ISO 27001 Internal Auditor Course

In this free online course you’ll learn everything you need to know about ISO 27001, but also how to perform an internal audit in your company. This ISO 27001 Internal Auditor course is made for beginners in information security and internal auditing, and no prior knowledge is needed to take this course. If you like this course, you can go for the certification exam.

The exam from this course is certified by Exemplar Global (formerly RABQSA). After passing the exam you will receive a certificate proving that you attained Information Security Management Systems and Management Systems Auditing competencies.

The course is organized into 10 modules, where each module has several video lectures and quizzes that will help you learn more quickly, as well as a recap quiz that will prepare you for the certification exam – please see below for the content of each module. All the video lectures are pre-recorded, so you can take the course from anywhere, at any time for your convenience.

  • The total course duration, including the reading of required materials, is approximately 15 hours.
  • Materials provided in the course (video lectures, articles, and activity questions) are everything you need to successfully pass the certification exam.
  • There is no time limit for taking the course, but it is recommended that you finish it within two weeks’ time.
  • Access to this course and the quizzes is completely free; the fee for the certification exam is US$ 449– after you pass the exam you’ll receive your certificate in a matter of days.
  • After you purchase the exam, you will receive the completely free ISO 27001 Internal Audit Checklist document, and a bonus PDF containing scripts from all of the video lectures and quizzes, links to additional reading, and access to the practice exams.

Course Curriculum

Introduction to the course 04:00:00
Module 1 - Introduction to ISO 27001
Introduction & suggested reading 00:00:00
What is ISO 27001? 01:30:00
The structure of ISO 27001 02:30:00
Information security principles 02:30:00
Introduction to the Information Security Management System 02:30:00
Implementing ISO 27001 requirements 03:00:00
Implementing ISO 27001 as a project 01:30:00
Documenting ISO 27001 requirements 03:30:00
ISO 27001 Benefits 02:30:00
Related documentation 00:00:00
Certification FAQs 00:00:00
Recap quiz 00:00:00
Module 2 - The planning phase
Introduction & suggested reading 00:00:00
Understanding your organization and its context [clause 4.1] 02:30:00
Understanding the needs and expectations of interested parties [clause 4.2] 02:00:00
Determining the scope of the ISMS [clause 4.3] 02:00:00
Leadership and commitment [clause 5.1] 02:00:00
Information Security Policy [clause 5.2] 01:00:00
Organizational roles, responsibilities and authorities [clause 5.3] 02:30:00
Information security objectives [clause 6.2] 02:30:00
Resources [clause 7.1] 02:00:00
Competence [clause 7.2] 01:30:00
Awareness [clause 7.3] 01:30:00
Communication [clause 7.4] 01:30:00
Documented information [clause 7.5] 03:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 3 - Risk management
Introduction & suggested reading 00:00:00
Addressing risks and opportunities [clause 6.1.1] 02:00:00
Risk management process [clause 6.1.2] 02:30:00
Information security risk assessment – Risk identification [clause 6.1.2] 03:00:00
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] 03:00:00
Information security risk treatment [clause 6.1.3] 03:00:00
Statement of Applicability [clause 6.1.3] 02:00:00
Risk treatment plan [clause 6.1.3] 00:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 4 - The Do phase
Introduction & suggested reading 00:00:00
Formulating the risk treatment plan [clause 6.1.3] 02:00:00
Implementing the risk treatment plan [clause 8.3] 01:30:00
Operational planning and control [clause 8.1] 02:30:00
Operating the ISMS [clause 8] 01:00:00
Managing outsourcing of operations [clause 8.1] 02:30:00
Controlling changes [clause 8.1] 02:30:00
Risk assessment review [clause 8.2] 02:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 5 - The Check and Act phases
Introduction & suggested reading 00:00:00
Monitoring, measurement, analysis, and evaluation [clause 9.1] 04:00:00
Internal audit [clause 9.2] 01:30:00
Management review [clause 9.3] 03:00:00
Nonconformities and corrective actions [clause 10.1] 04:30:00
Continual improvement [clause 10.2] 02:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 6 - Annex A – Control objectives and controls
Introduction & suggested reading 00:00:00
Introduction to Annex A – Reference control objectives and controls 02:30:00
Structure of Annex A 04:00:00
Information security policies [A.5] 02:00:00
Organization of information security [A.6] 02:30:00
Human resources security [A.7] 01:30:00
Asset management [A.8] 02:30:00
Access control [A.9] 02:00:00
Cryptography [A.10] 02:00:00
Physical and environmental security [A.11] 03:00:00
Operational security [A.12] 03:30:00
Communications security [A.13] 04:00:00
System acquisition, development and maintenance [A.14] 04:30:00
Supplier relationships [A.15] 02:30:00
Information security incident management [A.16] 03:30:00
Information security aspects of business continuity management [A.17] 03:00:00
Compliance [A.18] 03:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 7 - Introduction to the internal audit
Introduction & suggested reading 00:00:00
Internal vs. external audit 00:00:00
The main purpose of the internal audit 00:00:00
ISO Requirements for internal audits 00:00:00
Criteria for selecting the internal auditor 00:00:00
The audit findings 00:00:00
Nonconformities 00:00:00
Observations 00:00:00
Major and minor nonconformities 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 8 - Organizing the internal audit
Introduction & suggested reading 00:00:00
Organizing the internal audit 00:00:00
Internal audit procedure 00:00:00
Annual audit program 00:00:00
Audit plan for an individual audit 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 9 - Internal audit elements
Introduction & suggested reading 00:00:00
Internal audit elements 00:00:00
Document review 00:00:00
Creation of the checklist 00:00:00
Internal audit report 00:00:00
Corrective action requests and corrective action follow-up 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 10 - The main audit
Introduction & suggested reading 00:00:00
Auditor assumptions 00:00:00
Techniques for finding evidence 00:00:00
Sampling the records 00:00:00
Recording the evidence 00:00:00
Interviewing techniques 00:00:00
Remote audits 00:00:00
Auditing integrated management systems 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Instructions for taking the exam and obtaining the certificate 00:00:00

