ISO/IEC 27001:2013 Information Security Management System (ISMS) - Lead Auditor

Auditing is crucial to the success of any management system. As a result, it carries with it heavy responsibilities, tough challenges and complex problems. This five-day intensive course trains ISMS auditors to lead, plan, manage and implement an Audit Plan. It also empowers them to give practical help and information to those who are working towards certification and also provides the knowledge and skill required to carry out 2nd party auditing (suppliers and subcontractors).

Effective auditing helps to ensure that the measures you put in place to protect your organization and your customers are properly managed and achieve the desired result. Explain the purpose and business benefits of:

  • an ISMS;
  • of ISMS standards;
  • of management system audit;
  • of third-party certification.
  • Explain the role of an auditor to plan, conduct, report and follow up an Information Security MS audit in accordance with ISO 19011 (and ISO 17021 where appropriate)

Have the skills to:
  • Plan;
  • Conduct;
  • Report;
  • And follow up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001/2, ISO 19011 (and ISO 17021 where appropriate).


  1. Those wishing to learn about effective audit practices
  2. Existing information security auditors who wish to expand their auditing skills
  3. Consultants who wish to provide advice on ISO 27001:2013 ISMS Auditing
  4. Security and quality professionals

Day 1

  1. What is an Information Security Management System?
    • Information security
    • Management systems
    • Purpose and benefits of ISO 27001
    • Related standards
  2. Process Approach
    • PDCA model
    • Process model
  3. Overview of ISO 27001 contents
  4. ISO 27001 Mandatory clauses 4 – 8
Day 2
  1. Controls
  2. Overview of the audit process
  3. Auditing the SOA
  4. Audit and Auditors
    • Definitions
    • 1st, 2nd and 3rd party audits
    • Roles and responsibilities of auditors and lead auditors
    • Skills and characteristics of effective auditors
  5. Audit Planning
    • Information needed to plan the audit, and things to consider
    • Preliminary visits
    • Preparation of an audit plan
  6. Audit communications and meetings
    • Good practice for communication during the audit
    • Formal meetings
    • Opening meeting – what to cover and how
  7. Checklists
    • Benefits and drawbacks
    • Content – what to include
    • Developing a checklist for a specific audit
Day 3
  1. Process Audits
  2. Case studies
  3. Conducting the audit
    • interviewing
    • sampling
    • note taking
    • interacting with the auditee
    • who’s involved and general points
  4. Nonconformities
    • definition of nonconformity
    • linking to requirements of ISO 27001
    • grading nonconformity reports
    • structure and content of nonconformity reports
Day 4
  1. Case studies
    • including interviewing.
    • developing and following audit trails
    • identifying non conformities
  2. Specimen Examination
    • Review of answers
    • Layout and marking scheme of the papers
  3. Closing Meeting
    • Outcomes
    • Content
    • Identifying possible issues and how to prevent or deal with these
  4. Corrective Actions
    • Corrective action process
    • Evaluating corrective actions
  5. Reporting the audit
    • Purpose and content of the written audit report
  6. Next steps
    • action planning
    • further development
    • auditor registration
Day 5
  1. Course Evaluations
  2. Written Examination


  • 21 - 25 February 2022
  • 25 - 29 April 2022

Training & Exam Fee: MYR7,200.00 (subject to 6% SST)

Please click here to register

Contact us to request for a quotation


Have any inquiries? Check out the FAQ