Take the ISO 27001 course exam and get the
EU GDPR course exam for free

You must be logged in to take this course  →   |

ISO 27001 Lead Auditor Course

This course is accredited by ASIC and allows you to become a certified auditor for ISO 27001. This course was created to help you build your auditing practice and expand your service portfolio. The course includes certification, backed by ASIC, that allows you to perform ISO 27001 audits and certify companies for the standard.

The course is divided into three sections:

  1. A video library: stores lectures and information on how to write procedures and documents required for the standard.
  2. An interactive workshop: helps you practice the concepts necessary for implementing the standard.
  3. Certification exam: upon successful completion of the exam, you will get a certificate and a badge for your LinkedIn profile to highlight your qualifications.

Course Curriculum

Introduction to the course 00:00:00
Module 1 - Introduction to ISO 27001
Introduction & suggested reading 00:00:00
What is ISO 27001? 01:30:00
The structure of ISO 27001 02:30:00
Information security principles 02:30:00
Introduction to the Information Security Management System 02:30:00
Implementing ISO 27001 requirements 03:00:00
Implementing ISO 27001 as a project 01:30:00
Documenting ISO 27001 requirements 03:30:00
ISO 27001 Benefits 02:30:00
ISO 27001 Benefits – Real-life exercise 00:00:00
Related documentation 00:00:00
Certification FAQs 00:00:00
Recap quiz 00:00:00
Module 2 - The planning phase
Introduction & suggested reading 00:00:00
Understanding your organization and its context [clause 4.1] 02:30:00
Understanding the needs and expectations of interested parties [clause 4.2] 02:00:00
Determining the scope of the ISMS [clause 4.3] 02:00:00
Leadership and commitment [clause 5.1] 02:00:00
Information Security Policy [clause 5.2] 01:00:00
Organizational roles, responsibilities and authorities [clause 5.3] 02:30:00
Information security objectives [clause 6.2] 02:30:00
Resources [clause 7.1] 02:00:00
Competence [clause 7.2] 01:30:00
Awareness [clause 7.3] 01:30:00
Communication [clause 7.4] 01:30:00
Documented information [clause 7.5] 03:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 3 - Risk management
Introduction & suggested reading 00:00:00
Addressing risks and opportunities [clause 6.1.1] 02:00:00
Risk management process [clause 6.1.2] 02:30:00
Information security risk assessment – Risk identification [clause 6.1.2] 03:00:00
Exercise: Information security risk assessment – Risk identification 00:00:00
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] 03:00:00
Information security risk treatment [clause 6.1.3] 03:00:00
Statement of Applicability [clause 6.1.3] 02:00:00
Risk treatment plan [clause 6.1.3] 00:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 4 - The Do phase
Introduction & suggested reading 00:00:00
Formulating the risk treatment plan [clause 6.1.3] 02:00:00
Implementing the risk treatment plan [clause 8.3] 01:30:00
Operational planning and control [clause 8.1] 02:30:00
Operating the ISMS [clause 8] 01:00:00
Managing outsourcing of operations [clause 8.1] 02:30:00
Controlling changes [clause 8.1] 02:30:00
Risk assessment review [clause 8.2] 02:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 5 - The Check and Act phases
Introduction & suggested reading 00:00:00
Monitoring, measurement, analysis, and evaluation [clause 9.1] 04:00:00
Internal audit [clause 9.2] 01:30:00
Management review [clause 9.3] 03:00:00
Nonconformities and corrective actions [clause 10.2] 04:30:00
Continual improvement [clause 10.1] 02:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 6 - Overview of Annex A
Introduction & suggested reading 00:00:00
Introduction to Annex A 00:00:00
People controls 00:00:00
Physical controls 00:00:00
Technological controls – overview and new controls 00:00:00
Technological controls – software development 00:00:00
Technological controls – operational security 00:00:00
Organizational controls – policies and responsibilities 00:00:00
Organizational controls – information and asset management 00:00:00
Organizational controls – operational security 00:00:00
Organizational controls – supplier security 00:00:00
Organizational controls – incidents and business continuity 00:00:00
Organizational controls – compliance, privacy, and legal aspects of security 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 7 - Auditing basics
Introduction & suggested reading 00:00:00
Auditor assumptions 01:30:00
Techniques for finding evidence 04:30:00
Sampling the records 01:30:00
Interviewing techniques 04:00:00
The audit findings 01:30:00
Nonconformities 02:00:00
Observations 01:30:00
Internal vs. external audit 01:30:00
Annual audit program 04:30:00
Audit plan for an individual audit 03:00:00
Creation of the checklist 03:30:00
Internal audit report 01:30:00
Corrective action follow-up 01:00:00
Recording the evidence 02:00:00
Recap quiz 00:00:00
Module 8 - Understanding auditing standards
Introduction & suggested reading 00:00:00
What is certification? 00:00:00
Certification process 00:00:00
Certification of integrated management systems 00:00:00
Introduction to accreditation and ISO 17021 00:00:00
Competences of lead auditors required by ISO 17021-1 00:00:00
Introduction to International Accreditation Forum (IAF) documents 00:00:00
Introduction to ISO 19011 00:00:00
Principles of auditing 00:00:00
Recap quiz 00:00:00
Module 9 - Understanding audit roles and responsibilities
Introduction & suggested reading 00:00:00
Audit Team Leader / Lead Auditor 00:00:00
Auditor 00:00:00
Technical Specialist 00:00:00
Certification Reviewer 00:00:00
Audit Client 00:00:00
Management Team 00:00:00
Auditee 00:00:00
Hosts / Guides 00:00:00
Recap quiz 00:00:00
Module 10 - Planning the audits
Introduction & suggested reading 00:00:00
Audit criteria and objectives 00:00:00
Audit scope 00:00:00
Selecting audit methods 00:00:00
Sampling evidence in audits 00:00:00
Types of remote auditing techniques 00:00:00
Deciding when to use remote auditing techniques 00:00:00
Planning the use of remote auditing techniques 00:00:00
Selecting the audit team 00:00:00
Managing audit risks 00:00:00
Preparing the audit plan 00:00:00
Allocating audit activities to auditors 00:00:00
Making contact with the audit client 00:00:00
Preparation of audit resources 00:00:00
Recap quiz 00:00:00
Module 11 - Managing the audit process
Introduction & suggested reading 00:00:00
Opening meeting 00:00:00
Managing site visits 00:00:00
Interviews 00:00:00
Audit evidence requests 00:00:00
Debriefing sessions 00:00:00
Dealing with conflicts 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 12 - Managing your audit team
Introduction & suggested reading 00:00:00
The importance of managing your audit team 00:00:00
Communication with the team before the audit 00:00:00
Managing audit progress 00:00:00
Team meetings 00:00:00
Managing audit findings 00:00:00
Managing audit records 00:00:00
What to do when you hit problems 00:00:00
Evaluating your audit management 00:00:00
Recap quiz 00:00:00
Module 13 - Completing a successful audit
Introduction & suggested reading 00:00:00
Audit findings 00:00:00
How to reach audit conclusions 00:00:00
Planning the closing meeting 00:00:00
Holding an effective closing meeting 00:00:00
Dealing with feedback at closing meetings 00:00:00
Effective audit report writing 00:00:00
Post-audit activities, corrections, and correction actions 00:00:00
Certification review process 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Instructions for taking the exam and obtaining the certificate 00:00:00
  • Access video lectures for free
  • 13 MODULES
  • COURSE DURATION: 20 hours
Price: US$ 1797
You will receive a temporary certificate valid until final payment is due. The final certificate will be delivered upon full payment.
    With the purchase you get:
  • 1-Day online workshop
  • Certificate approved by ASIC
  • Access to course script
  • Free exam retake
  • Access to practice exam
  • Price US$ 1797