Benefits of getting the certificate

Certificate of competence proves that you attended the eTraining course, and that you passed the exam certified by Exemplar Global (formerly RABQSA). This ensures that you understand and can apply the knowledge you gained in each of the course's modules.

How to get certified?

It's simple:
1) Watch complete videos of all lectures, and answer all practice exams.
2) Pass the online certification exam.

Bonuses with the certificate

Once you purchase the certificate, you will receive the following bonuses:

Discount badge

Internal Audit Checklist (Word document)

The purpose of this document is to provide a list of questions in order to help perform an internal audit against ISO 27001 and/or ISO 22301. For each clause or control from the standard, the checklist provides one or more questions that should be asked during the audit in order to verify the implementation.

Course Script (PDF)

If you decide to purchase the exam you will get the PDF script from the course completely free. The script includes everything said in the videos and all quizzes.

This way, you can access course materials any time you like, making it much easier to practice and prepare for the exam.

Free exam retake

Once you purchase the exam, you will be able to retake it.

This means, if you do not pass the exam on your first attempt, you can retake it one time, free of charge.

There is no mandatory waiting period between the two attempts.

Practice Exam

With the purchase of the exam, you get access to practice exams. You can use these exams to test your knowledge and familiarize yourself with the exam environment.

The results from the practice exam do not have any effect on the results of the final exam.

Course Reviews

  1. Great Learning Experience

    This is my first certification on ISO 27001, i was not familiar with that before, but my company gave me a chance to be an Internal Auditor and that was a great experience! The course helped me to understand the whole purpose of ISO 27001 and what is needed to achieve that. Lessons are short and the questions help you to remember them and get prepared for the exam. Thank you, Advisera!

  2. Awesome Learning Experience

    Passing the ISO 27001 Internal Auditor certification exam, this is my second certification (my first was ISO 27001 Foundations Course) with Advisera. Indeed, it’s true to its promise to make you very ready for the certification exam. The lessons are easy to understand and the duration is sufficient and convenient. Dejan Kosutic is also a commendable instructor showing real expertise on the subject. Highly recommended training platform.👌

    Thank you again, Advisera!

  3. Excellent self learning option with great reading material and articles which enable one to get their head around ISO 27001 and how to practically go about adopting the same in your organisation. The free tools are an added bonus & the paid toolkit with support is worth every penny !!

  4. Great course

    A great introduction to ISO27001. Easy to understand and follow along.

  5. Perfect for beginners

    I am just starting internal audits in my company and can highly recommend the ISO 9001 and ISO 27001 courses. It helped me to get started in a short amount of time and my first audit went great.

  6. Great and very informative course

    Thank you for providing this so great course for free! Very informative and easy to understand the requirements of ISO 27001 and how to perform the internal audit.

  7. ISO27001 Internal Audit Course

    The course was delivered with every touch of professionalism and it covers detailed explanation of the requirement of the ISO27001. I have very much learned a great deal and will recommend anyone to go for it. I am planning to get the certificate by sitting for the exam soonest. I give it to you Advisera anytime

  8. Great course and well detailed

    The course is nicely flowed and cover most of the ISO 27001 framework with real live examples.

