ISO/IEC 27001:2013 Lead Auditor

By completing this Lead Auditor in Information Security Management Systems course you will gain the knowledge and skills to manage and lead an audit an information security management program that complies with ISO 27001:2013.

Enhance your career through attaining Exemplar Global recognition as a Lead Auditor in Information Security Management Systems.

If you wish to become a registered third-party, or external Quality auditor with Exemplar Global, completing this course is the first step. Once you have obtained the Exemplar Global competencies from this course, you can follow either a qualification-based or competency based certification path.

• Receive concentrated and comprehensive training in the theory and practice of auditing Information Security Management Systems (ISMS) based on ISO/IEC 27001.
• Gain a practical understanding of the responsibilities of an information security auditor, and the techniques and methodologies required to effectively audit an ISMS.

Our ISO 27001:2013 courses must still teach to the current requirements of that standard and the controls that it refers to in Annex A until such time that it is republished as ISO 27001:2022 (expected mid 2022).
In the interim, ISO 27002:2022 was released in February 2022 which indicates how the Annex A of ISO 27001:2022 is likely to be updated. During this interim period a mapping document will be provided that provides an overview to ISO 27002:2022 and also shows the mapping and changes in terms of controls.
All audits for ISO 27001:2013 will continue to be carried out against its current requirements until it is officially updated.

This course covers the following topics:

• Specific requirements outlined in ISO/IEC 27001
• Information technology, security techniques and security management systems
• Auditing an ISMS that protects information assets such as financial data, customer records and proprietary corporate information
• Exploring the practice and perfecting the necessary competencies to undertake efficient and effective audits of ISMS through in-class activities, case studies and open discussions

On successful completion of this course, participants will obtain the knowledge and skills to:

• Review auditee documentation
• Develop audit schedules
• Identify, gather, analyze and evaluate information
• Conduct an entry and exit meeting
• Assess the scope and objectives of an audit
• Communicate with an auditee regarding the proposed audit
• Identify the resources required to conduct an ISMS audit
• Prepare and manage audit team resources
• Prepare audit related documentation
• Develop and submit an audit plan
• Guide team members in continuously improving their performance
• Compile audit results and report findings
• Negotiate the follow up process with an auditee
• Monitor and review an audit system and its activities

A sound working knowledge of ISO/IEC 27001 or ISO/IEC 27002 is strongly recommended.

Upon successful completion this course issues the below TPECS competency units which is certified by Exemplar Global.

Certificate of Attainment

• Exemplar Global AU Management systems auditing
• Exemplar Global TL Leading management systems audit teams
• Exemplar Global IS Information security management systems

What accreditation or recognition does this course have?

This course is certified and leads to the units of competency as outlined in the Achievement section.

Does this course have any assessment requirements?

Yes, this course has in class assessment activities that need to be completed.

How do I access my certificate?

Your Exemplar Global Certificate of Attainment will be emailed as a pdf on successful completion of all course assessment requirements. This will take up to 28 days once attainment of the relevant units of competency is confirmed by the assessor.

How do I apply for Exemplar Global recognition?

If you wish to become a registered third-party, or external Quality auditor with Exemplar Global, completing this course is the first step. Once you have obtained the Exemplar Global competencies from this course, you can follow either a qualification-based or competency based certification path. For more information visit; http://exemplarglobal.org/certification/what-we-offer/certify-me/

What other courses are relevant to this course?

If you have completed the SAI Global 4 day Lead Auditing an Information Security Management System course you will be able to attend any of our other 2 day management systems auditing courses to broaden your auditing skill set; for example, Auditing a Quality Management System and Auditing a Work Health and Safety Management System. You may also be interested in the course; Understanding and Implementing an Information Security Management System.

Who is the trainer for my course?

All of our trainers and assessors have extensive and current industry experience and qualifications and meet Exemplar Global accreditation body requirements for delivery of this course.

Who do I contact in case of any query regarding any of the courses?

For any course-related queries, please email customer support at training.americas@saiglobal.com or phone 1-800-374-3818.

This course is ideal for information security practitioners who have an understanding of information security management and who have been, or will become, involved in internal information security audits, second party (i.e. vendor) audits and/or third party audits.