ISO 27001 Implementation and Lead Auditor Course

Course Content

This course will provide information on the following topics:

  • Introduction to Management System Principles and Concepts and Principles, Objectives and Techniques of Auditing Management Systems
  • Detailed introduction to ISO/IEC 27001:2013 (ISO 27001) and the related series of standards, and ISO 19011:2011
  • Information Security Management System (ISMS) Requirements Definition, Scope Estimation, Design, and Implementation (using Requirements Specifications, Best Practices and Guidelines, Example Deliverables, Mindmaps, and Project Planning Documentation)
  • Legal, Regulatory, Self-Imposed, and Contractual Requirements Definition and Documentation
  • Information Security Risk Assessment, Governance, and Business Continuity Management
  • Design and Implementation of an Audit Program conforming to the requirements of ISO 19011:2011
  • Conducting a Management System Audit
  • Roles and Responsibilities of the Lead Auditor and Team Auditors
  • Definition, Identification and Documentation of Non-Conformities
  • Identifying and Assessing Auditor Competence
  • Systematic Review of ISO 19011:2011 including Terms and Definitions

Also included as part of the course are:

  • Authorized printed copies of the ISO 27001, ISO 27002 and ISO 27007 standards and the ISO 19011 standard (Please note: The ISO 27007:2011 standard does not reflect the 2013 changes to the ISO 27001 and ISO 27002 standards. We will provide this standard for future courses once it has been updated to confirm to the 2013 changes.)
  • Practical exercises and feedback
  • Tools and Examples

The course uses a mixture of tutored sessions, interactive group discussions, group and personal exercises, and functional workshops to achieve its objectives. The practical exercises are designed to directly address operational issues typically encountered in an ISMS implementation project. Examples and tools are provided which are immediately useable. Courseware has been designed to address issues that arise during Information Security Management System implementation projects and Registration audits. Course delivery will include Lecture (Slides and Examples), Facilitated Discussion (Instructor-/Delegate-Led), Tactical Exercises and Feedback and tools and examples. Participants are expected to use their own laptops during the course.


This course will provide successful delegates with the following benefits:

  • Advanced knowledge of the requirements of ISO 27001 and related standards and guidelines
  • A basic knowledge of Management Systems, focusing on Information Security Management Systems (ISMS)
  • Detailed understanding of the processes necessary to design, document, and implement an Information Security Management System (ISMS) conforming to the requirements of ISO 27001
  • A basic knowledge of U.S.-specific Security, Privacy, and Ethics Legislation
  • An understanding of validated concepts and methodologies for assessing and managing Information Security Risk and performing adjudicated Gap Analyses
  • An understanding of auditor expectations and the process approach to auditing of Information Security Management systems (from Consultant/Auditee perspectives)
  • An understanding of the documentation and evidence necessary to state conformity to and/or pursue certification to the requirements and specifications of ISO 27001
  • A basic knowledge of the requirements of ISO 19011:2011 and related standards
  • A basic knowledge of ISO standards-based Management System requirements
  • Detailed understanding of the processes necessary to design, document, and implement a Management System Audit Program conforming to the requirements of ISO 19011:2011
  • Facilitated experience in audit plan development
  • An understanding of concepts and methodologies for conducting audits
  • Facilitated experience in conducting an audit
  • Develop skills at identifying and documenting non-conformities and understanding of the remediation process
  • Develop experience in audit report writing
  • Understanding of the roles and responsibilities of the Lead Auditor and Team Auditors                     
  • An understanding of the requirements for planning, implementing, conducting and closing out an audit in conformity to ISO 19011:2011
  • An understanding of the process and requirements of a registration audit


It is recommended that delegates attending this course have moderate level working knowledge and understanding of Information Security (examples: CISSP, CSM, Previous ISO 27001 Certification and/or 5 Years Experience) and Management Systems (ISO Management Systems, Lead Auditor Courseware, IRCA/RAB-QSA Certification and/or 5 Years Experience) concepts. Familiarity with auditing information systems security and compliance, or ISO Management Systems is also helpful. Delegates will work individually and in teams, and a laptop is required (Windows or Macintosh with Microsoft-compatible Word Processing, Spreadsheet, and Presentation software).


A JBW Group International “Certificate of Demonstrated Competence” will be issued to those delegates deemed to have achieved a satisfactory standard of learning and competence. An appraisal of delegates’ knowledge and performance will be made through a combination of continuous assessment and after-course feedback mechanisms. Delegates successfully completing this course meet prerequisite auditor training requirements for ISO 27001 scheme requirements.

For delegates attending this course who have already achieved IRCA or RAB-QSA Lead Auditor certification in an Accredited Management System Scheme, this course satisfies IRCA and RAB-QSA Certification requirements as a "Transitional" Auditor Course meeting ISO/IEC 27001:2013 scheme requirements for Lead Auditor certification.

Method of Delivery and Timetable

This course is available for Onsite session and in the Public Venue. This is a five-day intensive course equivalent to 40 credit hours; the times will be 8:00 AM – 5:00 PM unless otherwise arranged.

Class Schedule

Contact us to schedule private course 5 days Patrick Sullivan tbd $2695

Private Classes

Contact us if you'd like a private class for your organization.