You must be logged in to take this course → LOGIN | REGISTER NOW
ISO 27001 Lead Auditor Course
Have you decided that you want to perform audits of Information Security Management Systems? Take this online course to learn all about ISO 27001, and get the auditor training you need to become certified as an ISO 27001 certification auditor. You don’t need any prior certification audit skills, and you don’t need to know anything about information security management systems—this course is designed especially for beginners.
Once you have finished the ISO 27001 Lead Auditor training and passed the exam, you will receive an official certificate approved by Exemplar Global (formerly known as RABQSA) acknowledging your competencies in information security management systems, audits, and leading audit teams.
There are three parts to this course: the first includes video lectures, the second is an interactive workshop, and the third is the online exam. Completing each part will move you further down the path to becoming a certified ISO 27001 certification auditor. Read on to learn about each part of the course, and how it will prepare you for certification as an ISO 27001 lead auditor.

Dejan Kosutic & Garry Cornell
Course Curriculum
Introduction | |||
Introduction to the course | 00:00:00 | ||
Module 1 - Introduction to ISO 27001 | |||
Introduction & suggested reading | 00:00:00 | ||
What is ISO 27001? | 01:30:00 | ||
The structure of ISO 27001 | 02:30:00 | ||
Information security principles | 02:30:00 | ||
Introduction to the Information Security Management System | 02:30:00 | ||
Implementing ISO 27001 requirements | 03:00:00 | ||
Implementing ISO 27001 as a project | 01:30:00 | ||
Documenting ISO 27001 requirements | 03:30:00 | ||
ISO 27001 Benefits | 02:30:00 | ||
Related documentation | 00:00:00 | ||
Certification FAQs | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 2 - The planning phase | |||
Introduction & suggested reading | 00:00:00 | ||
Understanding your organization and its context [clause 4.1] | 02:30:00 | ||
Understanding the needs and expectations of interested parties [clause 4.2] | 02:00:00 | ||
Determining the scope of the ISMS [clause 4.3] | 02:00:00 | ||
Leadership and commitment [clause 5.1] | 02:00:00 | ||
Information Security Policy [clause 5.2] | 01:00:00 | ||
Organizational roles, responsibilities and authorities [clause 5.3] | 02:30:00 | ||
Information security objectives [clause 6.2] | 02:30:00 | ||
Resources [clause 7.1] | 02:00:00 | ||
Competence [clause 7.2] | 01:30:00 | ||
Awareness [clause 7.3] | 01:30:00 | ||
Communication [clause 7.4] | 01:30:00 | ||
Documented information [clause 7.5] | 03:30:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 3 - Risk management | |||
Introduction & suggested reading | 00:00:00 | ||
Addressing risks and opportunities [clause 6.1.1] | 02:00:00 | ||
Risk management process [clause 6.1.2] | 02:30:00 | ||
Information security risk assessment – Risk identification [clause 6.1.2] | 03:00:00 | ||
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] | 03:00:00 | ||
Information security risk treatment [clause 6.1.3] | 03:00:00 | ||
Statement of Applicability [clause 6.1.3] | 02:00:00 | ||
Risk treatment plan [clause 6.1.3] | 00:30:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 4 - The Do phase | |||
Introduction & suggested reading | 00:00:00 | ||
Formulating the risk treatment plan [clause 6.1.3] | 02:00:00 | ||
Implementing the risk treatment plan [clause 8.3] | 01:30:00 | ||
Operational planning and control [clause 8.1] | 02:30:00 | ||
Operating the ISMS [clause 8] | 01:00:00 | ||
Managing outsourcing of operations [clause 8.1] | 02:30:00 | ||
Controlling changes [clause 8.1] | 02:30:00 | ||
Risk assessment review [clause 8.2] | 02:00:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 5 - The Check and Act phases | |||
Introduction & suggested reading | 00:00:00 | ||
Monitoring, measurement, analysis, and evaluation [clause 9.1] | 04:00:00 | ||
Internal audit [clause 9.2] | 01:30:00 | ||
Management review [clause 9.3] | 03:00:00 | ||
Nonconformities and corrective actions [clause 10.1] | 04:30:00 | ||
Continual improvement [clause 10.2] | 02:30:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 6 - Annex A – Control objectives and controls | |||
Introduction & suggested reading | 00:00:00 | ||
Introduction to Annex A – Reference control objectives and controls | 02:30:00 | ||
Structure of Annex A | 04:00:00 | ||
Information security policies [A.5] | 02:00:00 | ||
Organization of information security [A.6] | 02:30:00 | ||
Human resources security [A.7] | 01:30:00 | ||
Asset management [A.8] | 02:30:00 | ||
Access control [A.9] | 02:00:00 | ||
Cryptography [A.10] | 02:00:00 | ||
Physical and environmental security [A.11] | 03:00:00 | ||
Operational security [A.12] | 03:30:00 | ||
Communications security [A.13] | 04:00:00 | ||
System acquisition, development and maintenance [A.14] | 04:30:00 | ||
Supplier relationships [A.15] | 02:30:00 | ||
Information security incident management [A.16] | 03:30:00 | ||
Information security aspects of business continuity management [A.17] | 03:00:00 | ||
