ISO 27001:20122 Lead Auditor Course Overview

ISO 27001:20122 Lead Auditor Certification is aimed to shape professionals in a way so that they
can support an organization in implementing, establishing, maintaining and managing the
Information Security Management System (ISMS) based on ISO/IEC 27001. ISO 27001:20122 is
basically a specification of the ISMS framework.

ISMS framework is a set of processes and procedure which accelerates the risk management
system of any organization. According to the joint ISO and IEC publication’s documentation,

ISO 27001:20122 was developed to provide a model for establishing, implementing, operating,
monitoring, reviewing, and improving an Information Security Management System. We know that
most organizations have a number of information security controls. Without an information security
management system, controls tend to be somewhat disorganized and disjointed as it is often
implemented as point solutions to specific situations.

Certified ISO 27001:20122 Lead Auditor designation is a professional certification for audit team
leaders working for certification bodies or performing supplier audits for large organizations. ISO
27001:20122 Lead auditor certification requires tertiary education plus two years of working
experience as an auditor or lead auditor in training. With ISO 27001:20122 certification, you will have
the authority to control the entire risk management system on your fingertips.
 Learning Objectives:
 Interpret and apply the ISO 27001:20122 requirements
 Recognize relationship between ISO 27000, ISO 27001, and ISO 27002
 Define information security management (ISMS) terminology
 Demonstrate how ISMS planning, policy, objectives, and processes are implemented
 Explain the difference between legal compliance and conformity
 Define the relationship between an organization’s operational informational security requirements
and the ISO 27001:20122 standard
 Assess effectiveness of an organization’s information security risk assessment methodologies
 Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within
the organization’s statement of applicability
 Apply auditing principles, procedures, and methods identified in ISO 19011:2018
 Establish audit objectives for the audit program
 Determine the feasibility of an audit
 Prepare work documents for an audit
 Apply all aspects of the on-site audit activities
 Define audit roles and responsibilities
 Document audit results, findings, and conclusions
 Identify and apply sampling techniques
 Develop an audit plan
 Demonstrate effective communication and interview skills
 Identify roles and responsibilities of audit team leaders
 Incorporate audit objectives, scope, and criteria into audit planning
 Select audit team members and assign tasks
 Identify, evaluate, and address risks in an audit plan
 Develop and manage the opening and closing meetings
 Resolve conflict during an audit
 Prepare an audit report to address all findings during an audit
 Perform audit follow-up activities
 Apply remote auditing methods