ISO/IEC 27001 Information Security Management Systems (ISMS) sets the scope, structure and requirements for an effective ISMS, helping organisations of all sizes to manage information securely.

Having a certified and well-maintained ISMS demonstrates an adherence to good security practices and can improve a company’s reputability.

This ISMS ISO 27001 Internal Auditor Training Course will equip delegates with the necessary skills to perform internal audits, allowing them to contribute towards the improvement and maintenance of their organisation’s ISMS.

The course centres around a highly interactive central case study through which delegates will learn the key stages of an audit, including:

  • Planning: identifying the frequency of audits, defining the audit scope and creating audit checklists
  • Conduct: undertaking the opening meeting, gathering information and completing checklists
  • Report: writing up nonconformities
  • Follow-up: recommending corrective action and evaluating responses

  • An introduction to auditing an ISMS based on ISO 27001
  • The role of auditing for a certified ISO 27001 ISMS
  • The relationship between ISO 27001 and the rest of the ISO 27000 family
  • Annex A controls
  • Documentation
  • Risk assessment
  • Checklists
  • Continual improvement of the ISMS
  • Factors that determine audit frequency
  • Auditing process including
    • planning
    • audit process
    • audit review
  • Nonconformity report writing
  • Corrective action
  • Sources of information and further development


This ISO 27001 Internal Auditor Training Course is highly suitable for:

  • those looking to undertake internal ISMS audits
  • auditees wanting to understand the audit process
  • quality manager taking on ISMS responsibilities
  • IT managers or professionals with information security responsibilities

This ISO 27001 Internal Auditor course is designed to build upon delegates’ prior knowledge of ISO 27001 and teach them the skills to undertake internal audits of part of a ISMS based on ISO 27001.

For those with little or no prior knowledge of ISO 27001 we recommend attending our Introduction to ISO 27001 Training Course (delivered the day before the Internal Auditor course) to gain an understanding of the requirements (clauses) of ISO 27001. We offer a discount of £100 when booking these courses together.

Learn more about prior knowledge requirements and test your understanding with our ISO 27001 Quiz.

On completion of this ISO 27001 Internal Auditor training course delegates will be able to:

  • plan and prepare for an internal audit with an understanding of auditing procedures and documentation.
  • conduct an effective ISMS audit against ISO 27001
  • present audit findings and potential corrective actions

The ISO 27001 Internal Auditor Training Course can be provided on a dedicated basis at your offices, a venue of your choice or online. The course includes interactive workshops which encourage team discussions on subjects such as ‘Checklists’, ‘Corrective Actions’ and ‘Internal Audits’. The team discussions act as a platform for later discussions on successfully undertaking internal audits within your organisation.

Request Quote

For Scheduled Training courses, please select from the Course Dates and Venues table below.