ISO/IEC 27001 Lead Auditor

ISO/IEC 27001 Lead Auditor is a comprehensive training course designed for professionals who want to develop the knowledge and skills necessary to audit an Information Security Management System (ISMS) against the ISO/IEC 27001 standard. The course covers the audit lifecycle, techniques, reporting requirements and how to lead audit teams within a structured audit framework.

This course provides a deep dive into auditing practices tailored to ISO/IEC 27001. Participants learn how to plan, conduct, report and follow up on internal and external audits of an ISMS. The course blends theoretical insights with practical exercises so delegates can apply audit concepts, techniques and principles in real-world contexts. It also prepares participants for the Lead Auditor certification exam and helps build competence in professional audit roles.

Course objectives

Upon completion of this course, participants will be able to:

  • Understand audit principles, processes and methods according to ISO/IEC 27001
  • Plan and prepare information security audits that align with standard requirements
  • Conduct audits, evaluate conformity and communicate findings effectively
  • Manage audit teams and handle audit reporting and follow-up
  • Apply audit tools and techniques in organisational contexts
  • Prepare for and sit the ISO/IEC 27001 Lead Auditor certification exam

Prerequisites

Participants should have a foundational understanding of ISO/IEC 27001, either through prior training (e.g., Foundation) or equivalent experience with information security management systems.

Target audience

This course is designed for internal and external auditors, compliance professionals, risk managers, consultants and others who are responsible for auditing, assessing or evaluating information security practices and controls.

Day 1 - Introduction to auditing principles and the ISO/IEC 27001 standard

The course begins with an overview of audit principles, including the purpose of ISMS audits and how these relate to organisational goals. Participants also review the structure and requirements of ISO/IEC 27001 as a basis for audit activities.

Day 2 - Audit planning and preparation

This section focuses on how to plan and prepare for an ISMS audit. Participants learn how to define audit objectives and scope, select audit criteria, and develop audit plans that reflect organisational risk and compliance needs. Techniques for gathering audit evidence are introduced.

Day 3 - On-site audit activities

Participants practice audit execution, including interviewing, evidence collection, observation and evaluation. The course emphasises professional conduct, ethics and objectivity throughout the audit process.

Day 4 - Closing the audit

This module covers how to compile audit findings, communicate effectively with stakeholders, and draft audit reports that are clear, concise and aligned with ISO/IEC 27001 expectations. Participants also learn how to handle nonconformities and support organisational improvement.

Day 5 - Preparation for exam

The final content area focuses on audit follow-up activities, including corrective action tracking, evaluation of effectiveness and how audit results support continual improvement of an ISMS. Preparation for the certification exam is integrated throughout this phase.

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. For more information about ISO/IEC 27001 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

Cetification LA 27001.png

Exam

The exam is will take place at the end of the course on onsite classroom courses.

For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send from PECB.

Test details:

  • The exam duration is three (3) hours. Non-native speakers receive an additional half an hour.
  • The exam contains essay type questions.

As the exam is an Multiple Choice exam, candidates are authorized to use:

  • A copy of the General Data Protection Regulation;
  • Course notes from the Participant Handout;
  • Any personal notes made by the student during the course; and
  • A hard copy dictionary

Examination rules and policies

RECEIVE YOUR EXAM RESULTS

Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.

Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.

In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.

Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.

EXAM RETAKE POLICY

There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:

  • Students, who have completed the full training but failed the written exam, are eligible to retake the exam once for free within a 12 month period from the initial date of the exam.
  • If a candidate does not pass the exam on the second attempt, he/she must wait 3 months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee applies.
  • If a candidate does not pass the exam on the third attempt, he/she must wait 6 months (from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.

After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.

For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.

To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.

Practical information

Duration: 5 days
Price: 29 900
Language: English
Format: Open course and corporate training

FAQ

Hva lærer jeg på dette kurset?
Du lærer å planlegge, gjennomføre, rapportere og følge opp ISMS-revisjoner i henhold til ISO/IEC 27001, inkludert revisjonsteknikker og rapporteringsmetoder.

Hva kreves for å delta?
Du bør ha en grunnleggende forståelse av ISO/IEC 27001, enten gjennom Foundation-kurs eller erfaring med informasjonssikkerhet og ISMS-prinsipper.

Hvordan gjennomføres eksamen?
Eksamen gjennomføres enten fysisk på kursstedet eller online med voucher og online eksamensvakt.

Hva skjer hvis jeg ikke består første eksamen?
Du får som regel ett nytt eksamensforsøk som tas online.

Får jeg ekstra tid på eksamen?
Du får ekstra tid dersom engelsk ikke er ditt morsmål, i henhold til sertifiseringsregler.

Hvilken sertifisering får jeg?
Etter bestått eksamen oppnår du PECB Certified ISO/IEC 27001 Provisional Auditor. For å få full sertifisering kan det også stilles krav til dokumentert arbeidserfaring innen informasjonssikkerhet og ISMS-arbeid. Sjekk tabellen under sertifisering for mer informasjon.

Får jeg ISO-standarden?
Nei, men du får tilgang til en lånestandard som kan brukes under kurset og eksamen.

Hva er forskjellen på Foundation, Implementer og Auditor?
Foundation gir grunnleggende forståelse av standarden og kravene. Implementer er for de som skal bygge, lede og forbedre et ISMS. Auditor er rettet mot de som skal vurdere etterlevelse og kvalitet gjennom revisjon.

Hvordan fungerer dette med sertifisering – ISO/IEC 27001 Lead Auditor?
Lead Auditor-sertifiseringen krever at du består sertifiseringseksamen. Etter bestått eksamen kan det også kreves dokumentert revisjonserfaring før du får full sertifisering.

Hvor skal jeg starte?
Hvis du er helt ny til ISO/IEC 27001 anbefales det å ta Foundation først, før du eventuelt går videre til Implementer eller Auditor.

Er det nødvendig med Foundation før Auditor og Implementer før Auditor?
Det er ikke et formelt krav, men det er anbefalt å ha ISO/IEC 27001 Foundation før Lead Auditor. Mange velger også å ta Implementer først for bedre forståelse av systemet.

Er dette kurset relevant for ledere?
Ja, det er relevant for ledere, internrevisorer, sikkerhetsansvarlige og konsulenter som jobber med revisjon og vurdering av informasjonssikkerhet.

Kan jeg ta dette kurset som e-læring eller selvstudium?
Ja, dette kurset tilbys også som e-læring. Påmelding kan registreres på høyre side.

See other relevant courses:

Other subject areas:

Other relevant courses

ISO/IEC 27001 Lead Implementer
2. March
5 days
Classroom Virtual Guaranteed to run
ISO/IEC 27001 Foundation
23. March
2 days
Classroom Virtual
ISO/IEC 27001 Lead Implementer all english
23. February
5 days
Classroom Virtual Guaranteed to run
ISO/IEC 27001 Introduction
1 days
Classroom