ISO 27001:2013 Certified Lead Auditor

Certified by Exemplar Global

Course Details

• 4 Days

• 3.3 CTUs

• $1995

Who Should Attend

Those responsible for planning and scheduling an internal audit program for ISO 27001:2013 and those who must perform audits to ISO 27001:2013, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.

Course Objectives

  • Interpret and apply the ISO 27001:2013 requirements
  • Recognize the relationship between ISO 27000, ISO 27001, and ISO 27002
  • Define information security management (ISMS) terminology
  • Demonstrate how ISMS planning, policy, objectives, and processes are implemented
  • Explain the difference between legal compliance and conformity
  • Define the relationship between an organization’s operational informational security requirements and the ISO 27001:2013 standard
  • Assess effectiveness of an organization’s information security risk assessment methodologies
  • Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within the organization’s statement of applicability
  • Apply auditing principles, procedures, and methods identified in ISO 19011:2018
  • Establish audit objectives for the audit program
  • Determine the feasibility of an audit
  • Prepare work documents for an audit
  • Apply all aspects of the on-site audit activities
  • Define audit roles and responsibilities
  • Document audit results, findings, and conclusions
  • Identify and apply sampling techniques
  • Develop an audit plan
  • Demonstrate effective communication and interview skills
  • Identify roles and responsibilities of audit team leaders
  • Incorporate audit objectives, scope, and criteria into audit planning
  • Select audit team members and assign tasks
  • Identify, evaluate, and address risks in an audit plan
  • Develop and manage the opening and closing meetings
  • Resolve conflict during an audit
  • Prepare an audit report to address all findings during an audit
  • Perform audit follow-up activities
  • Apply remote auditing methods


  • Day One
    8:00am to 6:00pm
    • Introduction to information security (IS)
    • Benefits of an ISMS
    • ISO 27000 family of documents
    • ISO 27001 standard
    • ISO 27001 annex list of controls
  • Day Two
    8:00am to 6:00pm
    • Controls in ISO 27002
    • Evaluate effectiveness of information security management system (ISMS)
    • Information security risk assessment methodologies
    • Analyze controls in Statement of Applicability as they relate to treatment of risk
    • Organization’s monitoring, measurement, analysis, and evaluation activities
    • Legal compliance and conformity
    • Apply standard and annex to scenarios
  • Day Three
    8:00am to 6:00pm
    • Management system audits
    • Types of audits
    • Audit approaches
    • Audit objectives, scope, and criteria
    • Audit risks and opportunities
    • Roles and responsibilities
    • Audit techniques
    • Audit cycle
  • Day Four
    8:00am to 5:00pm
    • Audit team leaders
    • Audit plan
    • Combined audits
    • Conduct audits
    • Opening meetings
    • Team briefings
    • Closing meeting
    • Audit report
    • Audit follow-up

Have questions? Contact us

DEKRA Audits

8990 Springbrook Dr. NW

Suite 210

Minneapolis , MN 55443

+1 800.633.2588
Share page