This course enables participants to develop the expertise required to audit an Information Security Management System (ISMS) and manage a team of auditors through the application of generally accepted audit principles, procedures and techniques. During this training, the participant acquires the skills and competencies required to plan and conduct internal and external audits effectively and in accordance with the ISO 19011 and ISO 17021 certification process. Through practical exercises, the participant develops the skills (mastery of audit techniques) and competencies (team and audit program management, client communication, conflict resolution, etc.) necessary to effectively conduct an audit.
If you would like to take this course by distance learning, click on the “Distance training” button to discover the program.
Overview
- Acquire the expertise to perform an ISO 27001 internal audit following the ISO 19011 guidelines
- Acquire the expertise to manage a team of ISMS auditors
- Understand how an ISMS works according to ISO 27001
- Improve the ability to analyze the internal and external environment of an organization, assess audit risks and make decisions in the context of an ISMS audit.
Course Curriculum
Day 1
ISO normative model and Management System
- ISO 27001 Certification Process
- Fundamentals of information security
- Information Security Management System
Day 2
Plan and initiate an ISO 27001 audit
- Fundamental audit principles and concepts
- Evidence-based and risk-based audit approach
- Preparing for an ISO 27001 certification audit
Day 3
Conducting the certification audit
- Animation of the audit team
- Communication during the audit
- Interviews and evidence gathering
- Sharing findings with the auditees
Day 4
After the audit
- Formulation of audit findings
- Drafting of the report
- Follow-up of non-compliance issues
- Management of the audit program
- Relationship with the training organization
- Revisions
Learning
Assessment
The “PECB Certified ISO/IEC 27001 Lead Auditor” exam is held on the 5th day of the course and lasts 3 hours. The exam covers the following competency areas:
- Area 1: Fundamental Information Security Principles and Concepts
- Area 2: Audit concepts and fundamentals
- Area 3: Preparing for an ISO 27001 audit
- Area 4: Conducting an ISO 27001 audit
- Area 5: Closing an ISO 27001 audit
The +
This training is based on the alternation of theoretical and practical time:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
- In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Auditors who want to conduct certification audits or internal audits
- Implementers who want to prepare for the certification audit or to understand the exercise for an optimal compliance
- Anyone who is curious about the audit of an ISMS
Prerequisites
- Have a knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
- Completion of the “ISO 27001 Foundation” module
How and
when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 5 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.
To go further
You can deepen your knowledge by following the training courses below:
- ISO 27001 Lead Implementercertification training
- ISO 27005 Risk Manager certification training
- EBIOS Risk Manager certification training
Duration
4,5 days (31h)
Price
€3200 excl tax
Meal
Breakfast & lunch included
For French residents

+ OPCO support
Overview
- Acquire the expertise to perform an ISO27001 Internal Audit according to the ISO 19011 guidelines
- Acquire the expertise to manage a team of ISMS auditors
- Understand how an ISMS works according to ISO 27001
- Improve the ability to analyze the internal and external environment of an organization, to assess audit risks and to make decisions in the context of an ISMS audit
Course Curriculum
Session 1
Audits
- The different types of audit
- The life cycle of the certification
- The auditor and his qualities
Session 2
Prepare for the audit
- The principles of the audit
- The main steps of the audit
Session 3
Audit preparation
- Audit feasibility
- Audit plan
- Audit team
Session 4
On-site audit
- Conducting interviews
- Writing the deviation sheets
Session 5
Closing of the audit
- Conduct a closing meeting
- Write the activity report
Session 6
Monitoring and follow-up
- Post-audit activities
- Overview of audits in the context of certification
Principle planning
- 13 hours of classes with the trainer divided into 6 sessions of 1h30 to 2h
- 8 hours of personal work time in autonomy
Monday | Tuesday | Wednesday | Thursday | Friday | |
---|---|---|---|---|---|
Week 1 | Introduction | Session 1 | Session 2 | Session 3 | |
Week 2 | Session 4 | Session 5 | Session 6 | Exam |
Learning
Assessment
- 2H closed book online certification exam.
- 100 multiple choice questions
The +
- Training provided by a cybersecurity expert
- An intuitive and easy-to-use platform
- Exchange moments on key concepts and experience sharing adapted to the learners’ context
- A training pedagogy adapted to all learning profiles
Who should attend?
- Auditors wishing to perform and lead Information Security Management System certification audits
- Managers or consultants wishing to master the Information Security Management System audit process
- Anyone responsible for maintaining compliance with ISMS requirements
- Technical experts wishing to prepare an Information Security Management System audit
- Consultants specialized in information security management
Prerequisites
- A good knowledge of the ISO/IEC 27001 standard and a thorough knowledge of the implementation principles.
- Completion of the “ISO 27001 Foundation” module
How and
when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 5 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.
To go further
You can deepen your knowledge by following the training courses below:
- ISO 27001 Lead Implementer certification training
- ISO 27005 Risk Manager certification training
- EBIOS Risk Manager certification training
Duration
21 hours
Price
€2000 excl tax
Package
Full pack 35h – Foundation & Lead Auditor: € 2000 excl. tax