ISO 27001 Lead Auditor Training Course

Name: ISO 27001 Lead Auditor Training Course
Price: 1895.00 GBP

Home › ISO 27001 Training Courses › ISO 27001 Lead Auditor Training Course

DURATION

5 days

CPD

Equivalent to 40 hours

CERTIFICATES

All delegates will receive a certificate on completion.

DELIVERY OPTIONS

Course certification

Dates and Venues

A CQI and IRCA certified ISO/IEC 27001:2022 Lead Auditor training course (ref: 17293).

Overview

Auditing is an essential tool in the battle to identify, assess and address information security risks posed by challenges such as employee error and data breaches.

This CQI and IRCA certified ISO 27001 Lead Auditor training course explores how auditing an organisation’s information security management system (ISMS) helps to ensure that the system:

conforms to the organisation’s specification
meets the requirements of the ISO 27001 information security standard, with reference to ISO 19011 and ISO 17021
is effectively implemented and maintained.

Created and delivered by information security experts, the ISO 27001 Lead Auditor course equips delegates with the skills and confidence to undertake a full audit, from planning through preparing and reporting to follow up. The interactive course includes workshops and follows a central case study to help reinforce learning.

Students are assessed through continuous evaluation and an exam on the final day of the course. Successful completion will satisfy the training requirements for certification as an IRCA ISMS auditor.

Click to read the ISO 27001 Lead Auditor course flyer.

Who should attend?

This 5-day course is suitable for delegates from all industries, including:

anyone who wishes to complete first, second and/or third-party ISO 27001 audits onsite and/or remotely
audit team leaders
those responsible for implementing and ensuring compliance with ISO 27001, including IT security managers, compliance consultants, cyber security consultants, information assurance professionals, QHSE managers, management systems professionals and existing auditors
those wishing to gain a recognised ISO 27001 lead auditor certificate
those seeking to apply to the CQI as an IRCA ISMS auditor

Please note that CQI and IRCA expect delegates attending this ISO 27001 Lead Auditor training course to have prior knowledge of the requirements (clauses) of ISO 27001. Some individuals may find it beneficial to attend our Introduction to ISO 27001 training course. Click to learn more about prior knowledge requirements.

Delegates to this course are also entitled to free entry on an ISO 27001 Annex A Controls training course (subject to availability), offering a saving of £295 + VAT. Contact us to book a place.

Key topics

The topics covered in the course include:

background and overview of ISO 27001 and other information security standards (ISO 27000 Family)
ISO 27001 Annex A controls
an introduction to auditing against ISO 27001 and the auditor’s role
the role of management in reviewing risk and the effectiveness of the ISMS
planning and managing an ISMS audit:
- resources and timing
- determining the audit scope and objectives
- undertaking a risk-based approach
- ISMS documentation (risk treatment plan, SoC, SoA, information security asset record)
- use of checklists
- selection of audit teams
risk assessment and risk treatment
conducting the ISMS audit – skills, techniques and auditor competence:
- evaluating the significance of audit findings
- communicating and presenting audit reports
nonconformities and improved security as a result of corrective actions
correction and corrective action
management of the third-party assessment and certification process

Course agenda

With a focus on practical application, this course is based around the following structure:

