Choose your language:   En | Es | Fr

Certified ISO 27001 Lead Auditor (5 days)

Mastering the Audit of an Information Security Management System (ISMS) based on ISO 27001


This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with the certification process of the ISO/IEC 27001:2005 standard. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.

Who should participate?

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS)  certification audits 
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • Persons responsible for the Information security or conformity in an organization
  • Members of an information security team 
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

Learning objectives

  • Acquiring the expertise to perform an ISO 27001 internal audit as specified by ISO 19011
  • Acquiring the expertise to perform an ISO 27001 certification audit as specified by ISO 19011, ISO 17021 and ISO 27006
  • Acquiring the expertise necessary to manage an ISMS audit team
  • Understanding the application of the information security management system in the context of ISO 27001
  • Understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • Improve the ability to analyze the internal and external environment of an organization, risk assessment and audit decision-making in the context of an ISMS

Course details

Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001

  • Normative, regulatory and legal framework related to information security
  • Fundamental principles of information security
  • The ISO 27001 certification process
  • The Information Security Management System (ISMS)
  • Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard

Day 2: Planning and Launching an ISO 27001 audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 27001 certification audit
  • Documenting of an ISMS audit
  • Conducting an opening meeting

Day 3: Conducting an ISO 27001 audit

  • Communication during the audit
  • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Drafting test plans
  • Formulation of audit findings
  • Drafting of nonconformity reports

Day 4: Concluding and ensuring the follow-up of an ISO 27001 audit

  • Audit documentation
  • Quality review
  • Conducting a closing meeting and conclusion of an ISO27001 audit
  • Evaluation of corrective action plans
  • Surveillance audit
  • Audit management program
  • Internal audit and second party audit

Day 5: Exam


Basic knowledge of ISO27001 and ISO 27002 is recommended

Educational approach

  • Sessions of lectures illustrated with examples based on real cases
    • Practical exercises based on a full case study including role plays and narrative presentation
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam
  • This training is based on the alternation of theory and practice
  • Given the practical exercises, the number of training participants is limited

Examination and certification

  • The “ISO 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competency domains:
    • Domain 1: Fundamental principles and concepts of information security
    • Domain 2: Information Security Management System (ISMS)
    • Domain 3: Fundamental Audit Concepts and Principles
    • Domain 4: Preparation of an ISO 27001 audit
    • Domain 5: Conduct of an ISO 27001 audit
    • Domain6: Closing an ISO 27001 audit
    • Domain 7: Managing an ISO 27001 audit program
  • Duration of the exam: 3 hours
  • After successfully completing the exam, participants can apply for the credentials of ISO 27001 Provisional Auditor, ISO27001 Auditor or ISO 27001 Lead Auditor depending on their level of experience.  Those credentials are available for internal and external auditors 
  • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

General Information

  • Certification fees are included in the examination price
  • A student manual containing over 450 pages of information and practical examples will be distributed to participants
  • A 31 CPE (Continuing Professional Education) participation certificate will be issued to participants