BSI's “ISO 27001:2013 Lead Auditor” competency-based 4-day course teaches a general understanding of the concepts of the ISO 27001:2013 standard and the principles and practices of leading management systems and process audits in accordance with ISO 19011:2018, “Guidelines on Auditing Management Systems”. Experienced instructors explain the clauses of ISO 27001:2013 in detail and guide students through the entire audit process, from managing an audit program to reporting on audit results. Our qualified instructors will also help you to boost your audit capabilities with the latest development of the new 19011 standard. Students gain necessary auditing skills through a balance of formal classroom tutorials, role playing, group workshops, and open forum discussions.
This course comprises the following three Exemplar Global TPECS Competency Units whose outcomes are certified by Exemplar Global:
- IS - Information Security Management Systems
- AU - Management Systems Auditing
- TL - Leading Management Systems Audit Teams
Attendees successfully completing this course receive a Certificate of Attainment for each of Exemplar Global Competency Units listed above.
New to TPECS?
For more information, please see our Understanding the TPECS Course Structure page.
- Understand information security management definitions, concepts, and guidelines
- Understand the purpose of the ISO 27000 series
- Understand the requirements of the ISO 27001:2013 standard
- Understand the roles and responsibilities of the auditor
- Apply ISO 19011:2018 concepts, new terminology and guidelines
- Understand the types of risks and opportunities associated with auditing
- Recognize the principles, practices, and types of audits
- Conduct all phases of an audit adopting a risk-based approach, particularly in the section of audit planning
- Prepare and present effective reports
- Understand Exemplar Global's certification scheme
- Understand the role of objectives, scope and criteria in the audit process
- How to plan audits
- Conduct audit team selection
- Initiate the audit and conducting opening meetings
- Understand audit team leader responsibilities
- Communicate effectively during the audit
- Apply the latest auditor techniques and identify appropriate use
- Conduct on-site activities
- Prepare audit conclusions
- Conduct closing meetings
- Report audit results
You will have the option to receive your course materials in the following formats:
- Hard Copies: At the start of the course, a physical copy of the Student Handbook will be provided.
- Soft Copies: Prior to the course, an email with instructions on how to access the online Student Handbook, which can be viewed, downloaded or printed, will be sent to students.
NOTE: Copies of the standards are not included in the class fee. BSI will make reasonable efforts to have loaner copies available for use during the class, but students are encouraged to bring their own copy. Soft copies of the digital loaner standard cannot be printed or downloaded.
Who should attend?
- Individuals interested in conducting first-party, second-party, and third-party audits
- Management Representatives
- Information Security Officers
- Security Consultants
A prior review of the ISO 27001:2013 standard and internal audit experience are suggested for this course.
There are written tests on each of the competency units in turn on Days 2, 3 and 4. Detailed exam instructions will be provided. Certificates of Attainment in each competency unit will be provided for students who are deemed “Competent” for each competency unit. Certificates of attendance are provided to those who do not pass the competency test(s), and students will be given the opportunity to retake the test(s).
Online course option
This Course is also available as part of BSI's Connected Learning Live service. A virtual instructor lead training course taught live online in a virtual classroom. Scheduled times and dates are available here: Connected Learning Live ISO 27001:2013 Lead Auditor (TPECS)