CALL US +1 (646) 759 9933

Please register to access the free course

Account Details


ISO 27001:2013 Internal Auditor Course

In this free online course you’ll learn everything you need to know about ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners in information security and internal auditing, and no prior knowledge is needed to take this course. If you like this course, you can go for the certification exam.

The exam from this course is certified by Exemplar Global (formerly RABQSA). After passing the exam you will receive a certificate proving that you attained Information Security Management Systems and Management Systems Auditing competencies.

The course is organized into 10 modules, where each module has several video lectures and activities that will help you learn more quickly, as well as a practice exam that will prepare you for the certification exam – please see below for the content of each module. All the video lectures are pre-recorded, so you can take the course from anywhere, at any time for your convenience.

  • The total course duration, including the reading of required materials, is approximately 15 hours.
  • Materials provided in the course (video lectures, articles, and activity questions) are everything you need to successfully pass the certification exam.
  • There is no time limit for taking the course, but it is recommended that you finish it within two weeks’ time.
  • The access to this course and to the practice exams is completely free; the fee for the certification exam is US$ 449– after you pass the exam you’ll receive your certificate in a matter of days.
ISO training | ISO 27001:2013 Internal Auditor Course
Course instructor: Dejan Kosutic
Course language: English
4813 students
The course instructor is Dejan Kosutic, who has rich experience with ISO 27001, but also with ISO 22301 as a consultant, certification auditor, and tutor. He is the author of numerous articles in the leading ISO 27001 blog, and also of the ISO 27001 Documentation Toolkit.

Course Curriculum

Introduction to the course
Module 1 - Introduction to ISO 27001
Introduction & suggested reading
What is ISO 27001?
The structure of ISO 27001
Information security principles
Introduction to the Information Security Management System
Implementing ISO 27001 requirements
Implementing ISO 27001 as a project
Documenting ISO 27001 requirements
ISO 27001 Benefits
Related documentation
Practice exam
Module 2 - The planning phase
Introduction & suggested reading
Understanding your organization and its context [clause 4.1]
Understanding the needs and expectations of interested parties [clause 4.2]
Determining the scope of the ISMS [clause 4.3]
Leadership and commitment [clause 5.1]
Information Security Policy [clause 5.2]
Organizational roles, responsibilities and authorities [clause 5.3]
Information security objectives [clause 6.2]
Resources [clause 7.1]
Competence [clause 7.2]
Awareness [clause 7.3]
Communication [clause 7.4]
Documented information [clause 7.5]
Related documentation
Practice exam
Module 3 - Risk management
Introduction & suggested reading
Addressing risks and opportunities [clause 6.1.1]
Risk management process [clause 6.1.2]
Information security risk assessment – Risk identification [clause 6.1.2]
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2]
Information security risk treatment [clause 6.1.3]
Statement of Applicability [clause 6.1.3]
Risk treatment plan [clause 6.1.3]
Related documentation
Practice exam
Module 4 - The Do phase
Introduction & suggested reading
Formulating the risk treatment plan [clause 6.1.3]
Implementing the risk treatment plan [clause 8.3]
Operational planning and control [clause 8.1]
Operating the ISMS [clause 8]
Managing outsourcing of operations [clause 8.1]
Controlling changes [clause 8.1]
Risk assessment review [clause 8.2]
Related documentation
Practice exam
Module 5 - The Check and Act phases
Introduction & suggested reading
Monitoring, measurement, analysis, and evaluation [clause 9.1]
Internal audit [clause 9.2]
Management review [clause 9.3]
Nonconformities and corrective actions [clause 10.1]
Continual improvement [clause 10.2]
Related documentation
Practice exam
Module 6 - Annex A – Control objectives and controls
Introduction & suggested reading
Introduction to Annex A – Reference control objectives and controls
Structure of Annex A
Information security policies [A.5]
Organization of information security [A.6]
Human resources security [A.7]
Asset management [A.8]
Access control [A.9]
Cryptography [A.10]
Physical and environmental security [A.11]
Operational security [A.12]
Communications security [A.13]
System acquisition, development and maintenance [A.14]
Supplier relationships [A.15]
Information security incident management [A.16]
Information security aspects of business continuity management [A.17]
Compliance [A.18]
Related documentation
Practice exam
Module 7 - Introduction to the internal audit
Introduction & suggested reading
Internal vs. external audit
The main purpose of the internal audit
Requirements of ISO 27001
Criteria for selecting the internal auditor
The audit findings
Major and minor nonconformities
Definition of major nonconformity
ISO 19011
Related documentation
Practice exam
Module 8 - Organizing the internal audit
Introduction & suggested reading
Organizing the internal audit
Internal audit procedure
Annual audit program
Audit plan for an individual audit
Related documentation
Practice exam
Module 9 - Internal audit elements
Introduction & suggested reading
Internal audit elements
Document review
Creation of the checklist
Internal audit report
Corrective action requests
Corrective action follow-up
Related documentation
Practice exam
Module 10 - The main audit
Introduction & suggested reading
Auditor assumptions
Techniques for finding evidence
Sampling the records
Recording the evidence
Interviewing techniques
Related documentation
Practice exam
Instructions for taking the exam and obtaining the certificate

