Auditing an ISMS ISO/IEC 27001:2013


This two day advanced course develops the skills needed to perform effective internal/external audits against the ISO/IEC 27001:2013 Information Security Management Systems standard. Participants will learn how to use an audit program to monitor and improve their organization’s Information Security Management System, and develop the skills needed to conduct effective audits.

This course forms part of the five-day Lead Auditor in Information Security systems course and provides a technical understanding of ISO/IEC 27001:2013.

This course covers the following topics:

  1. Overview of an ISMS
  2. Understanding ISO/IEC 27001:2013ISO/IEC 27002:2013 and ISO/IEC 27005
  3. The intent of ISO/IEC 27001
  4. How auditors should seek and capture objective evidence

On successful completion of this course, participants will be able to /p>

  1. Discuss how ISO/IEC 27001:2013 relates to the business management system
  2. Understand the application of an ISMS in the context of ISO/IEC 27001:2013
  3. Understand the relationship of an ISMS with the critical information of an organization
  4. Review the ISMS documentation including the risk assessment and Statement of Applicability
  5. Assess an ISMS for its compliance with the security objectives of an organization and ISO/IEC 27001:2013

Upon successful completion of all formal assessments, participants will receive:

Certificate of Attainment

Exemplar Global IS Information security management systems

Exemplar Global Logo

This course is ideal for those who will be either taking part in or leading audits of an ISMS that conforms to ISO/IEC 27001:2013 in any organization.

Suggested job roles and their teams include (but are not limited to)

  1. Information security managers
  2. IT and Corporate security managers
  3. corporate governance managers
  4. Risk and compliance managers
  5. Information security consultants

You should have knowledge of how management systems work and the key Plan-Do-Check-Act (PDCA) cycle. You should also have knowledge of the requirements of ISO/IEC 27001:2013. If you do not, we recommend attending our one day ISO/IEC 27001:2013 Foundation course

What accreditation or recognition does this course have?

This course is accredited and leads to the units of competency as outlined in the Achievement section.

Does this course have any assessment requirements?

As an accredited course, this course contains assessment requirements. The course contains a series of in-class assessment activities designed to reinforce the key skills and knowledge outcomes and knowledge checks at the end of each day.

How do I apply for Exemplar Global recognition?

Once you have completed all the assessment requirements of this course for Exemplar Global you can apply to Exemplar Global as a “provisional auditor”. For more information visit;

How do I access my certificate?

Your Statement of Attendance will be sent to you on completion of the course. Your Exemplar Global Certificate of Attainment will be emailed this as a pdf on successful completion of all course assessment requirements. This will take up to 28 days once attainment of the relevant units of competency is confirmed by the assessor.

Who is the trainer for my course?

All of our trainers and assessors have extensive and current industry experience and qualifications and meet the national requirements for VET trainers and Exemplar Global.

What other courses are relevant to this course?

Other courses that may be of interest include; Foundation and Implementing an Information Security Management System or Lead Auditor Information Security Management Systems. If you are looking to increase your portfolio of management systems you may be interested in our other auditing management systems courses (ISO 9001, ISO 14001, ISO 45001)

What if I require assistance in completing this course? For example; Literacy, numeracy, physical, vision or hearing support

We are able to modify some course requirements – please contact customer support to discuss any concerns or support requirements you may have.

  • Learn how to audit an information security management program that complies with ISO 27001:2013.
  • Enhance your career by gaining a professional qualification with Exemplar Global recognition as an Information Security Management Systems auditor.
  • Successful auditing will improve the protection of any organisation’s private data to meet market assurance and corporate governance needs