Compliance [A.18] | 03:00:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 7 - Auditing basics | |||
Introduction & suggested reading | 00:00:00 | ||
Auditor assumptions | 01:30:00 | ||
Techniques for finding evidence | 04:30:00 | ||
Sampling the records | 01:30:00 | ||
Interviewing techniques | 04:00:00 | ||
The audit findings | 01:30:00 | ||
Nonconformities | 02:00:00 | ||
Observations | 01:30:00 | ||
Internal vs. external audit | 01:30:00 | ||
Annual audit program | 04:30:00 | ||
Audit plan for an individual audit | 03:00:00 | ||
Creation of the checklist | 03:30:00 | ||
Internal audit report | 01:30:00 | ||
Corrective action follow-up | 01:00:00 | ||
Recording the evidence | 02:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 8 - Understanding auditing standards | |||
Introduction & suggested reading | 00:00:00 | ||
What is certification? | 00:00:00 | ||
Certification process | 00:00:00 | ||
Certification of integrated management systems | 00:00:00 | ||
Introduction to accreditation and ISO 17021 | 00:00:00 | ||
Competences of lead auditors required by ISO 17021-1 | 00:00:00 | ||
Introduction to International Accreditation Forum (IAF) documents | 00:00:00 | ||
Introduction to ISO 19011 | 00:00:00 | ||
Principles of auditing | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 9 - Understanding audit roles and responsibilities | |||
Introduction & suggested reading | 00:00:00 | ||
Audit Team Leader / Lead Auditor | 00:00:00 | ||
Auditor | 00:00:00 | ||
Technical Specialist | 00:00:00 | ||
Certification Reviewer | 00:00:00 | ||
Audit Client | 00:00:00 | ||
Management Team | 00:00:00 | ||
Auditee | 00:00:00 | ||
Hosts / Guides | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 10 - Planning the audits | |||
Introduction & suggested reading | 00:00:00 | ||
Audit criteria and objectives | 00:00:00 | ||
Audit scope | 00:00:00 | ||
Selecting audit methods | 00:00:00 | ||
Sampling evidence in audits | 00:00:00 | ||
Types of remote auditing techniques | 00:00:00 | ||
Deciding when to use remote auditing techniques | 00:00:00 | ||
Planning the use of remote auditing techniques | 00:00:00 | ||
Selecting the audit team | 00:00:00 | ||
Managing audit risks | 00:00:00 | ||
Preparing the audit plan | 00:00:00 | ||
Allocating audit activities to auditors | 00:00:00 | ||
Making contact with the audit client | 00:00:00 | ||
Preparation of audit resources | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 11 - Managing the audit process | |||
Introduction & suggested reading | 00:00:00 | ||
Opening meeting | 00:00:00 | ||
Managing site visits | 00:00:00 | ||
Interviews | 00:00:00 | ||
Audit evidence requests | 00:00:00 | ||
Debriefing sessions | 00:00:00 | ||
Dealing with conflicts | 00:00:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 12 - Managing your audit team | |||
Introduction & suggested reading | 00:00:00 | ||
The importance of managing your audit team | 00:00:00 | ||
Communication with the team before the audit | 00:00:00 | ||
Managing audit progress | 00:00:00 | ||
Team meetings | 00:00:00 | ||
Managing audit findings | 00:00:00 | ||
Managing audit records | 00:00:00 | ||
What to do when you hit problems | 00:00:00 | ||
Evaluating your audit management | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Module 13 - Completing a successful audit | |||
Introduction & suggested reading | 00:00:00 | ||
Audit findings | 00:00:00 | ||
How to reach audit conclusions | 00:00:00 | ||
Planning the closing meeting | 00:00:00 | ||
Holding an effective closing meeting | 00:00:00 | ||
Dealing with feedback at closing meetings | 00:00:00 | ||
Effective audit report writing | 00:00:00 | ||
Post-audit activities, corrections, and correction actions | 00:00:00 | ||
Certification review process | 00:00:00 | ||
Related documentation | 00:00:00 | ||
Recap quiz | 00:00:00 | ||
Instructions for taking the exam and obtaining the certificate | 00:00:00 |
The 13 modules in the video lectures portion of this ISO 27001 training are available for absolutely no cost. Each module contains several video lectures and quizzes for enhancing your skills and to help you get ready for certification audits of a management system. You can read about the content of each module in the curriculum above. All of the video lectures are recorded, meaning that you are free to take the course at home, at work, or anywhere else, whenever is convenient.
Course instruction is provided by Garry Cornell and Dejan Kosutic. Garry has extensive experience working with ISO standards in various capacities, including as a senior manager, a consultant, and a management system certification auditor. He has worked with a wide range of companies all over the world, helping them with their ISO standard implementation projects and their efforts toward continual improvement of their management systems. Dejan has broad experience with international standards such as ISO 27001 and ISO 22301, having worked as a certification auditor, trainer, and consultant. He is also an author, writing articles for leading ISO 27001 blog, as well as several ISO 27001 Documentation Toolkits.

