Ex 114 - ISO/IEC 27001:2005 ISMS LEAD AUDITOR


This FIVE-DAY course provides an understanding and knowledge of auditing information security management systems to third party standards.  The objective of an audit is not fault finding, but to identify opportunities for improvement. You learn to build on the skills of how to plan, structure and conduct an effective audit and to evaluate and communicate the findings. The course is designed to follow the stages in a live audit, including simulated audit interviews and role play closing meetings.

This course is certified by IRCA (UK) Approval number A17293 and meets the training requirements for individuals seeking registration as a Lead Auditor under the IRCA Auditor Registration Scheme. The requirements include an examination and a certificate is issued on completion of the course.

Key Session Topics

  • Background and overview of the ISO/IEC 27001 and other Infosec Standards
  • An introduction to auditing and implementing an audit system and the auditor’s role in the process
  • Management’s role in reviewing risk and the effectiveness of the overall ISMS
  • Planning and managing a process based audit:
    • resources and timing
    • use of checklists
    • selection of audit teams
  • Conducting the audit - skills, techniques and auditor competence:
    • evaluating the significance of audit findings
    • communicating and presenting audit reports
  • Nonconformities and improved security as a result of corrective actions
  • Management of the third party assessment and certification process


  • Competence in assessing the organisation’s ability to manage risk and provide essential ISMS controls.
  • An understanding of the role of audits within the ISMS and the role of auditors in effecting continual improvement.
  • The skill set to enable a full understanding of how third parties view the ISMS and its compliance for certification and of how first party auditors can help create the environment to drive excellence.

Who Should Attend

  • Individuals who want to become ISMS Registered Lead Auditors
  • Individuals leading their companies to ISO/IEC 27001:2005 registration

Familiarity with ISO/IEC 27001:2005 is necessary for a full understanding of the principles developed in this course.

Course Techniques

This highly participative course is a practically based series of sessions using tutorials, case studies, interactive workshops and open forum discussions, the  practical emphasis of which provides a unique opportunity for a substantial degree of individual guidance and training.

A detailed file of reference information is available to keep.


Attendees’ in-house audits can be supervised to give practical on-site training.

Back to overview
Check course dates
Home | Our Company | Testimonials | Courses | Course Calendar | Consultancy | Tech Info | Contact Us
©2005 Excel Partnership. All rights reserved.