  • Leading international authority in certification of training providers
STEP 1: Watch video lectures

The 13 modules in the video lectures portion of this ISO 27001 training are available for absolutely no cost. Each module contains several video lectures and quizzes for enhancing your skills and to help you get ready for certification audits of a management system. You can read about the content of each module in the curriculum above. All of the video lectures are recorded, meaning that you are free to take the course at home, at work, or anywhere else, whenever is convenient.

Course instruction is provided by Garry Cornell and Dejan Kosutic. Garry has extensive experience working with ISO standards in various capacities, including as a senior manager, a consultant, and a management system certification auditor. He has worked with a wide range of companies all over the world, helping them with their ISO standard implementation projects and their efforts toward continual improvement of their management systems. Dejan has broad experience with international standards such as ISO 27001 and ISO 22301, having worked as a certification auditor, trainer, and consultant. He is also an author, writing articles for leading ISO 27001 blog, as well as several ISO 27001 Documentation Toolkits.

ISO 27001 Lead Auditor Course

Type: Online video lectures

Course language: English

STEP 2: Attend a workshop

We know you’re not going to develop all of the necessary skills for ISO 27001 auditor through watching videos. That’s why we designed a one-day, interactive workshop where you can acquire practical knowledge about performing management system certification audits. Through an online workshop via webinar you will enjoy enhanced learning opportunities through roleplay, case studies, and other activities. You will also work on developing the soft skills needed to prepare for the certification exam, and to excel as a certification auditor.