Type: Online video lectures
Course language: English
We know you’re not going to develop all of the necessary skills for ISO 27001 auditor through watching videos. That’s why we designed a one-day, interactive workshop where you can acquire practical knowledge about performing management system certification audits. Through an online workshop via webinar you will enjoy enhanced learning opportunities through roleplay, case studies, and other activities. You will also work on developing the soft skills needed to prepare for the certification exam, and to excel as a certification auditor.
Check out the list of dates to see if one is convenient for you. You can attend the online workshop from home, your office, or anywhere else.

Duration: 1-day workshop
Type: Online webinar
Workshop language: English
After you finish watching the video lectures and attending the workshop, you will be ready to take the final step: the certification exam. You can take this online exam from your home, your office, or any other place that is convenient for you.
This online exam has been certified by Exemplar Global (previously RABQSA), and you will receive your certificate once you successfully pass the test. This certification is highly regarded, serving as evidence that you are competent to perform certification audits according to ISO 27001.
The fee for the exam is included in the price of the workshop, and you will have access to the exam after you schedule your workshop.

Number of questions: 65
Type: Online proctored exam
Exam language: English
Benefits of getting the certificate
Certificate of competence proves that you attended the auditor training course, and that you passed the exam certified by Exemplar Global (formerly RABQSA). This ensures that you understand and can apply the knowledge you gained in each of the course's modules.
How to get certified?
It's simple:
1) Watch complete videos of all lectures and answer all practice exams.
2) Attend the workshop.
3) Pass the online exam.
Bonuses with the certificate
Once you purchase the certificate, you will receive the following bonuses:

Internal Audit Checklist (Word document)
The purpose of this document is to provide a list of questions in order to help perform an internal audit against ISO 27001 and/or ISO 22301. For each clause or control from the standard, the checklist provides one or more questions that should be asked during the audit in order to verify the implementation.

Course Script (PDF)
If you decide to purchase the exam you will get the PDF script from the course completely free. The script includes everything said in the videos and all quizzes.
This way, you can access course materials any time you like, making it much easier to practice and prepare for the exam.

Free exam retake
Once you purchase the exam, you will be able to retake it.
This means, if you do not pass the exam on your first attempt, you can retake it one time, free of charge.
There is no mandatory waiting period between the two attempts.

