CIMA's Certified ISO 27001 Lead Auditor Course is a 5-day information packed learning experience. Check out the full course curriculum, and more details on this page.
Course Summary

Enrollment for our next Certified ISO 27001 Lead Auditor Course
scheduled for June 26 - 30, 2023
closes at 5:00 PM on Thursday, June 22, 2023
Important to Notes:
1. Training seats are limited, and we do not maintain a waiting list for courses as they book up fast. As such, registration may be closed before the above time, when fully booked.
2. Registration closes at 5:00 PM on the Friday, the week before the first day of each course, to allow time for us to send electronic versions of course-ware and mandatory communications to each student. The final registration date for each course is posted on the respective course registration page.
Who Should Take This Course?
How Does The ISO 27001 Lead Auditor Course Relates to Me?
Select the role that best suite your situation
Disclaimer: these are not customer testimonials, but rather stories of real companies and situations to help you appreciate how this course may be seen or affect people in different roles. Names and details have been altered for privacy reasons.
Schedule, Registration, and Cost
For specific dates and locations, please visit the Event Calendar view, or our Scheduled Events page.
Live Online - Regular Price $3,495
In Person - Regular Price $3,495.
NOTE:
1. On-site Training Class Availability is Subject To - No Local Pandemic or Protest / Rioting Restrictions. Where Restrictions Are In Place, The Course will Revert to Live Online.
2. If an early registration discount has been offered for a course, but is no longer visible on the course registration page, then the offer has expired and is no longer available to redeem.
Agenda

Day One - Introduction and Audit Concepts, for Auditing an Information Security Management System (ISMS) based on ISO 27001
- Course introduction
- Normative, regulatory and legal framework related to information security
- The Information Security Management System (ISMS)
- Overview of ISO 27001 Management Controls
- Fundamental audit concepts and principles
- Evidence and risk-base approach to auditing in an ISMS

Day Two - Setting Up an Internal Audit Program for ISO 27001 Compliance
- Developing organizational ISO 27001 Internal Audit governance
- Developing an ISMS audit plan
- Developing audit program standard operating procedures
- Documenting auditor competency requirements
- Ongoing monitoring of auditors
- Developing Control-based Audit Test Procedures
- Auditing ISMS processes and procedures
- Auditing ISMS policies and standards

Day Three - Conducting an ISO 27001-based Internal Audit
- Audit Planning and Preparation
- Developing the schedule and expectations for audit coordination meetings
- Preparing for and leading the audit's opening meeting
- Conducting interviews
- Control testings
- Evidence collection, analysis, corroboration and preservation
- Documenting controls reviews in the auditor's working papers

Day Four - The ISO 27001 Certification Process, Ongoing Management of
Non-conformities
- An overview of the ISO 27001 certification life-cycle
- Engaging a certification body for ISO 27001 certification
- Pre-audit preparation
- Documenting and communicating non-conformities
- Reviewing the management response to non-conformities
- Audit working paper preparation and submission
- Preparation and communication of certification recommendation to certification body
- Certification decision and decision process
- Granting and use of certification
- Monitoring and tracking non-confomities
- Certification surveillance auditing
- Re-certification

Day Five - Practical & Written Certification Exams
- Morning: 3 hour written exam
- Afternoon: Practical Exam - Formal Presentation of Internal Audit of the ISMS to the Organization's Board of Directors
NOTES:
1. Both written and practical exams are mandatory, in order to meet the certification requirements set out by the Information Security Leadership Forum, this course's certifying body.
2. Formal business attire is mandatory for you practical exam. Please be sure to pack / dress appropriately. Men are required to wear a jacket and tie, and women the equivalent.
Learning Objectives
When designing our Certified ISO 27001 Lead Auditor Course, great care is taken to identify key areas the course must focus on in order to ensure student achieve the goals the course was setup to accomplish. These learning objectives are highlighted as follows:

Achieve an in-depth understanding of the ISO 27001 certification process.
Master the concepts, approaches, standards, methods and techniques required for the effective planning, design, development, implementation and maintenance of ISO 27001-based information security audit program.
Gain an expert level understanding of how to engage stakeholders in the ISO 27001 Audit process.
Develop the expertise to to perform and lead an ISO 27001-based audit of an organization.
Master the development of an Internal Audit Program to support the compliance requirements of the ISO 27001 standard.
What You Get!
What each student will receive
Certification Exam Information
What you need to know