Dates and Venues

Explore the skills needed to carry out internal information security management systems (ISMS) audits on this ISO 27001 Internal Auditor training course.

A certified and well-maintained ISMS is a clear indication that your organisation is adhering to good information security practices.

This 2-day course builds around a highly interactive case study with workshops that give attendees practical experience of the key stages of an audit.

As a result of attending this course delegates will be able to prepare, conduct, report and follow up an ISMS internal audit against ISO 27001:2022.

Click to read the ISO 27001 Internal Auditor course flyer.

The ISO 27001 Internal Auditor training course is suitable for anyone managing or carrying out an internal audit, or who would like to know more about ISMS audits to help them perform their roles. That includes:

  • those who are or will be performing internal ISMS audits and need the requisite skills
  • those who will be audited and want to understand how the internal audit process works
  • quality managers taking on ISMS responsibilities
  • IT managers and  professionals with information security responsibilities, such as compliance managers, information assurance managers and risk managers

If potential attendees have little or no prior knowledge of ISO 27001 then we recommend they first join our Introduction to ISO 27001 training course, delivered the day before the Internal Auditor course. We offer a discount of £100 when booking these courses together.

Prospective delegates can learn more about prior knowledge requirements and test their understanding with our ISO 27001 Quiz.

Course topics include:

  • introduction to auditing an ISMS based on ISO 27001
  • relationship between ISO 27001 and the rest of the ISO 27000 family
  • auditing process, including:
    • preparation – document review, audit plan, audit checklist
    • performance  – interviews, demonstrations, records
    • reporting  – audit report and nonconformity writing
    • follow up  – correction, cause analysis and corrective action
  • factors determining audit frequency
  • ISO 27001 Annex A controls
  • risk assessment and risk management
  • statement of Applicability (SoA)
  • continual improvement of the ISMS

Exploring the theory and practice of internal auditing, delegates can expect a course structure similar to:

  • Day 1
    • WELCOME AND INTRODUCTION
    • Module 1 ISMS & ISO 27001
    • Workshop 1 Biggest Threats to Information Security
    • Module 2 ISMS Audit Overview
    • Workshop 2 Qualities of an Auditor
    • Module 3 Audit Planning
    • Module 4 Audit Performance
    • Workshop 3 Case Study – Auditing a Risk Assessment
    • Workshop 4 Case Study – Writing a Checklist
    • Review Pre-course work
    • CLOSE
  • Day 2
    • Day 1 Review
    • Workshop 5 Conducting an Audit
    • Workshop 6 Auditor Review to Assess Findings
    • Module 5 Audit Reporting
    • Module 6 Audit Follow-up
    • End of Course Quiz
    • Course Review
    • CLOSE

On completion of this ISO 27001 Internal Auditor training course delegates will have the knowledge to:

  • explain the roles, procedures and documentation within an ISMS internal audit
  • plan, prepare and conduct an effective internal ISMS audit against ISO 27001
  • present audit findings and advise on potential corrective actions
  • identify opportunities for continuing ISMS improvement

Delegates will also receive a certificate of completion to signify their new knowledge and skills in ISO 27001 internal auditing.

ISO 27001 Internal Auditor Certificate