ISO/IEC 27001 AUDIT: ASSESSING COMPLIANCE WITH THE INFORMATION SECURITY MANAGEMENT SYSTEM STANDARD
ISO/IEC 27001 AUDIT: ASSESSING COMPLIANCE WITH THE INFORMATION SECURITY MANAGEMENT SYSTEM STANDARD
Course Schedule
| Date | Venue | Fees (Face-to-Face) |
|---|---|---|
| 20 – 24 Oct 2025 | London, UK | USD 3495 per delegate |
Course Introduction
ISO/IEC 27001 is the globally recognized standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Organizations certified under this standard demonstrate a commitment to managing sensitive information securely and systematically.
This 5-day intensive training is designed for professionals responsible for planning, conducting, or supporting ISO/IEC 27001 audits. Participants will gain a deep understanding of the standard’s requirements, control objectives, and auditing methodology. Through practical exercises, group discussions, and case studies, this course prepares attendees to assess ISMS design and effectiveness, identify nonconformities, and support certification or internal audit readiness.
Course Objectives
By the end of this course, participants will be able to:
• Interpret the structure and core requirements of ISO/IEC 27001:2022
• Plan and conduct internal or external audits of ISMS components
• Evaluate risks, controls, and compliance with Annex A control objectives
• Document audit findings and recommend corrective actions based on ISO 19011
• Support certification readiness and continual improvement initiatives
Key Benefits of Attending
• Gain the auditing knowledge needed to assess or prepare for ISO/IEC 27001 certification
• Understand how to evaluate risks, control measures, and security policies
• Identify gaps, nonconformities, and improvement areas within an ISMS
• Strengthen your ability to safeguard information assets and maintain compliance
• Align your organization with international best practices in information security governance
Intended Audience
This program is designed for:
• Internal and external auditors
• Information security managers and officers
• IT governance, risk, and compliance (GRC) professionals
• Consultants preparing clients for ISO/IEC 27001 audits
• Anyone involved in implementing or managing an ISMS
Individual Benefits
Key competencies that will be developed include:
• Understanding of ISO/IEC 27001 and Annex A controls
• Audit scoping, planning, fieldwork, and reporting
• Risk-based auditing and evidence collection techniques
• Use of ISO 19011 guidance for management system audits
• Confidence in participating in or leading ISMS audits
Organization Benefits
Upon completing the training course, participants will demonstrate:
• Improved ISMS compliance and audit readiness
• Enhanced ability to identify and mitigate information security risks
• Support for certification processes and internal audits
• Stronger internal controls and governance over information assets
• Alignment with global regulatory and contractual information security expectations
Instructional Methdology
The course follows a blended learning approach combining theory with practice:
• Strategy Briefings – ISO/IEC 27001 structure, clauses, and control domains
• Case Studies – Real-world audit scenarios and certification journeys
• Workshops – Risk assessment, audit checklists, nonconformity writing
• Peer Exchange – Audit challenges and best practices across industries
• Tools – ISMS audit templates, risk registers, evidence logs, and scoring models
Course Outline
Detailed 5-Day Course Outline
Training Hours: 7:30 AM – 3:30 PM
Daily Format: 3–4 Learning Modules | Coffee breaks: 09:30 & 11:15 | Lunch Buffet: 01:00 – 02:00
Day 1: Foundations of ISO/IEC 27001 and ISMS Auditing
- Module 1: Overview of ISO/IEC 27001:2022 Standard (07:30 – 09:30)
• Structure, scope, and key definitions
• Relationship with ISO 27002, ISO 27005, and ISO 19011 - Module 2: ISMS Principles and Risk-Based Approach (09:45 – 11:15)
• ISMS context, leadership, planning, and objectives - Module 3: Audit Fundamentals and ISO 19011 Guidance (11:30 – 01:00)
• Audit lifecycle, auditor competence, ethics, and evidence - Module 4: Workshop – Mapping ISMS Clauses to Audit Scope (02:00 – 03:30)
• Participants define scope for a sample ISMS audit
Day 2: Risk Management and Annex A Controls (Part 1)
- Module 1: Risk Identification and Assessment (07:30 – 09:30)
• ISO 27005 alignment, risk scenarios, treatment plans - Module 2: Annex A Controls – Organizational Controls (09:45 – 11:15)
• Information security policies, roles, responsibilities, and awareness - Module 3: Human Resource & Asset Management Controls (11:30 – 01:00)
• Background checks, user responsibilities, asset inventories - Module 4: Workshop – Risk Register and Control Mapping (02:00 – 03:30)
• Link risks to Annex A control requirements
Day 3: Annex A Controls (Part 2) – Technical & Physical
- Module 1: Access Control and Cryptography (07:30 – 09:30)
• Password policies, least privilege, secure key management - Module 2: Physical and Environmental Security (09:45 – 11:15)
• Security perimeters, entry controls, equipment protection - Module 3: Operations and Communications Security (11:30 – 01:00)
• Change management, backup, logging, and network controls - Module 4: Workshop – Annex A Control Audit Walkthrough (02:00 – 03:30)
• Participants evaluate compliance of a sample control set
Day 4: Audit Execution and Evidence Collection
- Module 1: Conducting Interviews and Process Observations (07:30 – 09:30)
• Stakeholder engagement, sampling, and note-taking techniques - Module 2: Documentation Review and Evidence Gathering (09:45 – 11:15)
• Policies, procedures, logs, and audit trails - Module 3: Identifying Nonconformities and Opportunities for Improvement (11:30 – 01:00)
• Grading findings and assigning corrective actions - Module 4: Workshop – Writing Nonconformity Statements (02:00 – 03:30)
• Practice documenting three levels of audit findings
Day 5: Reporting, Certification & Continuous Improvement
- Module 1: Audit Reporting and Stakeholder Communication (07:30 – 09:30)
• Audit report structure, risk summary, and action tracking - Module 2: Certification Process and Surveillance Audits (09:45 – 11:15)
• Stage 1 & 2 audits, recertification, and maintaining certification - Module 3: Final Group Audit Simulation and Presentations (11:30 – 01:00)
• Teams conduct mock audits and present key findings - Module 4: Wrap-Up and Certification (02:00 – 03:30)
• Course summary, feedback, and certificate distribution
Certification
Participants will receive a Certificate of Completion in ISO/IEC 27001 Audit, confirming their expertise in evaluating and auditing Information Security Management Systems in alignment with ISO/IEC 27001:2022 requirements.