Day 1
- WELCOME AND INTRODUCTION
- Module 1 ISMS and ISO 27001:2022
- Exercise A ISMS Purpose and Benefits
- Workshop 1 ISMS Issues and Threats
- Module 2 ISMS Audit Overview
- LUNCH
- Workshop 2 ISMS Auditor Qualities and Attributes
- Workshop 3 Annex A – Interpreting and Auditing Controls
- Exam Briefing Section 1
- CLOSE
Day 2
- Review of Day 1 & Specimen Paper Section 1
- Module 3 Stage One Audits
- Workshop 4 Preparing for a Stage One Audit
- LUNCH
- Exercise B Auditing a Risk Assessment
- Module 4 Stage Two Audits – Case Study Briefing
- Workshop 5 Preparing for a Stage Two Audit
- Module 5 Performing an Audit
- Exam Briefing Section 2
- CLOSE
Day 3
- Review of Day 2 & Specimen Paper Section 2
- Workshop 6 The Live Audit
- LUNCH
- Workshop 6 (cont.)
- Exam Briefing Section 3
- CLOSE
Day 4
- Review of Day 3 & Specimen Paper Section 3
- Module 6 Audit Reporting – Nonconformities
- Exercise C Nonconformity Writing
- Module 6 (cont.) Audit Reporting – Content Guidance
- Exam Briefing Section 4
- Module 6 (cont.) Audit Reporting – Nonconformity of Further Investigation?
- LUNCH
- Module 7 Audit Follow-up, Major & Minor Nonconformities
- Module 8 Physical and Technical Controls in Annex A
- Workshop 7 Auditing the Technical Aspects of Annex A
- Module 9 The ISMS Auditor
- Exercise D Knowledge Test & Discussion
- Exam Briefing, Revision Guidelines & Q&A
- CLOSE
Day 5
- Review of Day 4 & Specimen Paper
- Workshop 8 Audit Reports – Words Matter
- End of Course Quiz
- Exam briefing
- CLOSE

Skills gained

On completion of this ISO 27001 Lead Auditor training course, delegates will be able to:

understand the role of internal and external audits in ensuring compliance of an ISMS to organisational and ISO 27001 requirements
lead an ISMS audit including:
- planning the audit using a risk-based approach to scheduling and selecting audit criteria
- conducting an ISO 27001 audit using appropriate sampling and interviewing techniques
- writing objective and factual audit reports and presenting findings
- following up and closing out an ISMS audit
contribute to the effectiveness and continual improvement of an organisation’s information security management system

Delegates must participate fully throughout the course and will be assessed by ‘continual assessment’ and by completing an exam on the final day. Students passing both aspects will receive a CQI and IRCA approved ‘Certificate of Achievement’, and will meet the training requirements for registration with IRCA as an ISMS auditor.

Select option:

Scheduled Courses In-Company Training

Upcoming course dates

Worsley Park Marriott Hotel & Country Club, Manchester

23 - 27 June 2025

ManchesterWorsley Park Marriott Hotel & Country ClubLast few places!

Course Price: £1995 + VAT

View event details

14 - 18 July 2025

OnlineVirtual ClassroomLast few places!

Course Price: £1895 + VAT

View event details

Staverton Park Hotel, Daventry, Northamptonshire

18 - 22 August 2025

Daventry, NorthamptonshireStaverton Park Hotel

Course Price: £1995 + VAT

View event details

Delta Hotels Edinburgh, Edinburgh, Scotland

08 - 12 September 2025

Edinburgh, ScotlandDelta Hotels Edinburgh

Course Price: £1995 + VAT

View event details

22 - 26 September 2025

OnlineVirtual Classroom

Course Price: £1895 + VAT

View event details

20 - 24 October 2025

Southampton, HampshireNew Place Hotel

Course Price: £1995 + VAT

View event details

24 - 28 November 2025

OnlineVirtual Classroom

Course Price: £1895 + VAT

View event details

Hilton Leeds City, Leeds, West Yorkshire

15 - 19 December 2025

Leeds, West YorkshireHilton Leeds City

Course Price: £1995 + VAT

View event details

19 - 23 January 2026

OnlineVirtual Classroom

Course Price: £1895 + VAT

View event details

23 - 27 February 2026

Royal Leamington SpaWoodland Grange

Course Price: £1995 + VAT

View event details

LOAD MORE DATES

In-Person
Delegate numbers	Up to 12
Total fees	£7995 + VAT

Virtual Classroom
Delegate numbers	Up to 10
Total fees	£7495 + VAT

Frequently asked questions

Will there be an exam on this course?

Yes. To pass this course you will first be assessed during training by your course tutor for participation and understanding. You will then have 30 days after the end of the course to take an online exam set by the CQI and IRCA.

The exam will present you with a mix of multiple choice, short response and other forms of question. Practice questions will be available to you to help you understand how the exam works and to check your knowledge. You will find both the exam and the practice questions on external portals, and you will be given full instructions about how to use these. Bywater will also work with you during the course to clarify what is expected of you.

