Learn how to plan and execute an ISO 27001 (ISMS) audit
Developed by ISO 27001 experts Alan Calder and Steve Watkins, and drawing on their best-selling textbook,
IT Governance: An International Guide to Data Security and IS027001/ISO27002, this four-and-a-half day course covers the key steps involved in planning and executing an external audit of an ISO/IEC 27001:2013-compliant information security management system (ISMS). Steve Watkins is also the technical assessor for the United Kingdom Accreditation Service (UKAS), and is responsible for assessing UK certification bodies that award ISO 27001 certificates.
Using a combination of formal training, practical exercises and relevant case studies, an experienced ISO 27001 trainer, auditor and consultant will:
Help you understand best-practice audit methodology based on ISO 19011:2011 (Guidelines for auditing management systems).
Show you how to use audits to monitor conformance to the standard, ensure consistent implementation and assess the effectiveness of continual improvement.
Help you gain experience of the practical application of the audit processes of ISO 27001 through discussion and role play.
This course also supports professional development: delegates who pass the included exam are awarded the ISO 17024-accredited ISO27001 Certified ISMS Lead Auditor (CIS LA) qualification by IBITGQ.
“I can recommend this course to anyone who needs an ISO 27001 Lead Auditor qualification .The trainer, exam and lessons are amazing. As a trainer myself, I have to say this is one of the best courses I have ever attended.”
Michael Wilson, IAL Consultants
What will you learn?
- Understand best-practice audit methodology based on ISO 19011.
- Prepare, lead and report on the findings of an information security audit.
- Detailed information about auditing the ISMS against ISO 27001.
- Interview techniques, following audit trails and reviewing documented evidence.
- Audit risk assessments, business continuity and effective continual improvement.
- Identifying nonconformities and ensuring appropriate corrective action is undertaken.
- Practise new skills and develop knowledge by participating in role-play exercises, workshops and reviewing case studies.
ISO27001 Certified ISMS Lead Auditor (CIS LA) examination
Delegates sit the ISO27001 Certified ISMS Lead Auditor (CIS LA) examination at the end of the course – a 90-minute, multiple-choice, ISO 17024-accredited exam set by IBITGQ . There is no extra charge for taking this exam.
ISO27001 Certified ISMS Lead Auditor (CIS LA) is acknowledged by the PCI Security Standards Council (PCI SSC) as an approved qualification meeting the requirements of application for an individual to become a
PCI DSS Qualified Security Assessor (QSA).
This course is part of our unique
ISO 27001 Learning Pathway, which also includes the
ISO27001 Certified Foundation,
Risk Management and
Internal Auditor courses. It also qualifies for 32 CPD/CPE credits and fits well with the CISSP and SSCP Continued Professional Education Programme.
Who should attend this course?
This course is aimed at individuals who want a globally recognised ISO 27001 lead auditor qualification to further their careers, and at managers who are responsible for the implementation and maintenance of an ISO 27001-compliant ISMS.
This course also meets the requirements of the PCI SSC for additional QSA qualifications and, in the UK, is covered by the MOD ELCAS scheme.
There are no formal entry requirements but it is assumed that you will have a basic knowledge of ISO 27001 gained through practical experience, reading the
ISO 27001:2013 standard, or by attending the
ISO27001 Certified ISMS Foundation or
ISO27001 Certified ISMS Lead Implementer training course.
We also recommend that delegates have copies of the most recent versions of both
ISO/IEC 27001:2013 and ISO/IEC 27002:2013 standards with them during the course.
This course is non-residential, but we can help you to find a hotel close to the training venue if you require – simply drop us an email after you book. Our superb training support team will find the solution most suitable for your needs.
The course includes:
- Professional training venue with lunch and refreshments.
- Comprehensive documentation (digital copy provided as PDF file).
- ISO27001 Certified ISMS Lead Auditor (CIS LA) examination.
- Certificate of attendance.
- Guaranteed to run: we never cancel a course.
How to book
SimplySimply book online to receive your booking confirmation and full joining instructions within 48 hours. We accept purchase orders from local authorities, government departments and other public-sector organisations, and will consider account facilities for large corporate customers. See our
payment options page for details.
All bookings are subject to our
terms and conditions.
You may also be interested in: