Certified ISO 27001 Lead Implementer and Lead Auditor Combination Training Course

Provided by

Enquire about this course



Training course outline

Certified ISO 27001 Lead Auditor course

This course is designed to develop practical knowledge and auditing skills based on the core audit requirements as outlined in the ISO 19011 standard. For implementation managers, understanding the requirements and the methodology employed by an external ISO 27001 auditor are crucial to the success of any ISO 27001 implementation project.
Download course data sheet

Certified ISO 27001 Lead Implementer course

The flagship of our ISO 27001 Implementation Learning Pathway, this advanced-level course is focused on developing the in-depth knowledge and skills required to implement and deliver an ISMS.
Download course data sheet

COVID-19: remote delivery options

We would like to reassure our clients that all training courses will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow us to provide training remotely where necessary. Our classroom/ online delivery option enables you to attend either in person or online, if circumstances change. Please also refer to our COVID-19 policy.

Certified ISO 27001 Lead Auditor and Lead Implementer training course benefits

Developed by experts

Developed by acknowledged ISO 27001 experts Alan Calder and Steve Watkins, and drawing from their industry-leading knowledge.

Hands-on-study

An experienced ISO 27001 trainer and consultant will use a combination of formal training, practical exercises and relevant case studies.

Fast-track to ISO 27001 certification

Develop the skills required to achieve ISO 27001 compliance for your organisation.

Delivered by professionals

Real-world practitioners show you how to tackle an ISMS project from start to finish.

Who should attend this course?

Individuals who want a globally-recognised ISO 27001 lead auditor qualification to further their careers, and at managers who are responsible for the implementation and maintenance of an ISO 27001-compliant ISMS:

  • IT/ Information Security Consultant
  • IT/ Information Security Manager
  • IT/ Information Security Officer
  • IT/ Information Security Project Manager
  • Cyber security consultant
  • Head of IT
  • CISO (Chief Information Security Officer)


  • GDPR Consultant
  • Information security analyst
  • ISMS Manager
  • Network manager
  • Compliance Auditor
  • Internal Auditor


  • Why choose IT Governance for your training needs?

  • We’re internationally recognised as the authority on ISO 27001 – our team led the world’s first ISO 27001 certification project, and since then we have trained more than 8,000 professionals on information security management system (ISMS) implementations and audits.
  • Trained by industry experts – our trainers are working consultants with years of practical, hands-on experience.
  • Pass first time or train again for free – we have trained more than 17,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*
  • Choose the method that suits you – we offer classroom, instructor-led online, self-paced online, e-learning and in-house training options.
  • Access your training anywhere – all our course materials are provided as a digital copy, allowing you to access them anywhere and at any time. Documents will be made available 20 days before your course.
  • Business solutions to suit you – whether you’re a multinational wanting us to manage all your training needs or a small business wishing to boost your workforce skills, we offer a range of training solutions.


  • * conditions applicable

    “Gordon was extremely knowledgeable on the subject and at the end of each section gave plenty of time for questions and clarification.... Gordon is well versed in the subject matter and has the necessary skills to put the content over to attendees from any background. Great tutor with patience and goes the extra mile to ensure each point is understood.”

    - Graham Hey, Service Operations Manager, ServiceTec - Lead Implementer Course

    “My trainer provided excellent practical advice on how to achieve ISO 27001 compliance for my data centre services company. I was particularly impressed by the Lead Auditor course that outlined the detailed requirements and approach taken by certification bodies when they perform an audit. Needless to say – we subsequent passed our 27K audit at the first attempt!"

    - Gary Willet – Information Security Manager - Lead Implementer Course

    Course details

    What does this training course cover?

  • The key concepts, principles and main requirements of ISO/IEC 27001:2013.
  • The terms and definitions used in the Standard, including risk and options for risk assessments.
  • How to interpret the requirements of ISO/IEC 27001:2013 to determine the scope of your ISMS.
  • How to secure senior management commitment by building a compelling business case.
  • How to structure and manage your ISO 27001 project.
  • How to review and map your existing controls to Annex A of ISO 27001.
  • The importance of the Statement of Applicability (SoA), and justifications for inclusions and exclusions.
  • How to carry out an information security risk assessment – the core competence of information security management.
  • How to develop a management framework, write policies and produce other critical documentation.
  • The key elements of management review.


