ISO 27001 Lead Implementer, Lead Auditor and Internal Auditor – what’s the difference?

Anyone interested in getting into or advancing their career in cyber security probably knows that they will need training and qualifications. But given that the field is so broad, how are you supposed to decide which course is most appropriate?

This blog will help you make that decision. We take three of our most popular training courses – the ISO27001 Certified ISMS Internal Auditor, ISO27001 Certified ISMS Lead Auditor and ISO27001 Certified ISMS Lead Implementer courses – and explain what they cover and who they are suitable for.

Internal auditor training course

An internal auditor assesses the effectiveness of the organisation’s ISMS and whether it meets the requirements of ISO 27001, reporting their findings to senior management. They are an employee of the organisation (hence ‘internal’), but they ideally wouldn’t have played a major role in the ISMS’s implementation. Otherwise they are being asked to find faults in their own work, which they might be reluctant to do.

What you learn: How to conduct internal audits to ensure that your organisation’s information security management system (ISMS) remains in line with the requirements of ISO 27001.

Who it’s for: Those who are responsible for conducting ISO 27001 or information security internal audits. Depending on the organisation’s size, this might include staff from several departments, such as HR, finance or operations.

Length: Two days.


Lead auditor training course

A lead auditor assesses a third party’s ISMS. Such assessments would typically be carried out if the organisation is seeking ISO 27001 certification, or if a partner organisation requires a supply chain audit.

What you learn: The key steps involved in leading, planning, executing and reporting on an external audit of an ISO 27001-compliant ISMS. This includes how to conduct second-party (supplier) and third-party (external and certification) audits.

Who it’s for: Managers who are responsible for the implementation and maintenance of their organisation’s ISMS.

Length: Four-and-a-half days.

Location: Birmingham, Glasgow and London. It is also available as an online course.

Lead implementer training course

A lead implementer takes charge of an organisation’s ISO 27001 compliance project. They are responsible for the big decisions, such as setting out the ISMS’s scope, and for ensuring each of the Standard’s requirements have been addressed.

What you learn: The nine key steps involved in planning, implementing and maintaining an ISO 27001-compliant ISMS.

Who it’s for: Anyone involved in information security management, writing information security policies or implementing ISO 27001 – either as a lead implementer or as part of an implementation team.

Length: Three days.

Location: Birmingham, Glasgow and London. It is also available as an online course or via distance learning.

Lead implementer and lead auditor combination course

What you learn: Everything that’s covered in our lead implementer and lead auditor courses.

Who it’s for: Those who are interested in learning about the topics covered in both of the above courses. It’s particularly useful for those who want a comprehensive understanding of ISO 27001 auditing to understand the implementation process.

Length: Seven-and-a-half days.

Location: Birmingham, Glasgow and London. It is also available as an online course.