Skip to content

Course Info


ISO 27001 Lead Auditor course enables you to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of ISO 27001 auditors by applying widely recognized audit principles, procedures and techniques.

During the ISO 27001 Lead Auditor training, the participant will acquire the skills and knowledge needed to proficiently plan and perform audits compliant with the certification process of the ISO 27001 standard.

This course adheres to ISO 19011, the management system auditing guideline.


Upon completion of this program, participants will be able to:

  • Lead and manage 1st, 2nd or 3rd party audits
  • Advanced knowledge of the requirements of ISO 27001 and related standards and guidelines
  • Detailed understanding of the processes necessary to design, document, and implement an Information Security Management System (ISMS) conforming to the requirements of ISO 27001
Key Topics
  • Overview of ISO 27001 and ISO 27000 Family
  • ISO 27001 Annex A controls
  • The auditor’s role
  • The role of management in reviewing risk and the effectiveness of the ISMS
  • Planning and managing an ISMS audit:
    • Resources and timing
    • Determining the audit scope and objectives
    • Undertaking a risk-based approach
    • ISMS documentation
    • Use of checklists
  • Risk assessment and risk treatment
  • Conducting the ISMS audit – skills, techniques and auditor competence:
    • Evaluating the significance of audit findings
    • Communicating and presenting audit reports
  • Nonconformities and improved security as a result of corrective actions
  • Management of the third-party assessment and certification process


A two-hour written test is included in this course.

Full attendance, as well as passing the examination and practical assessment, are required for certification.

Participants must demonstrate that they have met the learning and enabling objectives using the PERAC’s methods of continual assessment and evaluation.

Who should attend?
  • Auditor wanting to perform and lead an Information Security Management System (ISMS) audits as the responsible of an audit team
  • Project manager or consultant wanting to master the Information Security Management System audit process
  • Person responsible for the Information security or conformity in an organization
  • Member of the information security team
  • Expert advisor in information technology
  • Technical expert wanting to prepare for an Information security audit function