This new online exam, available from March 2023, replaces the previous format of a 2-hour essay-type exam, in use until February 2023.

Is this course officially certified?

Yes, this Bywater ISO 27001 Lead Auditor training course is certified by the CQI and IRCA. That means our training course meets the required high standards for content and course delivery. Not only can you be confident of an excellent learning experience, but the certificate you receive on successful completion will reflect the quality of the expertise you have acquired.

How much do I need to know about ISO 27001 to attend this course?

As the professional body that certifies this course, the CQI and IRCA has stated that it expects delegates to already have some knowledge of the requirements of ISO 27001. This includes requirements of the standard; the Plan, Do, Check, Act (PDCA) cycle; and core elements of a management system.

We do have a short quiz that you can take to check your knowledge.

If you do not feel confident that you have sufficient knowledge, but do want to train as a lead auditor, you could first attend our Introduction to ISO 27001 training course. This course is designed to give you the knowledge you need to then attend this lead auditor course. Book both courses together and you can receive a £100 discount.

What happens if I fail the exam?

If for any reason you do not pass the exam, then you do have the opportunity to re-sit within a certain timeframe. We aim to provide you with time with the course tutor to discuss how you can improve your performance. If you find yourself needing to re-sit do contact our training team to discuss the way forward.

Back to course listing

Customer reviews

Tutor’s industry knowledge was incredibleThe tutor was incredibly knowledgeable in the industry.

Eryri Consulting Limited|7th May, 2025

Interesting and relevantThe tutor made the subject interesting and relevant and also explained the connection between the relevant standards.

Vision Rt Ltd.|6th May, 2025

Useful industry experience shared by the tutorThe tutor was able to use their industry experience to provide meaningful anecdotes that helped to remember key concepts.

Atsec Information Security Ab|11th Apr, 2025

Well designed course contentContent was well designed and the tutor also gave a good guidance on how to perform audits. It also gave a perspective on how to analyse the requirements and controls from the standard. I would say both the content and...

Atsec Information Security Ab|10th Apr, 2025

Comprehensive course contentThis is a new area of work for me. The content was comprehensive and allowed me to develop an understanding of the key concepts of ISO 27001.

Capita|19th Mar, 2025

Highly detailed course delivered in a very professional mannerThe tutor delivered a highly detailed and interesting course tailored to people of all levels of understanding and did so in a very professional manner.

National Security Inspectorate (NSI)|13th Mar, 2025

Explained how ISO 27001 applies across different industriesThe tutor was fantastic and was able to explain and put into real-life scenarios how the ISO 27001 standard applies across different industries.

Arcus Fm|6th Feb, 2025

Highly proficient deliveryThe tutor was very knowledgeable and was highly proficient with the delivery of ISO 27001. He made the course a lot more interesting and engaging.

Capita|15th Jan, 2025

Extremely proficient tutorThe tutor was extremely proficient, and aimed the content at the level of the class. Utilising real time experience and situations to enhance the learning.

Royal Air Force|14th Jan, 2025

Feel confident to apply what I have learnt and carry out my first auditI currently carry out internal ISO audits on all the departments within the company that I work for, I didn't have have much knowledge in 27001 but after taking the course I feel confident that I can apply what I...

Crime & Fire Defence Systems Ltd|3rd Jan, 2025

Accommodating, friendly and approachable tutorExtensive subject knowledge, approachable, friendly and accommodating tutor.

LRQA|18th Dec, 2024

Tutor read the room and identified participant’s needs with easeTutor had a great style, being able to read the room and identify what was needed to be focused on with ease.

Achilles Information Limited|27th Nov, 2024

DURATION

CPD

CERTIFICATES

DELIVERY OPTIONS

Course certification

Upcoming course dates

In-company training availability

What's included

Next steps

Enquire

Customer reviews

You may also be interested in...

Introduction to ISO 27001 Training Course

ISO 27001 Internal Auditor Training Course

ISO 27001 Auditor Conversion Training Course