Certified ISO 27001 ISMS and ISO 27701 PIMS Lead Auditor Combination Training Course

Training course outline

Brought to you by the team that led the world’s first ISO 27001 implementation project, the Certified ISO 27001 ISMS Lead Auditor Training Course will teach you the skills to conduct second-party (supplier) and third-party (external and certification) ISMS audits.

The Certified ISO 27701 PIMS Lead Auditor Training Course will teach you how to extend an ISO 27001-compliant audit programme and conduct PIMS audits against ISO/IEC 27701, in line with data protection regimes such as the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018.

COVID-19: remote delivery options

We would like to reassure our clients that all training courses will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow you to learn from anywhere. Our Classroom / Live Online delivery option enables you to attend either in person or online. Please also refer to our COVID-19 policy.

Certified ISO 27001 ISMS and ISO 27701 PIMS Lead Auditor Combination Training Course benefits

Aligned with best practice

Aligned with the best-practice ISO 19011:2018 (Guidelines for auditing management systems) audit methodology.

Led by specialists

An experienced ISO 27001 auditor and practitioner will explain how to lead an audit from start to finish.

Learn from anywhere

Choose whether you attend Live Online or in person at one of our training venues in Ely or London.

Incredible value

Receive market-leading training at a highly competitive price.

Designed by experts

Designed by IT Governance Director Steve Watkins, a contracted technical assessor for UKAS, where he helps with the assessment of certification bodies.

Hands-on study

Gain experience of the practical application of the audit process to ISO management systems through discussion and role-play.

Who should attend this course?

This course is aimed at individuals who want globally recognised ISO 27001 and ISO 27701 lead auditor qualifications to further their careers. It is designed for managers responsible for auditing an ISO 27001 ISMS and ISO 27701 PIMS, such as:

IT/information security auditors

Compliance auditors

IT/information security consultants

Cyber security consultants

Heads of IT

Information security officers

ISMS managers

Auditors seeking to conduct PIMS certification audits

Technical experts preparing for a PIMS audit

GDPR consultants

Your Learning Path

Find out how the Certified ISO 27001 ISMS and ISO 27701 PIMS Lead Auditor Combination Training Course will help you enhance your knowledge and start or boost your career.

The Certified ISO 27001 ISMS Lead Auditor (CIS LA) and Certified ISO 27701 PIMS Lead Auditor (CPI LA) courses are essential components of the following learning paths:

ISO 27001 roles

GDPR / Data Privacy roles

Why choose IT Governance for your training needs?

We’re internationally recognised as the authority on ISO 27001 – our team led the world’s first ISO 27001 certification project.

We have trained more than 8,000 professionals on ISMS implementations and audits.

Taught by industry experts – our trainers are working consultants with years of practical, hands-on experience.

Learn from anywhere – as a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow you to learn from anywhere. Our Classroom / Live Online delivery option enables you to attend either in person or online.

Pass first time or train again for free – we have trained more than 17,000 people and we’re confident you’ll pass with us the first time. If you don’t, we’ll train you again for free. *

Choose the method that suits you – we offer classroom, instructor-led online, self-paced online, e-learning and in-house training options.

Access your training anywhere – all our course materials are provided as a digital copy, allowing you to access them anywhere and at any time. Documents will be made available 20 days before your course.

Business solutions to suit you – whether you’re a multinational wanting us to manage all your training needs or a small business wishing to boost your workforce skills, we offer a range of training solutions.

* Terms and conditions apply.

Course details

What does this training course cover?

Certified ISO 27001 ISMS Lead Auditor covers:

An overview of the structure and major requirements of ISO 27001.

An overview of the audit process used by certification bodies.

The purpose, benefits and core principles of effective auditing.

Common auditing terms and definitions.

Critical skills required for performing an audit.

Best-practice audit methodology based on ISO 19011.

How to establish, maintain and manage an audit programme.

How to plan, conduct, report, summarise and follow-up on an audit.

Effective interviewing techniques and observation skills.

How to use audits to identify nonconformities and ensure appropriate corrective action is taken.

How to assess and evaluate the competence of auditors.

Accredited certification audit specifics.

How the audit process is used in first, second and third-party audits.

How to apply continual improvement of the ISMS.

Certified ISO 27701 PIMS Lead Auditor covers:

What ISO 27701 is and the relationships between ISO 27701, ISO 27001 and the GDPR;

The structure of ISO 27701 and how to navigate the Standard;

The requirements and guidelines specific to the protection of PII (personally identifiable information).

Privacy procedures, methods, tools and technologies.

How to map ISO 27701 to existing frameworks.

The PIMS auditing process.

