IRCA ISO 27001:2013 ISMS Lead Auditor

Date/Time: 19/08/2019 - 23/08/2019 9:30 am - 4:30 pm


About this course

ISO/IEC 27001:2013 – Information security management system lead auditor teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001. This five day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001 registration process.

The auditing exercises and lectures are based on ISO 19011:2011, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.


  • A prior knowledge of the requirements of ISO 27001 would be beneficial.

Learning Objective

  • Review the requirements of ISO/IEC 27001
  • Understand the relationship between ISO/IEC 27001 and ISO/IEC 27002
  • Learn how to assess security threats and vulnerabilities
  • Understand security controls and countermeasures
  • Understand the roles and responsibilities of the auditor
  • Learn how to, plan, execute, report, and follow-up on an information security management system audit

Course Contents

Day 1

Course Introduction

  • Housekeeping
  • Course and learner objectives
  • Course structure and methods
  • Delegate assessment

What is an Information Security Management System?

  • Information security
  • Management systems
  • Purpose and benefits of ISO 27001
  • Related standards

Process Approach

  • PDCA model
  • Process model

Overview of ISO 27001 contents

ISO 27001 Mandatory clauses 4 – 8

Day 2

Course Recap day 1. Questions and Answers


Overview of the audit process

Auditing the SOA

Audit and Auditors


  • 1st, 2nd and 3rd party audits
  • Roles and responsibilities of auditors and lead auditors
  • Skills and characteristics of effective auditors

Audit Planning

  • Information needed to plan the audit, and things to consider
  • Preliminary visits
  • Preparation of an audit plan

Audit communications and meetings

  • Good practice for communication during the audit
  • Formal meetings
  • Opening meeting – what to cover and how


  • Benefits and drawbacks
  • Content – what to include
  • Developing a checklist for a specific audit

Day 3

Process Audits

Case studies

Conducting the audit

  • interviewing
  • sampling
  • note taking
  • interacting with the auditee
  • who’s involved and general points


  • definition of nonconformity
  • linking to requirements of ISO 27001
  • grading nonconformity reports
  • structure and content of nonconformity reports

Day 4

Case studies

  • including interviewing.
  • developing and following audit trails
  • identifying non conformity

Specimen Examination

  • Review of answers
  • Layout and marking scheme of the papers

Closing Meeting

  • Outcomes
  • Content
  • Identifying possible issues and how to prevent or deal with these

Corrective Actions

  • Corrective action process
  • Evaluating corrective actions

Reporting the audit

  • Purpose and content of the written audit report

Next steps

  • action planning
  • further development
  • auditor registration

Day 5

Course Evaluations

Examination Rules

Written Examination

End of the Course

Training Info

Duration:  5 Days

Date      :  August 19 – 23,2019

Time    : 09:30 am. – 16:30 pm.

Venue  : ACinfotec Training Center

Contact  : T 02 670 8980 – 3

Tuition  : THB 38,000 (Exclusive of 7% VAT)

Course Registration

Bookings are closed for this event.

Terms & Conditions for Course Registration

Please read the following terms & conditions for course registration carefully. Upon clicking submit button, it is demonstrated that I/We understand and accept the registration and cancellation policies and procedures.

  • Full payment is required in advance prior to course commencement date.

Cancellation Policy

  • Payment is due upon registration
  • Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given
  • A replacement is always welcome

Disclaimer: ACinfotec reserves the right to change, postpone or cancel. Any part of its published programme due to unforeseen circumstances.