Certified ISO 27001 Lead AuditorCertified ISO 27001 Lead Auditor

Certified ISO 27001 Lead Auditor

Duration: 4.5 days

This intensive training followed by a half-day examination enables participants to audit an Information Security Management System (ISMS) and to lead a team of auditors by applying generally accepted auditing principles, procedures and techniques.

During the training, the participants acquire the knowledge and skills to plan and conduct such audit properly and in conformance with the ISO/IEC 27001:2013 certification process.

Through a series of practical exercises, role plays and case studies, the participants learn and develop the skills and abilities needed to successfully conduct an audit, for example, application of auditing techniques, audit team management, planning of audit procedures, communication with customers or resolution of conflicts.


  • Acquiring the expertise to prepare and conduct ISMS audits as specified by ISO/IEC 27001:2013
  • Acquiring the expertise to manage an ISMS audit team
  • Developing an understanding of the application of an ISMS in the context of ISO/IEC 27001:2013
  • Developing an understanding of the various components of ISMS (e.g. risk management and measures) in accordance with the interests of company stakeholders
  • Improving abilities in analyzing the internal and external environment of a company, its risk management process and backgrounds of the planned auditing procedures in the ISMS context

Specific content:

Day 1: Introduction to the management of an Information Security Management System (ISMS)

  • Normative, regulatory and legal framework related to information security
  • Principles of information security
  • ISO/IEC 27001 certification process
  • Basics of an ISMS
  • Detailed explanation of clauses 4-8 of the ISO/IEC 27001 standard

Day 2: Planning and launching an ISO 27001 audit

  • Fundamental concepts and principles of auditing
  • Audit approach based on evidence and on risk
  • Prepare for an ISO/IEC 27001 certification audit
  • Document an ISMS audit
  • Conduct an opening meeting

Day 3: Conducting an ISO 27001 audit

  • Communication during the audit
  • Audit methods:
    • observations
    • document reviews
    • interviews
    • sampling techniques
    • technical verification
    • corroboration and evaluation
  • Develop test plans
  • Draw conclusions from audit findings
  • Drafting of nonconformity reports

Day 4: Completion and assurance of ISO 27001 audit follow-up

  • Audit documents and quality assessment of the audit
  • Closing meeting and completion of the ISO/IEC 27001 audit
  • Corrective action plan
  • Surveillance audit
  • Audit management program

Day 5: Examination

A three-hour final examination will be held on the fifth training day. A certificate of successful completion will be issued to participants who have passed the examination. The certificate is recognized by the ANSI-accredited certification body PECB allowing participants to apply for the title of ISO/IEC 27001 - ISMS Provisional Auditor, ISO/IEC 27001 - ISMS Auditor or ISO/IEC 27001 - ISMS Lead Auditor.
To maintain the credentials, an annual maintenance fee (AMF) of $100 per certificate has to be paid.

Target group:

  • Project managers who wish to manage an ISMS audit process
  • Auditors who want to effectively lead an ISMS audit team
  • Persons responsible for information security or compliance with a company's standards
  • Members of a team responsible for information security
  • Technical experts who wish to prepare themselves for an information security audit

A fundamental understanding of ISO/IEC 27001 and comprehensive knowledge of audit principles.

Maximum number of participants: 10 people

Price: € 2,450 incl. examination fee

The training is conducted in English by an experienced trainer. The training documents are in English.
You will receive CPE Points for the participating in the ISO 27001 Lead Auditor training. The training takes 36 hours.
Because the training strongly deals with the ISO/IEC 27001 standard, we advice our participants to take along a hardcopy of the standard. cirosec is not allowed to provide copies of the standard due to license reasons.

July 1 - July 5, 2019 Ludwigsburg
November 18 - November 22, 2019 Ludwigsburg

The training course will take place in a fine, specially selected hotel:

Ludwigsburg: nestor Hotel Ludwigsburg

We will gladly reserve a room for you at a special rate in the hotel where the training course will take place.

Online registration