IRCA ISO 27001:2013 ISMS Lead Auditor

Date/Time: 08/03/2021 - 12/03/2021 9:30 am - 4:30 pm


About this course

ISO/IEC 27001:2013 – Information security management system lead auditor teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001. This five day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001 registration process.

The auditing exercises and lectures are based on ISO 19011:2011, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.


  • A prior knowledge of the requirements of ISO 27001 would be beneficial.

Learning Objective

  • Review the requirements of ISO/IEC 27001
  • Understand the relationship between ISO/IEC 27001 and ISO/IEC 27002
  • Learn how to assess security threats and vulnerabilities
  • Understand security controls and countermeasures
  • Understand the roles and responsibilities of the auditor
  • Learn how to, plan, execute, report, and follow-up on an information security management system audit

Course Contents

Day 1 :

Course Introduction

– Housekeeping

– Course and learner objectives

– Course structure and methods

– Delegate assessment

What is an Information Security Management System?

– Information security

– Management systems

– Purpose and benefits of ISO 27001

– Related standards

Process Approach

– PDCA model

– Process model

Overview of ISO 27001 contents

ISO 27001 Mandatory clauses 4 – 8

Day 2 :

Course Recap day 1. Questions and Answers


Overview of the audit process

Auditing the SOA

Audit and Auditors

– Definitions

– 1st, 2nd and 3rd party audits

– Roles and responsibilities of auditors and lead auditors

– Skills and characteristics of effective auditors

Audit Planning

– Information needed to plan the audit, and things to consider

– Preliminary visits

– Preparation of an audit plan

Audit communications and meetings

– Good practice for communication during the audit

– Formal meetings

– Opening meeting – what to cover and how


– Benefits and drawbacks

– Content – what to include

– Developing a checklist for a specific audit

Day 3 :

Process Audits

Case studies

Conducting the audit

– interviewing

– sampling

– note taking

– interacting with the auditee

– who’s involved and general points


– definition of nonconformity

– linking to requirements of ISO 27001

– grading nonconformity reports

– structure and content of nonconformity reports

Day 4 :

Case studies

– including interviewing.

– developing and following audit trails

– identifying non conformities

Specimen Examination

– Review of answers

– Layout and marking scheme of the papers

Closing Meeting

– Outcomes

– Content

– Identifying possible issues and how to prevent or deal with these

Corrective Actions

– Corrective action process

– Evaluating corrective actions

Reporting the audit

– Purpose and content of the written audit report

Next steps

– action planning

– further development

– auditor registration

Day 5 :

Course Evaluations

Examination Rules

Written Examination

End of the Course

Training Info

Duration:  5 Days
Date:  March 8 – 12, 2021
Time:  9.30 am. – 16.30 pm.
Venue:  ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 38,000 Baht (ex.vat7%)
Tel. 02 670 8980-3 ext.304, 305

Course Registration

Bookings are closed for this event.

Terms & Conditions for Course Registration

Please read the following terms & conditions for course registration carefully. Upon clicking submit button, it is demonstrated that I/We understand and accept the registration and cancellation policies and procedures.

  • Full payment is required in advance prior to course commencement date.

Cancellation Policy

  • Payment is due upon registration
  • Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given
  • A replacement is always welcome

Disclaimer: ACinfotec reserves the right to change, postpone or cancel. Any part of its published programme due to unforeseen circumstances.