| Cart Total:

ISO 27001:2013 Lead Auditor

Format Classroom

This course is intended to qualify ISO 27001:2013 auditors to conduct effective audits of an organization’s information security management system.

Understand the requirements of ISO 27001:2013 to be able to conduct a successful audit. The course includes hands-on workshops to prepare you for real-life auditing situations. You’ll learn to manage the audit process and complete reporting.

This course is being offered in cooperation with DEKRA AQS, an Exemplar Global certified provider.

Course Data

  • CEU Hours: 3.4
  • Length: 34 Hours
  • ASQ RU: 3.4
  • Audience: Practitioner, Professional
  • Provider: ASQ - ILT
Course Overview

Learning Objectives:

  • Interpret and apply the ISO 27001:2013 requirements
  • Recognize relationship between ISO 27000, ISO 27001, and ISO 27002
  • Define information security management (ISMS) terminology
  • Demonstrate how ISMS planning, policy, objectives, and processes are implemented
  • Explain the difference between legal compliance and conformity
  • Define the relationship between an organization’s operational informational security requirements and the ISO 27001:2013 standard
  • Assess effectiveness of an organization’s information security risk assessment methodologies
  • Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within the organization’s statement of applicability
  • Apply auditing principles, procedures, and methods identified in ISO 19011:2018
  • Establish audit objectives for the audit program
  • Determine the feasibility of an audit
  • Prepare work documents for an audit
  • Apply all aspects of the on-site audit activities
  • Define audit roles and responsibilities
  • Document audit results, findings, and conclusions
  • Identify and apply sampling techniques
  • Develop an audit plan
  • Demonstrate effective communication and interview skills
  • Identify roles and responsibilities of audit team leaders
  • Incorporate audit objectives, scope, and criteria into audit planning
  • Select audit team members and assign tasks
  • Identify, evaluate, and address risks in an audit plan
  • Develop and manage the opening and closing meetings
  • Resolve conflict during an audit
  • Prepare an audit report to address all findings during an audit
  • Perform audit follow-up activities
  • Apply remote auditing methods


All attendees are required to bring their own copy of the ISO/IEC 27001:2013: Information technology – Information security management systems – Requirements to this training and ISO/IEC 27002:2013: Information technology – Security techniques – Code of practice for information security controls. Copies will not be provided for you.

Who Should Attend:

Those responsible for planning and scheduling an internal audit program for ISO 27001:2013 and those who must perform audits to ISO 27001:2013, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.

Day One

  • Introduction to information security (IS)
  • Benefits of an ISMS
  • ISO 27000 family of documents
  • ISO 27001 standard
  • ISO 27001 annex list of controls

Day Two

    • Controls in ISO 27002
    • Evaluate effectiveness of information security management system (ISMS)
    • Information security risk assessment methodologies
    • Analyze controls in Statement of Applicability as they relate to treatment of risk
    • Organization’s monitoring, measurement, analysis, and evaluation activities
    • Legal compliance and conformity
    • Apply standard and annex to scenarios

    Day Three

      • Management system audits
      • Types of audits
      • Audit approaches
      • Audit objectives, scope, and criteria
      • Audit risks and opportunities
      • Roles and responsibilities
      • Audit techniques
      • Audit cycle

      Day Four

        • Audit team leaders
        • Audit plan
        • Combined audits
        • Conduct audits
        • Opening meetings
        • Team briefings
        • Closing meeting
        • Audit report
        • Audit follow-up
Cancellation Policy
ASQ reserves the right to cancel or re-schedule courses and to change instructors. Please be advised that in the event of a course cancellation, ASQ is not responsible for airfare penalties or other travel related expenses you may incur.
  • If you need to cancel, we will refund your paid registration fee as noted below.
    • Requests for cancellations/transfers received at least 5 business days before the start of the course receive a full refund/transfer.
    • Requests received within 5 business days of the course starting incur a $150 processing fee.
    • After the course starts, there are no refunds or transfers.
    • Registrants who fail to attend without advance notice are liable for the entire course fee.
    • If you cannot find a substitute, we can transfer your course fees to another ASQ course of your choice.
  • You must successfully complete the entire course or program before IACET CEUs and a Certificate of Completion can be awarded.

Enrollment Details

Format: Classroom
Format: Classroom

An instructor-led traditional classroom experience. Classroom-based instruction involves the highest level of instructor/student interaction. We offer classroom style training in two formats. See public and on-site.

No Offerings Scheduled English List: $2299 Member: $2069



ASQ’s customized on-site training programs are the cost-effective way for you to train employees on your schedule. Training on-site minimizes the cost-per-student, reduces travel expenses, and ensures that the content is specific to your exact needs.

5 Benefits of On-Site Training

  1. Expertise to your location: Saves time and travel expenses
  2. Convenient scheduling: Train groups of five or more
  3. Customizable courses: Training tailored to your groups’ needs
  4. Immediate results: Employees complete courses ready to apply what they’ve learned
  5. Value-add support: Instructors available to answer questions after session