About this course
ISO/IEC 27001:2013 – Information security management system lead auditor teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001. This five day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001 registration process.
The auditing exercises and lectures are based on ISO 19011:2011, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.
Prerequisites
- A prior knowledge of the requirements of ISO 27001 would be beneficial.
Learning Objective
- Review the requirements of ISO/IEC 27001
- Understand the relationship between ISO/IEC 27001 and ISO/IEC 27002
- Learn how to assess security threats and vulnerabilities
- Understand security controls and countermeasures
- Understand the roles and responsibilities of the auditor
- Learn how to, plan, execute, report, and follow-up on an information security management system audit
Course Contents
Day 1 :
o Course Introduction
– Housekeeping
– Course and learner objectives
– Course structure and methods
– Delegate assessment
o What is an Information Security Management System?
– Information security
– Management systems
– Purpose and benefits of ISO 27001
– Related standards
o Process Approach
– PDCA model
– Process model
o Overview of ISO 27001 contents
o ISO 27001 Mandatory clauses 4 – 8
Day 2 :
o Course Recap day 1. Questions and Answers
o Controls
o Overview of the audit process
o Auditing the SOA
o Audit and Auditors
– Definitions
– 1st, 2nd and 3rd party audits
– Roles and responsibilities of auditors and lead auditors
– Skills and characteristics of effective auditors
o Audit Planning
– Information needed to plan the audit, and things to consider
– Preliminary visits
– Preparation of an audit plan
o Audit communications and meetings
– Good practice for communication during the audit
– Formal meetings
– Opening meeting – what to cover and how
o Checklists
– Benefits and drawbacks
– Content – what to include
– Developing a checklist for a specific audit
Day 3 :
o Process Audits
o Case studies
o Conducting the audit
– interviewing
– sampling
– note taking
– interacting with the auditee
– who’s involved and general points
o Nonconformities
– definition of nonconformity
– linking to requirements of ISO 27001
– grading nonconformity reports
– structure and content of nonconformity reports
Day 4 :
o Case studies
– including interviewing.
– developing and following audit trails
– identifying non conformities
o Specimen Examination
– Review of answers
– Layout and marking scheme of the papers
o Closing Meeting
– Outcomes
– Content
– Identifying possible issues and how to prevent or deal with these
o Corrective Actions
– Corrective action process
– Evaluating corrective actions
o Reporting the audit
– Purpose and content of the written audit report
o Next steps
– action planning
– further development
– auditor registration
Day 5 :
o Course Evaluations
o Examination Rules
o Written Examination
o End of the Course
Training Info
Duration: 5 Days
Date: Nov 24 – 28, 2025
Time: 9.30 am. – 16.30 pm.
Venue: ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 38,000 Baht (ex.vat7%)
Tel. 02 670 8980-3 ext.304, 305, 303
E-mail.[email protected]