Governance, Risk, Compliance

ISO/​IEC 27001 – ISMS Lead Auditor

How to plan, lead, conduct and report an audit of an ISMS for ISO 27001 compliance

  • Duration 5 Days
  • Fee - Virtual Instructor-Led $3,540 + GST
  • Exam Exam Voucher
  • Fee - Face-to-face Training $4,275 + GST
  • Team Training Get a quote
  • Download Course brochure

Upcoming Course Dates

View all course dates
Location Date Time  
Virtual Instructor-led Training | AEST 7 - 11 April 2025 08:30 am - 04:00 pm

Individual/Self-Funding
Business or Government
Virtual Instructor-led Training | AEST 16 - 20 June 2025 08:30 am - 04:00 pm

Individual/Self-Funding
Business or Government

Overview

authorized gold partner

ISO/IEC 27001 – ISMS Lead Auditor

ISO 27001 Lead Auditor – Key Points:

  • Practical orientation – not just theory.  Features extensive use of real-world examples from trainer personal experience
  • The ONLY independently accredited ISO 27001 Lead Auditor training in Asia-Pacific.
  • Certificate exam 3rd-party set and marked
  • Based on most recent version ISO 27001:2022 updated to include latest changes in the ISO/IEC 27002:2022 standard

ISO 27001 is the recognised international standard for best practice in information security management systems (ISMS) within any organisation. The ISO Lead Auditor course will prepare you to plan and execute audits of information security management systems in line with the international standard ISO/IEC 27001.

Using the most recent version ISO 27001:2022, this Lead Auditor training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). 

Our Trainers Make the Difference

  • Sean O’Donoghue-Hayes

    Sean is a seasoned professional with over 25 years of experience in the field of information technology and communication security.

    Read full bio
  • David Wheeler

    David has over 25 years Australian and APAC experience in the assessment, operation and improvement of ICT technologies as guided and directed by Governance structures and processes.

    Read full bio

Learning Outcomes

  • Acquiring the expertise to perform an ISO 27001 internal audit as specified by ISO 19011
  • Acquiring  the  expertise  to  perform  an  ISO  27001  certification audit as specified by ISO 19011, ISO 17021 and ISO 27006
  • Acquiring  the  expertise  necessary  to  manage  an  ISMS  audit team
  • Understanding   the   application   of   the   information   security management system in the context of ISO 27001
  • Understand  the  relationship between  an  Information Security Management System, including risk management, controls and compliance with the requirements  of different stakeholders  of the organisation
  • Improve  the   ability  to   analyse  the   internal  and   external environment  of  an  organisation,   risk assessment   and  audit decision-making in the context of an ISMS

Who Should Attend

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • Persons responsible for the Information security or conformity in an organisation
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

Course Contents

1: Introduction to the management of an Information Security Management System based on ISO 27001

  • Normative and regulatory and legal framework related to information security
  • Fundamental principles in Information Security
  • ISO 27001 certification process
  • Information Security Management System (ISMS)
  • Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard

2: Launching an ISO 27001 audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 27001 certification audit
  • Documenting of an ISMS audit
  • Conducting an opening meeting

3: Conducting an ISO 27001 audit

  • Communication during the audit
  • Audit procedures:
    • observation,
    • document review
    • interview
    • sampling techniques
    • technical verification
    • Corroboration and evaluation
    • Drafting test plans
    • Formulation of audit findings
    • Drafting of nonconformity reports

4: Closing an ISO 27001 audit

  • Audit documentation
  • Quality review
  • Review of audit notes
  • Conducting a closing meeting and conclusion of an ISO 27001 audit
  • Evaluation of corrective action plans
  • Surveillance audit
  • Audit management program
  • Completion of training

5: Review & Exam Preparation

  • Course review
  • Q&A
  • Exam preparation

  • Have really enjoyed the style of learning. I would say the most beneficial part is the quizzes after each section as it allows you to test your knowledge (and be surprised when you thought you knew something but actually don't!).

    Live Virtual Training | 2022

Testimonial

ISO 27001

read more

Fees

ISO27001 Lead Auditor Course (5 Days)

  • Live Virtual Training: $3,540 + gst
  • Face-to-Face Training: $4,275 + gst

All participants will receive:

  • In class Discussions, Exercises and Quizzes
  • IEC/ISO 27001 Lead Auditor Online Exam
  • Unparalleled Post Course Support

Virtual Courses:

  • ONLINE ACCESS: Access course materials via PECB’s online system KATE
    E-materials are provided by default with the option to purchase hardcopy materials for an additional cost.

Face-to-Face courses:

  • HARD COPY + E-COPY: Comprehensive Course Workbook, quality colour printed

Prerequisites

ISO 27001 Foundation certification or basic knowledge of ISO27001 and ISO 27002 is recommended.

Examination

  • 80 questions
  • Multiple choice
  • Open book
  • 3 hours (30 additional mins for EASL)
  • Pass mark 70%
  • If delegates fail their first attempt they can retake it for free within 12 months

Examination Re-Sit Options:

There is no limit to the number of times a candidate can retake an exam. However, there are certain limitations in terms of the time span between exam retakes.
  • If a candidate does not pass the exam on the 1st attempt, s/he must wait 15 days after the initial date of the exam for the next attempt (1st retake).

Certification Levels

There are three levels of accreditation that you can apply for after passing the exam, depending on professional experience:

  • ISO/IEC 27001 Provisional Auditor – exam passed, no direct professional experience, no MS audit/assessment experience
  • ISO/IEC 27001 Auditor – exam passed, two years professional experience with at least one year in information security, audit experience of at least 200 hours
  • ISO/IEC 27001 Lead Auditor – exam passed, five years professional experience with at least two years in information security, audit experience of at least 300 hours

Candidates can apply for the appropriate level of accreditation once exam results have been received.

ALC is an official Training Provider for ISO27001 Lead Auditor by PECB. 

More Courses You May Be Interested In

Related Reading