Expert

ISO/IEC 27001 Lead Auditor

Master third-party ISMS auditing in line with ISO/IEC 19011 and ISO/IEC 27007. PECB-certifying 5-day course.

Learning objectives

  • Master ISO/IEC 19011 audit principles applied to ISMS
  • Plan and prepare an ISO 27001 certification audit
  • Lead interviews and collect evidence on site
  • Qualify findings according to PECB rules and ISO/IEC 27007
  • Draft a compliant and actionable audit report
  • Pass the PECB ISO/IEC 27001 Lead Auditor exam

Target audience

Internal or external auditors, experienced cybersecurity consultants, CISOs looking to conduct third-party audits, quality managers transitioning to ISMS auditing.

Prerequisites

Solid knowledge of ISO/IEC 27001:2022 (Lead Implementer certification recommended or equivalent). Professional experience in cybersecurity or auditing (2 years minimum).

Detailed programme

Course objective

This 5-day course trains future ISMS auditors to lead a third-party ISO/IEC 27001:2022 certification audit. It covers audit techniques per ISO/IEC 19011 (guidelines for auditing management systems) and ISO/IEC 27007 (specific guidelines for ISMS audits), from planning through to the audit report.

At the end of the course, participants take the PECB ISO/IEC 27001 Lead Auditor exam (3 hours, written). This certification is required to act as an auditor for an accredited certification body.

Detailed programme (35 hours)

Day 1 — ISO 27001 fundamentals and audit principles

  • Refresher on ISO/IEC 27001:2022 and ISO/IEC 27002:2022 requirements
  • Audit principles per ISO/IEC 19011 (integrity, neutrality, evidence-based approach)
  • Types of audit: first, second, third party
  • Auditor qualifications and competencies

Day 2 — Audit preparation

  • Audit programme and certification cycle (initial, surveillance, recertification)
  • Documentation review
  • Audit plan and team task allocation
  • Preparing questionnaires and checklists

Day 3 — Conducting the audit

  • Opening meeting
  • Interview techniques and evidence collection
  • Sampling and audit-evidence review
  • On-site auditing: observations, tests, interviews
  • Communication during the audit (escalation, tension management)

Day 4 — Audit conclusions and reporting

  • Qualifying findings: major/minor nonconformity, observation, opportunity for improvement
  • Decision rules and finding wording
  • Drafting the audit report per ISO/IEC 27007
  • Closing meeting and communicating results
  • Follow-up of corrective actions

Day 5 — Audit simulation and PECB exam

  • Full simulation: team audit of a fictional ISMS
  • Debrief and feedback
  • PECB ISO/IEC 27001 Lead Auditor certification exam

Teaching methods

Strongly hands-on: 50% workshops and role-play (interviews, finding wording, report drafting). Trainers are practising certified Lead Auditors. Cohort case study based on a digital-services SME.

Assessment

Continuous assessment through finding-wording exercises. Final PECB exam: 80 questions, 3 hours, written, 70% pass mark.

Accessibility

Accessible to participants with disabilities on prior request. France Travail (AIF) funding scheme available.

← Back to catalogue