Course Overview

The ISO 27001 Lead Auditor course is a PECB (Professional Evaluation and Certification Board) official course. The three-day intensive course will help you develop the skills needed to audit an Information Security Management System (ISMS). You'll also be able to manage a team of auditors, by applying widely-recognised audit principles, procedures and techniques.

PECB is officially accredited under ISO 17024 from ANSI. They are the first personnel certification body to be accredited by a National Accreditation Authority.

You will gain the skills and knowledge needed to plan and perform audits, compliant with the certification process of the ISO/IEC 27001:2013 standard. Through practical exercises, you will learn the following skills:

  • Mastering audit techniques
  • Managing audit teams and audit program
  • Communicating with customers
  • Conflict resolution

 

Course outline

You will learn the following content:

  • Normative, regulatory and legal framework related to information security
  • Fundamental principles of information security
  • ISO 27001 certification process
  • Information Security Management System
  • Detailed presentation of the clauses 4 to 8 of ISO27001

Planning and Initiating an ISO 27001 audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 27001 certification audit
  • ISMS documentation audit
  • Conducting an opening meeting

Conducting an ISO 27001 audit

  • Communication during the audit
  • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Audit test plans
  • Formulation of audit findings
  • Documentating non-conformities

Concluding and ensuring the follow-up of an ISO 27001 audit

  • Audit documentation
  • Quality review
  • Conducting a closing meeting and conclusion of an ISO 27001 audit
  • Evaluation of corrective action plans
  • ISO 27001 surveillance audit
  • Internal audit management program

 

Exam track 

You'll take the ISO/IEC 27001 Lead Auditor exam as part of the course.

You will also get one year free PECB membership, and be able to apply for the following titles depending on your experience:

  • Certified ISO/IEC 27001 Provisional Auditor
  • Certified ISO/IEC 27001 Auditor
  • Certified ISO/IEC 27001 Lead Auditor

 

Learning objectives

Participants will gain the knowledge to conduct internal or external audits of an Information Security Management System, either as a sole auditor, a member of an audit team, or as the team leader. Specifically, you will:

  • Learn how to plan and carry out an ISO 27001:2013 audit
  • Learn report writing and how to document an Information Security system
  • Recognise the role of the auditor
  • Understand, and be able to implement processes within the Information Security management system
  • Be able to improve your organisations conformance with ISO/IEC 27001:2013
  • Learn how to identify gaps in an Information Security management system
  • Satisfy training needs for Exemplar Global certification

 

Prerequisites 

It is recommended that you have already attended Information Security Management System (ISMS) Foundation training, or have a basic knowledge of ISO/IEC 27001:2013 and ISO/IEC 27002:2013.

Prior to attending the course, you must also have:

  • 5 years of professional experience
  • 2 years of security experience
  • 300 hours audit activity
  • Professional references proving your experience

 

What’s included

  • The Information Security Management System (ISMS) implementation methodology
  • Student manual - containing over 400 pages of information and practical examples
  • Certificate - worth 31 CPE (Continuing Professional Education) credits
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Hands-on training through Lecture | Lab | ReviewTM
  • Digital courseware (if available)