BSI's “ISO 27001:2013 Internal Auditor” competency-based 3-day course teaches a general understanding of the concepts of the ISO 27001:2013 standard and the principles and practices of effective internal audits in accordance with ISO 19011:2018, “Guidelines on Auditing Management Systems”. Experienced instructors explain the clauses of ISO 27001:2013 in detail and guide students through internal audits that are required for an information security management system. Our qualified instructor will also help you to boost your audit capabilities with the latest developments of the 19011 standard. Students gain necessary auditing skills through a balance of formal classroom tutorials, practical role-playing, group workshops, and open forum discussions.
This course comprises the following two Exemplar Global TPECS Competency Units whose outcomes are certified by Exemplar Global:
Attendees successfully completing this course receive a Certificate of Attainment for each of Exemplar Global Competency Units listed below.
- IS - Information Security Management Systems
- AU - Management Systems Auditing
New to TPECS?
For more information, please see our Understanding the TPECS Course Structure page.
- Understand information security management definitions, concepts, and guidelines
- Understand the purpose of the ISO 27000 series
- Understand the requirements of the ISO 27001:2013 standard
- Understand the roles and responsibilities of the auditor
- Apply ISO 19011:2018 concepts, new terminology and guidelines
- Understand the types of risks and opportunities associated with auditing
- Recognize the principles, practices, and types of audits
- Conduct all phases of an internal audit adopting a risk-based approach
- Prepare and present effective reports
- Understand Exemplar Global's certification scheme
You will have the option to receive your course materials in the following formats:
- Hard Copies: At the start of the course, a physical copy of the Student Handbook will be provided.
- Soft Copies: Prior to the course, an email with instructions on how to access the online Student Handbook, which can be viewed, downloaded or printed, will be sent to students.
NOTE: Copies of the standards are not included in the class fee. BSI will make reasonable efforts to have loaner copies available for use during the class, but students are encouraged to bring their own copy. Soft copies of the digital loaner standard cannot be printed or downloaded.
Who should attend?
- Individuals interested in conducting, managing, or participating in first-party (internal) audits
- Management system implementation team members
- Information Security Managers
A prior review of the ISO 27001:2013 and ISO 27002:2013 standards and knowledge of information security practices and an understanding of auditing principles is suggested for this course.
There are written tests on each of the competency units in turn on Days 2 and 3. Detailed exam instructions will be provided. Certificates of Attainment in each competency unit will be provided for students who are deemed “Competent” for each competency unit. Certificates of attendance are provided to those who do not pass the competency test(s), and students will be given the opportunity to retake the test(s).
Online course option
This Course is also available as part of BSI's Connected Learning Live service. A virtual instructor lead training course taught live online in a virtual classroom. Scheduled times and dates are available here: Connected Learning Live ISO 27001:2013 Internal Auditor (TPECS)