  • The importance of staff, an effective communication strategy and general awareness training.
  • How to prepare for your ISO 27001 certification audit and ensure you that you pass first time.
  • How to manage and drive continual improvement under ISO 27001.
  • An overview of the audit process used by certification bodies.
  • Best-practice audit methodology based on ISO 19011.
  • How to establish, maintain and manage an audit programme.
  • How to plan, conduct, report, summarise and follow-up on an audit.
  • Effective interviewing techniques and observation skills.
  • How to use audits to identify nonconformities and ensure appropriate corrective action is taken.
  • How the audit process is used in first, second and third-party audits.


  • Course agenda

    Course agenda (day 1-3):

  • Project mandate
  • Project initiation
  • ISMS initiation
  • Management framework
  • Baseline security criteria
  • Risk management
  • Implementation
  • Annex A controls
  • Measure, monitor, review and improve
  • Certification


  • Course agenda (day 4-8):

  • Purpose and benefits of audits
  • Role of auditors
  • Role of standards in audits
  • Audit terms and definitions
  • Principles of auditing
  • Managing an audit programme
  • Performing an audit
  • Observing and listening
  • Reporting and Summarising Audit Findings
  • Conducting Audit Follow-up
  • Competence and Evaluation of Auditors
  • Accredited Certification Audit specifics
  • Auditing an Information Security Management System to ISO 27001:2013


  • What’s included in this course?

  • A professional training venue with lunch and refreshments.
  • Full course materials (digital copy provided as a PDF file).
  • The ISO 27001 Certified ISMS Lead Implementer exam.
  • The ISO 27001 Certified ISMS Lead Auditor exam.
  • A certificate of attendance.


  • What equipment should I bring?

    The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

    Course duration and times

    Day 1: 9:30 am–5:00 pm
    Day 4: 9:00 am–5:00 pm
    Day 3: 9:00 am–5:00 pm
    Day 4: 10:00 am – 5:00 pm
    Day 5: 9:15 am – 5:00 pm
    Day 6: 9:15 am – 5:00 pm
    Day 7: 9:15 am – 5:00 pm
    Day 8: 9:15 am – 1:30 pm

    Course locations

  • Learn from anywhere with our instructor-led Live Online courses, or Classroom / Live Online delivery options. Learn more.
  • Alternatively you can study in a classroom at one of our venues in London or Ely (Cambridgeshire).


  • Are there any prerequisites for this course?

    No prior knowledge or qualifications are required and the course content is suitable for non-technical and technical staff.

    Is there any recommended reading?

    We strongly recommend you purchase and read the standard prior to attending the course:

  • ISO IEC 27001 2013 and ISO IEC 27002 2013


  • We also recommend that you purchase and read the following textbooks:

  • ISO27001/ISO27002 – A Pocket Guide
  • An Introduction to Information Security and ISO27001:2013 – A Pocket Guide


  • Exams and qualifications

    The ISO 27001 Certified ISMS Lead Implementer (CIS LI) exam:

  • Delivery method: Online
  • Duration: 60 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 75%


  • The ISO 27001 Certified ISMS Lead Auditor (CIS LA) exam:

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 75%


  • Both the ISO 27001 Lead Implementer and Lead Auditor exams are set by IBITGQ ( International Board for IT Governance Qualifications ). There are no extra charge for these exams.

    This course is equivalent to:

    56

    CPD points

    What qualifications will I receive?

  • Certified ISO 27001 ISMS Lead Auditor (CIS LA).
  • Certified ISO 27001 ISMS Lead Implementer (CIS LI).


  • Accreditation

    This course is accredited by IBITGQ, as well as CIISec (The Chartered Institute of Information Security) , it satisfies the CIISec Knowledge Areas requirements at Level 1: A1, A3, A7, C1, C2, D2, E3, F2, H1 and H2; and at Level 1+: A2, A4, A5, A6, B1, B2, D1, E1, E2, F1 and G1

    You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/ GASQ successful candidate register .

    The PCI SSC (Payment Card Industry Security Standards Council) has indicated that it accepts GASQ certifications in relation to the IBITGQ-accredited courses as meeting the requirements of an individual applying to become a PCI DSS (Payment Card Industry Data Security Standard) QSA (Qualified Security Assessor).

    How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately after completing the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are emailed directly to candidates by the relevant exam board; please note that hard-copy exam certificates are n
  • Enquire

    Start date Location / delivery
    24 Sep 2021 United Kingdom Book now

    Related article

    The CISSP exam is now updated to reflect the most pertinent issues facing today’s cybersecurity professionals, along with the best practices for mi...