ISO 27001-2019 Lead Auditor

  1. Home
  2. /
  3. Courses
  4. /
  5. ISO
  6. /
  7. ISO 27001-2019 Lead Auditor


The aim of this course is to provide delegates with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO 17021, as applicable. Successful completion of the course (including examination) will result in issuance of a certificate which may be used to support an application to become registered as an IRCA auditor. Being certified as an IRCA auditor is a clear statement that you are a recognized, qualified and capable auditing professional.

Recommended prior knowledge:

The knowledge of the principles and concepts for information security management systems including awareness of the need for information security, responsibilities, management commitments, using results of risk assessments and incorporation security as an essential element of information networks and systems are just as recommended as the knowledge of the requirements of ISO/IEC 27001 and terms and definitions as given in ISO/IEC 27000. Addition- ally the knowledge and understanding of the PDCA cycle will support a successful completion of the course.


  • In detail the course will provide students with the basis to become a competent Lead Auditor, amongst others via the following:
    • Purpose and benefits of an information security management system.
    • Role of an auditor to plan, conduct, report and follow up an information security management system audit.
    • Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 via exercises and role play.
    • Generating Audit Findings.
    • Plan-Do-Check-Act framework.
    • Differences between first-party, second-party and third-party certification audit.
    • Benefits of third-party accredited certification.
    • Terminology defined in the standard.
    • Requirements for ISMS documented information.