Lead Auditor ISO 27001

Why should you attend the PECB ISO 27001 Lead auditor training?

We are constantly confronted with news about hacked companies, large and small. One of the best approaches to improve the information security of your company is to implement an Information Security Management System or ISMS. Once you are implementing such a system, or if you have already one in operation, there is a moment that you will be confronted with audits.

There are different types of audits: internal audits, organized by the organization itself, or external audits needed to obtain an officially certified ISMS. In both cases this training will help you by giving the necessary know how and skills. It first lays the foundations by covering ISO standards, the certification process, and a number of fundamental concepts about cybersecurity, audits and ISMS’s.

Subsequently we look at audit techniques and the complete audit process for a 3rd party certification audit. Audit techniques include tasks like preparing the audit, collecting evidence, drafting audit findings including non conformity reports and audit reporting. Internal audits share many techniques with external audits but they are handled separately to cover some of their unique characteristics.

The training is quite intensive since it treats all the previous subjects in depth. The training prepares very well for the exam and most students having followed the training (in combination with some prior knowledge and some home study) will pass the exam successfully immediately after the course.

Who can participate?

• Auditors seeking to perform and lead information security management system (ISMS) audits
• Managers or consultants seeking to master the information security management system audit process
• Individuals responsible for ensuring compliance with information security requirements within an organization.
• Technical experts seeking to prepare for the information security management system audit
• Expert advisors in information security management

Learning objectives

• Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
• Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor
• Evaluate the ISMS conformity to ISO/IEC 27001 requirements, in accordance with the fundamental audit concepts and principles
• Plan, conduct, and close an ISO/IEC 27001 compliance audit, in accordance with ISO 17021 requirements, ISO 19011 guidelines and other best practices of auditing
• Manage an ISO/IEC 27001 program

Educational approach

• This training is based on both theory and best practices used in ISMS audits.
• Lectures are illustrated with examples based on case studies.
• Practical exercises are based on a case study that includes role-plays and discussions.
• Practice tests are similar to those from the certification exam