ISO/IEC 27701 Lead Auditor is a professional training course designed to give participants the skills and knowledge required to audit a Privacy Information Management System (PIMS) in accordance with the ISO/IEC 27701 standard. The course focuses on audit planning, execution, reporting and follow-up, and prepares participants to conduct effective internal and external audits of privacy management systems.
This course blends auditing theory with practical application tailored to privacy governance and compliance. Participants learn how to interpret ISO/IEC 27701 requirements, conduct audits, gather evidence and report findings in a structured and professional manner. Using real-world examples and audit simulations, delegates gain confidence in applying audit techniques aligned with privacy management objectives and certification requirements.
Course objectivesUpon completion of this course, participants will be able to:
PrerequisitesParticipants should have a solid understanding of ISO/IEC 27701 and experience with privacy management systems. Prior completion of ISO/IEC 27701 Lead Implementer or equivalent knowledge is recommended.
Target audienceThis course is suitable for internal and external auditors, compliance officers, privacy practitioners, consultants, governance and risk specialists, and others responsible for auditing or evaluating privacy information management systems.
Participants begin with a review of the ISO/IEC 27701 standard and audit fundamentals. The session explains how privacy management systems are audited, the purpose of audits, and how audit principles support organisational compliance.
This section focuses on audit planning and preparation, including defining scope and criteria, selecting audit techniques and creating audit plans that reflect organisational needs and compliance goals.
Participants are guided through practical audit execution, including gathering and analysing evidence, conducting interviews and observations, evaluating conformity and applying professional audit techniques.
This part of the course emphasises how to communicate audit results to stakeholders, draft clear and structured audit reports, and handle nonconformities. Participants also learn how to support corrective action and continual improvement.
Through case studies and audit simulations, participants practise applying their audit skills in scenario-based exercises that mirror real audit situations, enhancing confidence and readiness.
The final segment facilitates preparation for the ISO/IEC 27701 Lead Auditor exam, including review of key areas, exam structure and success strategies.
After successfully passing the exam, you can apply for the credential shown on the table below. You will receive the certificate once you comply with all the requirements related to the selected credential. Certification fees are included on the exam price.
For more information about the PECB certification process, please refer to the Certification Rules and Policies.
The exam is will take place at the end of the course on onsite classroom courses
For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send from PECB.
Test details:
As the exam is an Essay Typ exam, candidates are authorized to use:
Examination rules and policies
Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.
Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.
In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.
Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.
There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:
After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.
For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.
To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.
Duration: 5 days
Price: 29 900
Language: English
Format: Open course and corporate training
Hva lærer jeg på dette kurset?
Du lærer hvordan du planlegger, gjennomfører, rapporterer og følger opp revisjoner av et Privacy Information Management System (PIMS) i henhold til ISO/IEC 27701.
Hva kreves for å delta?
Du bør ha god forståelse av ISO/IEC 27701 og erfaring med personvernstyring. Det anbefales å ha tatt ISO/IEC 27701 Lead Implementer eller tilsvarende.
Hvordan gjennomføres eksamen?
Eksamen gjennomføres enten fysisk på kursstedet eller online med voucher og online eksamensvakt.
Hva skjer hvis jeg ikke består første eksamen?
Du får som regel ett nytt eksamensforsøk, som gjennomføres online.
Får jeg ekstra tid på eksamen?
Ja, ekstra tid gis dersom engelsk ikke er ditt morsmål, i tråd med sertifiseringsreglene.
Hvilken sertifisering får jeg?
Etter godkjent eksamen oppnår du PECB Certified ISO/IEC 27701 Provisional Auditor sertifiseringen. For å få full sertifisering kan det også stilles krav til dokumentert arbeidserfaring innen informasjonssikkerhet og ISMS-arbeid. Sjekk tabellen under sertifisering for mer informasjon.
Får jeg ISO-standarden?
Nei, du får tilgang til kursmateriell og eventuelle lånestandarder som brukes under undervisningen og eksamen.
Hva er forskjellen på Foundation, Implementer og Auditor?
Foundation gir grunnleggende forståelse. Implementer handler om etablering og drift av et system. Auditor er rettet mot revisjon, vurdering og etterlevelse gjennom revisjonsprosesser.
Hvor skal jeg starte?
Hvis du er helt ny til ISO/IEC 27701 anbefales det å starte med Foundation og/eller Implementer før du går videre til Auditor.
Er dette kurset relevant for ledere?
Ja, kurset er relevant for ledere, revisjonsansvarlige, compliance-roller og konsulenter som jobber med vurdering og forbedring av personvernstyringssystemer.
Kan jeg ta dette kurset som e-læring eller selvstudium?
Nei, det er ikke mulig å ta dette kurset som e-læring, men mulig med selvstudie. Send en mail til prosjekt@glassper.no for mer informasjon og bestilling.
