otherwise, retake fees apply.
To arrange exam retakes, based on exam format, candidates that have completed a training course, must follow the steps below:
- Online Exam: when scheduling the exam retake, use initial coupon code to waive the fee.
- Paper-Based Exam: candidates need to contact ALC.