Course Reviews

  1. Profile photo of Rado Rado says:

    Very well structured, to the point and excellent value.
    I found this course to be a great knowledge source for all who need more about information security and ISO systems in general. It’s informative, practical, interesting and connected to real world examples.

  2. ISO 27001 internal Audit
    Excellent presentation given by a gentleman that knows his material.

    The only negative thing I would like to add, is that it would be nice to be able to get these presentations via text, basically everything that is said and displayed during the presentation, would be very helpful to be able to read it all, since that is the way I learn better

  3. Nice Course
    Good Course with nice video tutorials

  4. Profile photo of angvar angvar says:

    Very good
    Some questions under the videos are not in line with the tutors’ videos. That is VERY confused. I followed the tutor as the correct source and not the Q&A.
    In general a very good program

  5. Review of ISO27001 Internal Auditor Course
    The course is well structure, very easy language and supported by good examples. Not boring at all.
    Thanks for good work.

  6. Profile photo of Chuksojeme Chuksojeme says:

    Well structured
    The course is well structured and the language is very easy to understand.


  7. Profile photo of fortinux fortinux says:

    ISO27001 Internal Audit Course
    Very good course indeed, Congratulations for your work.
    As a suggestion, I should put an small text explaining what is the goal of the video on each page and links to your articles when necessary.

  8. ISO27001 Internal Audit Course
    Excellent and complete course to ISO 27001 Internal Auditor.
    Very helpful and clear.
    I recomend it for all those want to go a step (or more) further to the Foundations Course.

  9. ISO27001 Internal Audit Course
    Provided an excellent introduction to ISO 27001 which supported the later stages of the course on internal auditing. As and already qualified ISO9001 lead auditor I already had the framework for internal auditing, but even so found the course extremely useful, and was comparable in content to some classroom courses I have attended

  10. ISO 27001:2013 Internal Auditor
    The structure and content of the course are very well though out. I found the course easy to follow and clear.

  11. Profile photo of dacyrgatto dacyrgatto says:

    ISO 27001:2013 Internal Auditor Course
    The explanations are very clear and objective.

  12. Profile photo of yalex yalex says:

    ISO 27001:2013 Internal Auditor Course
    Very informative course.

  13. Very helpful, clear and explicit content. Thanks

  14. Informative, Targeted and Detailed
    This is a great course, it is easy to understand and is extremely detailed. Support is also intuitive and helpful. Keep up the great work.

  15. Profile photo of Naeimeh Naeimeh says:

    Helpfull and targeted
    It was both easy to understand and comprehensive.
    It would be even more helpfull if such a course also for more detailed risk management based on ISO 27001 and related standards in combination with this one exist.
    I also should thank support team for their quick response in case of problems! I made contacts 2 times and they were ready to answer within few seconds.

  16. Loved this free course.
    This was a very helpfull course for me, clear and precise. Along with Advisera very good articles and Dejan ebooks it gave me a very good understanding of the ISO 27000/22301 landscape and then a first overwiew of the internal audit purpose. Thank you Dejan for this great work!