What’s included in this course?

Full course materials (digital copy provided as a PDF file).

The Certified ISO 27001 ISMS Lead Auditor (CIS LA) and Certified ISO 27701 PIMS Lead Auditor (CPI LA) exams.

A certificate of attendance.

What equipment do I need?

You will need a laptop for the duration of your course and exam. Our course materials include an interactive PDF and an online quiz tool for knowledge testing. Full details on how to access each exam are provided by email 1–2 days before the exam dates.

Course duration and times

Day 1: 9:30 am – 5:00 pm
Day 2: 9:30 am – 5:00 pm
Day 3: 9:15 am – 5:00 pm
Day 4: 9:15 am – 5:00 pm
Day 5: 9:15 am – 4:30 pm
Day 6: 9:30 am – 5:00 pm
Day 7: 9:15 am – 5.00 pm

Course locations

Learn from anywhere with our instructor-led Live Online courses, or Classroom / Live Online delivery options. Learn more .

Alternatively, you can study in a classroom at one of our venues in London or Ely (Cambridgeshire).

Are there any prerequisites for this course?

There are no formal entry requirements for this course, but participants should have a good knowledge of ISO 27001. This could be obtained through practical experience, through reading, or attending the Certified ISO 27001 ISMS Foundation Training Course or Certified ISO 27001 ISMS Lead Implementer Training Course .

Participants will need to have their own copies of the ISO 27001 , ISO 27002:2013 and ISO 27701:2019 standards for use during the course.

Is there any recommended reading?

We strongly recommend you purchase and read the following standards before attending the course:

ISO/IEC 27001:2013 and ISO/IEC 27002:2013

ISO/IEC 27701:2019

We also recommend that you purchase and read the following textbooks:

ISO27001/ISO27002 – A Pocket Guide

An Introduction to Information Security and ISO27001:2013 – A Pocket Guide

Exams and qualifications

Certified ISO 27001 ISMS Lead Auditor (CIS LA) and Certified ISO 27701 PIMS Lead Auditor (CPI LA) exams.

Candidates will take the following ISO 17024-certificated IBITGQ exams:

CIS LA

CPI LA

Both exams consist of 40 multiple-choice questions, with a pass mark of 75%. There is no extra charge for either exam.

This course is equivalent to:

49

CPD points

What qualifications will I receive?

Certified ISO 27001 ISMS Lead Auditor (CIS LA)

Certified ISO 27701 PIMS Lead Auditor (CPI LA)

Accreditation

The Certified ISO 27001 ISMS Lead Auditor course is accredited by IBITGQ (International Board for IT Governance Qualifications) and CIISec (Chartered Institute of Information Security) . It satisfies the CIISec requirements at Level 1: A1, A3, A7, C1, C2, D2, E3, F2, H1 and H2; and at Level 1+: A2, A4, A5, A6, B1, B2, D1, E1, E2, F1 and G1.

IBITGQ (International Board for IT Governance Qualifications) is a personnel certification body that certifies individuals in the field of IT governance.

IBITGQ is accredited to the ISO/IEC 17024:2012 standard ( Conformity assessment – General requirements for bodies operating certification of persons ) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognised benchmark, and qualifications accredited to this standard are recognised and highly valued by employers throughout the world.

You can demonstrate your professional and practical knowledge and expertise by registering your qualifications on the IBITGQ/ GASQ successful candidate register .

The PCI SSC (Payment Card Industry Security Standards Council) has indicated that it accepts GASQ certifications in relation to the IBITGQ-accredited courses as meeting the requirements of an individual applying to become a PCI DSS (Payment Card Industry Data Security Standard) QSA (Qualified Security Assessor) .

How will I receive my exam results and certificates?

Provisional exam results will be given immediately after completing the exams. Confirmed results will be issued within ten working days with your certificate to your email address.

Do I need to bring proof of identity?

Candidates must have a form of photographic ID with them as the invigilator may request to check it before the exam.

Can exams be retaken?

Yes. If you are unsuccessful on the first attempt, you can retake the exam for an additional fee. You can email us to schedule the retest.

Recertification

To support your continued professional development, it is essential that you maintain an adequate level of current knowledge associated with an ISO 27001 Lead Auditor. To demonstrate this competency to employers and other key stakeholders, you are required to recertificate your IBITGQ qualification at regular intervals.

Individuals who are awarded the Certified ISO 27001 ISMS Lead Auditor (CIS LA) qualification are required to recertificate after three years.

Candidates can undertake a recertification exam any time from one month before or two months after the expiry date (months 35–38) of their certificate. Please see the IBITGQ exams page for further details . After this period, c