  9. Informative Course

    So I’ve just finished the ISO 27001 course and quite happy about all that I have learned in the course. It was very informative but also very easy to comprehend, and the activities after each insert really help in terms of testing ones’ understanding of the information before taking the practice exam. I am now thinking of taking the certification exam and feel I can do well because of the course.

  10. Here I am again!

    About 2 years ago I have completed ISO 27001 FOUNDATIONS COURSE, passed the test, received the Certificate and guess what? It helped me to find my new job with the position in Information Security immediately! On the top of that, on my new position from the first day I was thrown into the internal audit for ISO 27001 for my new organization and one month later we passed the external audit and became ISO 27001 Certified organization. So, to say that the course just helped me is not enough, I consider Advisera as my lucky charm :)) and going to continue my training with them.
    Once again, thank you very much for all the training materials you are providing for free, for certifications, and for being very supportive!
    All best!

  11. good project

    Very good project. Very informative. Easy to understand. Good luck

  12. Great course !

    Very clear, concise and precise. The format is perfect to learn quickly and advisera team is really reactive. Thanks Guys.

  13. Excellent well structured course

    Brilliant – I like the short modules with follow-up practical questions, reinforcing the learning. Excellent, thank you.

  14. Passed the internal audit exam

    Big thanks to Advisera, all the training modules were intuitive and easy to understand. Doing the certification forces you to really go over each module and understand it well. I am sure if I didn’t force myself to pay for the certificate I wouldn’t have learnt the course as well as I did.

    I would recommend anyone doing this course or working in this industry to purchase the certificate and book the exam 3 or 4 weeks later. That way it will force you to spend time going through each module and the practice exams. Without doing this I believe its too easy to skim over the modules without learning them properly.

  15. Great material provided with a great teaching approach.

    M Dejan Kosutic, is knowledgeable on the subject matter and provides clear examples and instructions that greatly facilitated learning. I’ve been recently certified as ISO27001 Lead Implementor but if I knew this course before, i would have used the first part as training material !
    Here is the icing on the cake : all this for free (if you don’t need the certificate) !
    As I don’t really need it I felt a bit ashamed of not retribute his work so, at least, i wanted to thank him and this website deeply through this review but I am keen to stress that I mean each word !

  16. ISO 27001


  17. Very well structured, to the point and excellent value.

    I found this course to be a great knowledge source for all who need more about information security and ISO systems in general. It’s informative, practical, interesting and connected to real world examples.

  18. ISO 27001 internal Audit

    Excellent presentation given by a gentleman that knows his material.

    The only negative thing I would like to add, is that it would be nice to be able to get these presentations via text, basically everything that is said and displayed during the presentation, would be very helpful to be able to read it all, since that is the way I learn better

  19. Nice Course

    Good Course with nice video tutorials

  20. Very good

    Some questions under the videos are not in line with the tutors’ videos. That is VERY confused. I followed the tutor as the correct source and not the Q&A.
    In general a very good program

  21. Review of ISO27001 Internal Auditor Course

    The course is well structure, very easy language and supported by good examples. Not boring at all.
    Thanks for good work.

  22. Well structured

    The course is well structured and the language is very easy to understand.


  23. ISO27001 Internal Audit Course

    Very good course indeed, Congratulations for your work.
    As a suggestion, I should put an small text explaining what is the goal of the video on each page and links to your articles when necessary.

  24. ISO27001 Internal Audit Course

    Excellent and complete course to ISO 27001 Internal Auditor.
    Very helpful and clear.
    I recomend it for all those want to go a step (or more) further to the Foundations Course.

  25. ISO27001 Internal Audit Course

    Provided an excellent introduction to ISO 27001 which supported the later stages of the course on internal auditing. As and already qualified ISO9001 lead auditor I already had the framework for internal auditing, but even so found the course extremely useful, and was comparable in content to some classroom courses I have attended

  26. ISO 27001 Internal Auditor

    The structure and content of the course are very well though out. I found the course easy to follow and clear.

  27. ISO 27001 Internal Auditor Course

    The explanations are very clear and objective.

  28. ISO 27001 Internal Auditor Course

    Very informative course.

  29. Very helpful, clear and explicit content. Thanks

  30. Informative, Targeted and Detailed

    This is a great course, it is easy to understand and is extremely detailed. Support is also intuitive and helpful. Keep up the great work.

