ISO 27001 Lead Auditor Certification
ISO 27001 Information Security Management Systems standard ensures that your organization keeps information assets safe and secure, by building an information security infrastructure against the risks of loss, damage or any other threat.
This four-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.
Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.
For more information, please visit PECB.
Learning objectives :
- Understand the operations of an Information Security Management System based on ISO 27001;
- Acknowledge the correlation between ISO 27001, ISO 27002 and other standards and regulatory frameworks;
- Understand an auditor’s role to plan, lead and follow-up on a management system audit in accordance with ISO 19011;
- Learn how to lead an audit and audit team;
- Learn how to interpret the requirements of ISO 27001 in the context of an ISMS audit;
- Acquire the competencies of an auditor to plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011.
Who should attend?
- Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits;
- Managers or consultants seeking to master an Information Security Management System audit process;
- Individuals responsible for maintaining conformance with Information Security Management System requirements;
- Technical experts seeking to prepare for an Information Security Management System audit;
- Expert advisors in Information Security Management.
- Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001:
- Normative, regulatory and legal framework related to information security;
- Fundamental principles of information security;
- ISO 27001 certification process;
- Information Security Management System (ISMS);
- Detailed presentation of the clauses 4 to 8 of ISO 27001.
- Day 2: Planning and Initiating an ISO 27001 audit:
- Fundamental audit concepts and principles;
- Audit approach based on evidence and on risk;
- Preparation of an ISO 27001 certification audit;
- ISMS documentation audit;
- Conducting an opening meeting.
- Day 3: Conducting an ISO 27001 audit:
- Communication during the audit;
- Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation;
- Audit test plans;
- Formulation of audit findings;
- Documenting nonconformities.
- Day 4: Concluding and ensuring the follow-up of an ISO 27001 audit:
- Audit documentation;
- Quality review;
- Conducting a closing meeting and conclusion of an ISO 27001 audit;
- Evaluation of corrective action plans;
- ISO 27001 Surveillance audit;
- Internal audit management program.
This training is based on both theory and practice:
- Sessions of lectures illustrated with examples based on real cases;
- Practical exercises based on a full case study including role playing and oral presentations;
- Review exercises to assist the exam preparation;
- Practice test similar to the certification exam.
To benefit from the practical exercises, the number of training participants is limited.
- The “PECB Certified ISO 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:
- Domain 1: Fundamental principles and concepts of information security;
- Domain 2: Information Security Management System (ISMS);
- Domain 3: Fundamental audit concepts and principles;
- Domain 4: Preparation of an ISO 27001 audit;
- Domain 5: Conducting an 27001 audit;
- Domain 6: Closing an ISO 27001 audit;
- Domain 7: Managing an ISO 27001 audit program.
- The “PECB Certified ISO 27001 Lead Auditor” exam is available in different languages (trainers are fluent in English, French & Spanish);
- The exam is available online, please refer to PECB Exams User Manual ;
- Duration: 3 hours;
- For more information about PECB Certified ISO 27001 exam and certification, refer to ISO 27001 Lead Auditor exam & certification .
«I recommend this training for anyone looking to do a first experience as an ISO 27001 Internal Auditor.»
«Trainers from Abilene Academy have large experiences on the field and sharing these experiences during their training is really a plus !»
«The Training Academy can benefit risk and information security managers in both public and private sectors to improve their organizations’ ability to meet their goals. The trainers are top notch and the venues, highly conductive to learning. Highly recommended!»