International Sites: United States · India · Italy · Japan · Latin America · China · Thailand
ISMS Lead Auditor Course

Information Security (ISMS) Auditor/Lead Auditor Training Course


This course will provide students with the knowledge and skills required to perform first, second and third-party audits of information security systems against ISO 27001 (with ISO 27002), in accordance with ISO 19011 and ISO 17021, as applicable. Students who successfully complete this course will satisfy the training requirements for becoming an ISMS auditor/lead auditor. The course is 40 hours long and includes mock audit activities and an exam that will be given on the last day.

Who should attend?

This course is for individuals looking to satisfy the training requirements of ISO/IEC 27006 to become a Lead Auditor for Information Security Management Systems as well as individuals who are looking to develop the skills to perform internal audits of their organization’s ISMS or to gain additional knowledge in order to more effectively implement an ISMS.


Upon successful completion of this course, students will have gained the knowledge & skills to be able to:

  • Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO 27001.
  • Explain the role of an auditor to plan, conduct, report and follow up an information security management system audit in accordance with ISO 19011 (and ISO 17021 where appropriate).
  • Explain the purpose and business benefits of an information security management system, of information security management system standards, and of management systems audits and third-party certification.

Topics Covered:

During the course students will receive instruction and take part in exercises to develop the following knowledge and skills:

  • The processes involved in establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system
  • The terminology defined in the standard (and ISO 27002)
  • The purpose and differences between first, second, and third-party audits and certification audits
  • Determining audit objectives, including the purpose and significance of audit scope and criteria
  • Conducting on-site audit activities, including preparing audit working documents, conducting meetings and interviews, gathering evidence, preparing the report, and conducting follow-up
  • Assessing an organization’s information security policy and objectives
  • Assess an organizations risk assessment and treatment process
  • Verify the Statement of Applicability (SoA)
  • ISMS documentation requirements
  • Evaluate methods in place for monitoring, measuring and analyzing and verify the data being monitored is effective in determining performance of the ISMS
  • Evaluate the effectiveness of an organizations internal audit of the ISMS
  • Evaluate improvement, including process to react to a nonconformity and take corrective action, as well as continual improvement of the ISMS
  • Write and classify nonconformity reports correctly
  • Evaluate proposed corrective actions and differentiate between correction and corrective action

Call us at 1-800-800-7910 or email