Check out the list of dates to see if one is convenient for you. You can attend the online workshop from home, your office, or anywhere else.

ISO 27001 Lead Auditor Course

Duration: 1-day workshop

Type: Online webinar

Workshop language: English

STEP 3: Pass the online exam

After you finish watching the video lectures and attending the workshop, you will be ready to take the final step: the certification exam. You can take this online exam from your home, your office, or any other place that is convenient for you.

This online exam has been certified by ASIC, and you will receive your certificate once you successfully pass the test. This certification is highly regarded, serving as evidence that you are competent to perform certification audits according to ISO 27001.

The fee for the exam is included in the price of the workshop, and you will have access to the exam after you schedule your workshop.

ISO 27001 Lead Auditor Course

Number of questions: 78

Type: Online proctored exam

Exam language: English

Benefits of getting the certificate

Certificate of competence proves that you attended the auditor training course, and that you passed the exam certified by ASIC. This ensures that you understand and can apply the knowledge you gained in each of the course's modules.

How to get certified?

It's simple:
1) Watch complete videos of all lectures and answer all practice exams.
2) Attend the workshop.
3) Pass the online exam.

Bonuses with the certificate

Once you purchase the certificate, you will receive the following bonuses:

Discount badge

Internal Audit Checklist (Word document)

The purpose of this document is to provide a list of questions in order to help perform an internal audit against ISO 27001 and/or ISO 22301. For each clause or control from the standard, the checklist provides one or more questions that should be asked during the audit in order to verify the implementation.

Course Script (PDF)

If you decide to purchase the exam you will get the PDF script from the course completely free. The script includes everything said in the videos and all quizzes.

This way, you can access course materials any time you like, making it much easier to practice and prepare for the exam.

Free exam retake

Once you purchase the exam, you will be able to retake it.

This means, if you do not pass the exam on your first attempt, you can retake it one time, free of charge.

There is no mandatory waiting period between the two attempts.

Practice Exam

With the purchase of the exam, you get access to practice exams. You can use these exams to test your knowledge and familiarize yourself with the exam environment.

The results from the practice exam do not have any effect on the results of the final exam.

US$ 1797
You will receive a temporary certificate valid until final payment is due. The final certificate will be delivered upon full payment.
Credit cards
100% secure online billing AES-128bit SSL safe
Norton Seal

Course Reviews

Frequently Asked Questions

No, you can take as much time as you need to watch the course videos. You should, however, try to watch all auditor training videos within three to four weeks to realize the most benefit from them.

You may access the recorded video lectures at any time, along with the quizzes, extra reading materials, and other activities.

No, this course was developed for beginners, so you don’t need any prior knowledge of ISO 27001 or experience with management system audits.

We need to cover our costs somehow :). We provide our video lectures at no cost to you, but there is a fee to attend the workshop, take the certification exam, and receive the certificate. However, this fee is far less than the average price to attend comparable courses in a classroom environment. Plus, after making your payment, you will have access to a PDF download containing scripts from all of the video lectures, along with activity questions, practice exams, and links to helpful articles – everything you need to prepare for the certification exam.

To participate in the online workshop, we will send you a special link to connect to the Zoom. All you need is a computer with microphone and speakers.

To attend the workshop, you will need to complete all of the video lectures.

You will take the certification exam online, from your home, your workplace, or anywhere else that is convenient for you. We use an online proctoring service to ensure the integrity of the certification process – click here to learn more.

After you have completed all the video lectures and participated in the workshop, you will have access to the certification exam. Upon successful completion (after passing the exam), you will receive the certificate. During the exam we employ an online proctoring service, which will require proof of your identity and ensure that you are taking the exam yourself, without any outside help. Click here to learn more about this online proctoring service.

The course is available on any PC, Mac, or mobile device, using a broadband internet connection and any popular browser (like Mozilla, Chrome, Internet Explorer, or Safari).

The materials available in this course (the pre-recorded video lectures, quizzes, extra readings, practice exams, and other activities), along with the skills you learn during the workshop, are the only things you will need to successfully pass the certification exam and receive your certificate.

If you do decide to pay to access the exam, in addition to the opportunity to attend the auditor training videos and the online workshop, you will receive a bonus PDF that includes the scripts from all of the video lectures, extra quiz questions, links to helpful reading materials, and access to the practice exams – making your exam preparation that much easier!

To find out how to become an ISO 27001 Lead Auditor, see this article.



  • ASIC is recognised by UKVI in UK, is a member of the CHEA International Quality Group in USA, is a member of the British Quality Foundation, and is an institutional member of European Distance and E-Learning Network.

  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.