  31. Helpfull and targeted

    It was both easy to understand and comprehensive.
    It would be even more helpfull if such a course also for more detailed risk management based on ISO 27001 and related standards in combination with this one exist.
    I also should thank support team for their quick response in case of problems! I made contacts 2 times and they were ready to answer within few seconds.

  32. Loved this free course.

    This was a very helpfull course for me, clear and precise. Along with Advisera very good articles and Dejan ebooks it gave me a very good understanding of the ISO 27000/22301 landscape and then a first overwiew of the internal audit purpose. Thank you Dejan for this great work!

  33. Shrikanth Hosur

    One of the best courses I have attended so far. Nuggets from Dejan’s experience and to the point and no nonsense kind of explanation has given me rich experience to upgrade myself. Thanks Dejan and team for all the hard work they have put in to chart this online course and other materials. Best wishes. God bless.

  34. ISO27001

    The course is very good and easy to understand and just complete the course now.

    Great job Dejan.

    Freddy Ntwari

  35. ISO 27001

    This is an absolutely great work and a huge contribution as well. I keep placing my fingers on and off the keyboard because I don’t know what to write – I am honestly short of words.

    Thank you Dejan.

  36. introducction

    course is in two parts, the second is about internal auditor

  37. Clear and excellent course

    Thanks! A very useful course

  38. thanks a lot for this enriching information for free enjoyed and learned a lot from it to take a my career to the next level

    ISO 27001 INTERNAL AUDIT is the study on interest for me will be coming back for more cheers

  39. It's really worth

    Thanks Dejan! This course is very useful for me.


  40. well simplified and explained in detail.

  41. Blown away with the level of details in a very good and clear English...

    I usually do not leave feedbacks, but for this course I just could not hold myself back. Dejan has done a great job in explaining all the sections of 27001 in a very precise and clear to understand english. Anyone who wants to understand what 27001 is, I bet you are not going to find anything like this. This is hands down the best online zero cost tutorial and beats the ones where there is a cost associated.

    Kudos Dejan for such a great job!!

  42. Internal auditor corse ISO27001

    For those who are interested in ISMS, it’s the best course, presented in a very beautiful and clear English
    I appreciated

  43. Excellent Course

    This course is very useful!
    Thanks Dejan.

  44. Very good Internal Audit Course

    The course is very good and easy to understand but I am still follow up .

    Great job Dejan.

    Freddy Ntwari

  45. Excellent Internal Audit Course

    The course was excellent and free
    Thank you.
    Leonardo Miljko

  46. Excelent.

  47. smj

    Internal Audit Course

    Great job by Dejan.

  48. View moreShow less

Frequently Asked Questions

No, you can attend the course as long as you like; however, you should try to finish it in a couple of weeks because otherwise, you won’t get enough benefits out of it.

You can access it any time – the course is a combination of recorded video lectures, quizzes, reading, and other activities, and because all those materials are readily available, you can access them at a time that is convenient for you.

None. The course was made in such a way that a beginner in this topic can easily understand it.

Well, we have to make money somehow :). We have made most of the course freely available, but to access the exam and get the certificate you’ll have to pay a fee – by the way, this fee is by far smaller than the fee for attending the classroom-type course. Additionally, when you pay for the certificate, you will be able to download a PDF scripts from all of the video lectures, activity questions, practice exams, and links to additional reading. This way, you can access the content from the course and prepare for the exam much more easily.

The exam, as well as the whole course, is completely done online, from your office, your home, or any other place convenient for you. For the exam we use an online proctoring service – click here to learn more.

After you finish attending the course, you can go for the exam – if you finish this exam successfully, i.e., if your score is above the minimum, then you will receive the certificate. By the way, during the exam we use an online proctoring service that will ask for proof of your identity, and make sure that you have taken the exam with no external help. Click here to learn more about online proctoring.

The course is a combination of recorded video lectures, quizzes, reading, and other activities – the course takes you through all these materials in an optimal way.

You can access the course using your PC, Mac, or mobile device, using any major browser (i.e., Chrome, Mozilla, Internet Explorer, Safari); a broadband Internet connection will also be needed. And, of course, enough time to attend the course.

The materials provided in the course – recorded video lectures, quizzes, readings, practice exams, and other activities – are everything you need to successfully pass the exam and obtain the certificate. The best part is: they are completely free with unlimited access!

If you decide to purchase the exam, you will receive a bonus PDF containing scripts from all of the video lectures, quiz questions, links to additional reading, and access to the practice exams. This way, you can prepare for the exam much more easily.



  • Exemplar Global logo
    Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL logo
    ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL logo
    DNV GL Business Assurance is one of the leading providers of accredited management systems certification.