Lead auditor isms ISO/IEC 27001:2013


  • Receive concentrated and comprehensive training in the theory and practice of auditing Information Security Management Systems (ISMS) based on ISO/IEC 27001:2013.
  • Gain a practical understanding of the responsibilities of an information security auditor, and the techniques and methodologies required to effectively audit an ISMS.

On successful completion of the assessment activities,will put you on the pathway towards the Nationally Recognised qualification BSB50920 Diploma in Quality Auditing. For more information, please refer to Qualifications offered by SAI Global

This 5 day course covers the following topics:

  1. Specific requirements outlined in ISO/IEC 27001;2013
  2. Information technology, security techniques and security management systems
  3. Auditing an ISMS that protects information assets such as financial data, customer records and proprietary corporate information
  4. Exploring the practice and perfecting the necessary competencies to undertake efficient and effective audits of ISMS through in-class activities, case studies and open discussions

On successful completion of this course, participants will obtain the knowledge and skills to:

  1. Review auditee documentation
  2. Develop audit schedules
  3. Identify, gather, analyse and evaluate information
  4. Conduct an entry and exit meeting
  5. Assess the scope and objectives of an audit
  6. Communicate with an auditee regarding the proposed audit
  7. Identify the resources required to conduct an ISMS audit
  8. Prepare and manage audit team resources
  9. Prepare audit related documentation
  10. Develop and submit an audit plan
  11. Guide team members in continuously improving their performance
  12. Compile audit results and report findings
  13. Negotiate the follow up process with an auditee
  14. Monitor and review an audit system and its activities

Upon successful completion of all formal assessments, participants will receive Nationally Accredited units stated below: Statement of Attainment

  • BSBAUD411 Participate in quality audits
  • BSBAUD511 Initiate quality audits
  • BSBAUD512 Lead quality audits
  • BSBAUD513 Report on quality audits

NRT logo Issued by SAI Global (RTO: 106919) All individuals who are enrolled in, or completing nationally recognised training will require a Unique Student Identifier (USI). A USI number is required before a Statement of Attainment or Diploma can be issued. You can apply for a USI at no cost. Please visit USI website to obtain one. In addition, this course issues the below TPECS competency units which is certified by Exemplar Global. Certificate of Attainment

  • Exemplar Global AU Management systems auditing
  • Exemplar Global TL Leading management systems audit teams
  • Exemplar Global IS Information security management systems

This course is intended for those who will be involved in leading audits of an ISMS that conforms to ISO/IEC 27001:2013, or who will become, involved in internal information security audits, second party (i.e. vendor) audits and/or third party audits. Suggested job roles and their teams include

  1. Information security managers
  2. IT and Corporate security managers
  3. Corporate governance managers
  4. Risk and compliance managers
  5. Information security consultants

You should have knowledge of Information Security Management principles, concepts and specifically the requirements of ISO/IEC 27001:2013. You should also have knowledge of the key Plan-Do-Check-Act (PDCA) cycle within management systems.