Certified ISO 27001 Lead Auditor (ISO 27001:2013)

Auditing is crucial to the success of any management system. As a result, it carries with it heavy responsibilities, tough challenges and complex problems. This five-day intensive course prepares the participants for the qualification process for ISO 27001. It also allows them to give practical help and information to those who are working towards compliance and certification.


  • Category
    Security
  • Duration
    5 Days
  • Level
    Beginner

What Will I Learn ?

Five Days of intensive classroom training. Copy of courseware and practice questions.

  • Normative, regulatory and legal framework related to information security
  • Fundamental principles of information security
  • The ISO 27001 certification process Detailed presentation of the clauses 4 to 8 of ISO27001
  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 27001 certification audit
  • Documenting of an ISMS audit
  • Communication during the audit
  • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Drafting test plans
  • Formulation of audit findings, drafting of nonconformity reports
  • Audit documentation
  • Conducting a closing meeting and conclusion of an ISO 27001 audit
  • Evaluation of corrective action plans
  • ISO 27001 Surveillance audit and Audit management program

Who should attend?

  • Quality professionals with experience in implementation and auditing of Information Security Management Systems (ISMS)
  • Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2013.
  • Existing security auditors who wish to expand their auditing skills.
  • Consultants who wish to provide advice on ISO 27001:2013 systems certification.
  • Security and Quality Professionals
  • Technical experts wanting to prepare for an Information security audit function

Exam & Certification:

  • Exam Duration: 3 hours, Exam Format: Multiple Choice

Prerequisite Knowledge

ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended.


Who can benefits ?

  • Quality professionals with experience in implementation and auditing of Information Security Management Systems (ISMS)
  • Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2013.
  • Existing security auditors who wish to expand their auditing skills.
  • Consultants who wish to provide advice on ISO 27001:2013 systems certification.
  • Security and Quality Professionals
  • Technical experts wanting to prepare for an Information security audit function

Opportunity Scope

Mentor shall discuss on classroom.

Modules / Chapter

Day 1 – Session 1: Introduction of ISO 27001: 2013 Series LA Training Course

  • Module 1: Introduction
  • Module 2: Auditor Certification
  • Module 3: World-Wide Recognition of Auditor Qualifications
  • Module 4: Reference Standards and Documents
  • Module 5: Learning Objectives
  • Module 6: Continues Assessment
  • Module 7: Examination
  • Module 8: IRCA Code of Conduct

Day 1 – Session 2: Introduction of Information Security Management Systems and Standards Development

  • Module 9: Definition and importance of Information in ISMS
  • Module 10: CIA and DAD Triads
  • Module 11: Additional Goals
  • Module 12: ISMS Purpose and Objectives
    • Module 12.1: ISMS purpose and business benefits
    • Module 12.2: Benefits of Certification
  • Module 13: Hands-on Exercises and discussion
  • Module 14: Legal and Regulatory compliance
    • Module 14.1: Legal and Regulatory Framework
    • Module 14.2: Conformance Vs Compliance

Day 1 -  Session 3: Requirements of ISO 27001: 2013

    • Module 14.1: Quick Content Comparison ISO 27001:2013vs ISO 27001:2013
    • Module 14.1: Contents of ISO 27001:2013
    • Module 14.2: Process approach and processes involved in establishing
    • Module 14.3: Implementing & operation
    • Module 14.4: Monitoring & reviewing
    • Module 14.5: Maintaining and improving the ISMS
  • Module 15: ISMS scope, boundaries of ISMS and permissible exclusions.
  • Module 16: ISMS Scope and exclusions
  • Module 17: Hands-on exercises and discussion

Day 2 – Session 4: Requirements of ISO 27001: 2013 (Continued)

  • Module 18: ISMS Clauses
    • Module 18.1: ISO 27001 clauses
    • Module 18.2: Information Security Policy
    • Module 18.3: Internal Audits, Management Reviews, Improvement.
    • Module 18.4: Hands-on exercises and discussion
  • Module 19: Policy and Objectives
  • Module 20: Asset Register
  • Module 21: Risk Assessment and Risk Treatment.
  • Module 22: Risk Assessment examination and Evaluation.
  • Module 23: Hands-on exercises and discussion
  • Module 24: Annex A Controls and ISO 27002
    • Module 24.1: Annex A Controls
    • Module 24.2: SoA
    • Module 24.3: Incident Management and Business Continuity.
  • Module 25: Introduction to SoA Examination and Evaluation.
  • Module 26: Hands-on exercises and discussion

Day 2 – Session 5: Audit Planning and Preparation

  • Module 27: Reasons for auditing
  • Module 28: Audit principles
  • Module 29: Process of audit program management
  • Module 30: Audit competence and evaluation methods
  • Module 31: Audit Responsibilities
    • Module 31.1: Audit time
    • Module 31.2: Audit Process Flow
    • Module 31.3: Audit Plans and Programs
    • Module 31.4: Initial Document Review

Day 3- Section Six: Audit Planning and Preparation (Continued)

  • Module 32: Hands-on exercises and discussion
    • Module 32.1: Audit Activities,
    • Module 32.2: Preparation
    • Module 32.3: Audit plan
    • Module 32.4: ISMS Audit Check lists
    • Module 32.5: Audit Check Lists

Day 3 – Session 7: Process Audit Techniques and Collecting Evidence

  • Module 34: Process auditing, Auditor qualities and selection.
  • Module 35: Audit Script
  • Module 36: Audit stages
  • Module 37: Audit techniques
  • Module 38: Collecting evidence through questions
  • Module 39: Observation, checking, note taking, and collecting evidence
  • Module 40: Hands-on exercises and discussion

Day 4 – Session 8: Process Audit Techniques and Collecting Evidence (Continued)

  • Module 41: Audit techniques and collecting evidence through questions, observation, checking, note taking and collecting evidence.
  • Module 42: Introduction to audit role-playing
  • Module 43: Reporting the Audit Findings
    • Module 43.1: Audit team meeting
    • Module 43:2: Nonconformities and observation
    • Module 43.3: Corrective and preventive actions
  • Module 44: Hands-on exercises and discussion

Day 5 – Section Nine: Conclusion 

  • Module 45: NCR Judgement and Reporting
  • Module 46: Reporting the Audit Findings
    • Module 46.1: Corrective actions and follow up
  • Module 47: Review of the course
    • Module 47.1: Learning Objectives
    • Module 47.2: Key learning points of the course
    • Module 47.3: Delegate feedback
    • Module 47.4: Review of a specimen examination
    • Module 47.5: Final questions and answers
  • Module 48: Hands-on exercises and discussion


Enquiry Form

Required fields are marked (*).

(Max 350 words only)

Contact Information

  • Address

    Anamnagar - 32 Kathmandu, Nepal

  • Email

    info@labanepal.com

  • Phone

    +977-1-4102721, 4102722, 4244804

  • Opening Hours

    10 AM - 5 PM

Registration Form

Required fields are marked (*).

(Max 350 words only)

Contact Information

  • Address

    Anamnagar - 32 Kathmandu, Nepal

  • Email

    info@labanepal.com

  • Phone

    +977-1-4102721, 4102722, 4244804

  • Opening Hours

    10 AM - 5 PM

newsletter

Sign Up for News and Offers

Subscribe for the latest news and great deals we offer