Practice Exam
With the purchase of the exam, you get access to practice exams. You can use these exams to test your knowledge and familiarize yourself with the exam environment.
The results from the practice exam do not have any effect on the results of the final exam.
Course Reviews
Frequently Asked Questions
No, you can take as much time as you need to watch the course videos. You should, however, try to watch all auditor training videos within three to four weeks to realize the most benefit from them.
You may access the recorded video lectures at any time, along with the quizzes, extra reading materials, and other activities.
No, this course was developed for beginners, so you don’t need any prior knowledge of ISO 27001 or experience with management system audits.
We need to cover our costs somehow :). We provide our video lectures at no cost to you, but there is a fee to attend the workshop, take the certification exam, and receive the certificate. However, this fee is far less than the average price to attend comparable courses in a classroom environment. Plus, after making your payment, you will have access to a PDF download containing scripts from all of the video lectures, along with activity questions, practice exams, and links to helpful articles – everything you need to prepare for the certification exam.
To participate in the online workshop, we will send you a special link to connect to the GoToWebinar. All you need is a computer with microphone and speakers.
To attend the workshop, you will need to complete all of the video lectures.
You will take the certification exam online, from your home, your workplace, or anywhere else that is convenient for you. We use an online proctoring service to ensure the integrity of the certification process – click here to learn more.
After you have completed all the video lectures and participated in the workshop, you will have access to the certification exam. Upon successful completion (after passing the exam), you will receive the certificate. During the exam we employ an online proctoring service, which will require proof of your identity and ensure that you are taking the exam yourself, without any outside help. Click here to learn more about this online proctoring service.
The course is available on any PC, Mac, or mobile device, using a broadband internet connection and any popular browser (like Mozilla, Chrome, Internet Explorer, or Safari).
The materials available in this course (the pre-recorded video lectures, quizzes, extra readings, practice exams, and other activities), along with the skills you learn during the workshop, are the only things you will need to successfully pass the certification exam and receive your certificate.
If you do decide to pay to access the exam, in addition to the opportunity to attend the auditor training videos and the online workshop, you will receive a bonus PDF that includes the scripts from all of the video lectures, extra quiz questions, links to helpful reading materials, and access to the practice exams – making your exam preparation that much easier!
To find out how to become an ISO 27001 Lead Auditor, see this article.
ISO27001
Best I have ever experienced , didn’t thought of it that without any prerequisites it will be this much easy and comfortable to understand the course . Many thanks to advisera team also great instructors .
Lead Auditor
If you are preparing by your own to get the certification, this course will provide you with what you need to get an adequate understading.
LA course
It has been very learning experience and interactive sessions and reading material has been very useful.thanks
Lead Auditor course
I started my carrier in cybersecurity as pen tester. As CEH certified, it’s easy to audit security posture of a company from technology’s stand point. But it’s not obvious to audit the ISMS of that same company. Hence, I was glad to find this course and I feel now more comfortable to perform both audit IT security (technology side of security) and information security (ISMS). Many thanks to Advisera team
Excellent course, excellent deliverables and great people
I have just completed the workshop today, which comes as a conclusion to the ISO 27001 Lead Auditor course, before taking the certification exam, and I would like to say that I am very satisfied with this course !
There is a wealth of information online, with great articles on ISO 27001 (my focus) written by Dejan and it brings a lot of value to anyone interested in the subject, and the quality of these documents and articles led me to consider the training package with an Exemplar Global certification. Doing the video course is an additional step to get insight in the standard as well as to the auditing practice (which I am new to). During the workshop today, I could benefit from a walk-through day-long online event with a real life auditor (Carlos) having a lot of experience under this belt. The conclusion, final Q&A session and great interactions during the workshop today makes it an excellent experience.
Big thanks to Advisera staff, from the initial phonecall to arranging training up to its delivery today, it’s been great ! 😀
useful Content of videos for ISO 27001 Lead Auditor and its Free
This video training is one of best and free source to prepare for ISO 27001 exam, this provided valuable information about exam and its content is very relevant and helpful summarizing important topics of this exam. this video trainers are very professional and focus on key topics.
ISO 27001 Lead Auditor
I am about 75% done and so far the pace of each lecture is very good and the presenters are very good.
The content is well organized with supporting references.
I also like the level of each lecture as I have experience in this area.
Andre