  17. Profile photo of Shrikanth Shrikanth says:

    Shrikanth Hosur
    One of the best courses I have attended so far. Nuggets from Dejan’s experience and to the point and no nonsense kind of explanation has given me rich experience to upgrade myself. Thanks Dejan and team for all the hard work they have put in to chart this online course and other materials. Best wishes. God bless.

  18. ISO27001
    The course is very good and easy to understand and just complete the course now.

    Great job Dejan.

    Freddy Ntwari

  19. Profile photo of aderems aderems says:

    ISO 27001
    This is an absolutely great work and a huge contribution as well. I keep placing my fingers on and off the keyboard because I don’t know what to write – I am honestly short of words.

    Thank you Dejan.

  20. Profile photo of Leonela Leonela says:

    course is in two parts, the second is about internal auditor

  21. Profile photo of m.paradiso m.paradiso says:

    Clear and excellent course
    Thanks! A very useful course

  22. thanks a lot for this enriching information for free enjoyed and learned a lot from it to take a my career to the next level
    ISO 27001 INTERNAL AUDIT is the study on interest for me will be coming back for more cheers

  23. Profile photo of goalone goalone says:

    It's really worth
    Thanks Dejan! This course is very useful for me.


  24. Profile photo of Joanna Joanna says:

    well simplified and explained in detail.

  25. Blown away with the level of details in a very good and clear English...
    I usually do not leave feedbacks, but for this course I just could not hold myself back. Dejan has done a great job in explaining all the sections of 27001 in a very precise and clear to understand english. Anyone who wants to understand what 27001 is, I bet you are not going to find anything like this. This is hands down the best online zero cost tutorial and beats the ones where there is a cost associated.

    Kudos Dejan for such a great job!!

  26. Internal auditor corse ISO27001
    For those who are interested in ISMS, it’s the best course, presented in a very beautiful and clear English
    I appreciated

  27. Profile photo of aelsheerif aelsheerif says:

    Excellent Course
    This course is very useful!
    Thanks Dejan.

  28. Very good Internal Audit Course
    The course is very good and easy to understand but I am still follow up .

    Great job Dejan.

    Freddy Ntwari

  29. Profile photo of LeonardoM LeonardoM says:

    Excellent Internal Audit Course
    The course was excellent and free
    Thank you.
    Leonardo Miljko

  30. Profile photo of smj smj says:

    Internal Audit Course
    Great job by Dejan.

Frequently Asked Questions

The materials provided in the course – recorded video lectures, quizzes, reading, and other activities – are everything you need to successfully pass the exam and obtain the certificate. The best part is: they are completely free with unlimited access!

You can access the course using your PC, Mac, or mobile device, using any major browser (i.e., Chrome, Mozilla, Internet Explorer, Safari); a broadband Internet link will also be needed. And, of course, enough time to attend the course.

The course is a combination of recorded video lectures, quizzes, reading, and other activities – the course takes you through all these materials in an optimal way.

After you finish attending the course, you can go for the exam – if you finish this exam successfully, i.e., if your score is above the minimum, then you will receive the certificate. By the way, during the exam we use an online proctoring service that will ask for proof of your identity, and make sure that you have taken the exam with no external help. Click here to learn more about online proctoring.

The exam, as well as the whole course, is completely done online, from your office, your home, or any other place convenient for you. For the exam we use an online proctoring service – click here to learn more.

Well, we have to make money somehow :). We have made most of the course freely available, but to access the exam and get the certificate you’ll have to pay a fee – by the way, this fee is by far smaller than the fee for attending the classroom-type course.

None. The course was made in such a way that a beginner in this topic can easily understand it.

You can access it any time – the course is a combination of recorded video lectures, quizzes, reading, and other activities, and because all those materials are readily available, you can access them at a time that is convenient for you.

No, you can attend the course as long as you like; however, you should try to finish it in a couple of weeks because otherwise, you won’t get enough benefits out of it.



  • Exemplar Global (formerly RABQSA) is leading international
    authority in certification of training providers.

  • ITIL® is a registered trade mark of AXELOS Limited.
    Used under licence of AXELOS Limited. All rights reserved.

  • DNV GL Business Assurance is one of the leading providers of
    accredited management systems certification.