ISO 27001 LEAD AUDITOR (I27001IA/LA)

The ISO 27001 Lead Auditor certification is designed to validate the knowledge and skills required to audit an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2022 standard. The training covers information security, cybersecurity, and privacy protection, and prepares professionals to lead internal and external audits using ISO 19011 guidelines.

This course includes theoretical presentations, practical examples, and workshops to help participants develop strong auditing competencies.

ADDRESSED TO

This certification is aimed at:

  • IT directors and executives
  • IS/IT auditors
  • Cybersecurity and information security professionals
  • IT/IS consultants and managers
  • Professionals or students in fields related to IT service management
  • Anyone responsible for auditing or improving an ISMS

PURPOSE

This course aims to:

  • Understand and analyze the ISO/IEC 27001:2022 standard and its requirements
  • Learn key terms, concepts, and structures related to ISMS, cybersecurity, and privacy
  • Identify opportunities for improvement in an ISMS
  • Acquire the skills necessary to audit processes against ISO 27001
  • Prepare for certification as an ISO 27001 Lead Auditor

MAIN TOPICS

1. Introduction and Background

  • What is an ISMS
  • History and evolution of ISO/IEC 27001
  • Benefits of ISO 27001 and related standards
  • Structure of ISO/IEC 27001:2022
  • ISO 27000 family overview

2. Key Concepts

  • Information security principles
  • Management system fundamentals
  • Critical success factors for ISMS

3. Terms and Definitions

  • Definitions and structure of ISMS
  • PDCA (Plan-Do-Check-Act) cycle
  • Design and implementation phases of an ISMS

4. Context of the Organization

  • Understanding the organization and its context (4.1)
  • Stakeholder needs and expectations (4.2)
  • Determining the ISMS scope (4.3)
  • Establishing the ISMS (4.4)
  • Workshop sessions

5. Leadership

  • Leadership and commitment (5.1)
  • Information security policy (5.2)
  • Roles and responsibilities (5.3)

6. Planning

  • Addressing risks and opportunities (6.1)
  • Risk treatment plans and ISO 31000 reference
  • Information security objectives (6.2)

7. Support

  • Resources and competencies (7.1, 7.2)
  • Awareness and communication (7.3, 7.4)
  • Documented information (7.5)

8. Operation

  • Operational planning and control (8.1)
  • Risk assessment and treatment (8.2, 8.3)

9. Performance Evaluation

  • Monitoring and evaluation (9.1)
  • Internal audit (9.2)
  • Management review (9.3)

10. Improvement

  • Nonconformities and corrective actions (10.1)
  • Continual improvement (10.2)

11. Annex A – Controls Overview

  • Domains, clauses, and control objectives
  • Organizational, human, physical, and technological controls

12. Information Security Risk Management (ISO/IEC 27005)

  • Asset identification, classification, and threat profiles
  • Vulnerability and uncertainty in risk management
  • ISMS risk management workshop

13. Internal Audits and Lead Auditor Competencies (ISO 19011:2018)

  • Audit principles, scope, and types
  • Audit planning, program, and criteria
  • Evidence gathering, interview techniques, and time management
  • Handling nonconformities and drafting reports
  • Execution of follow-up and surveillance audits
  • Practical workshops and simulation
ISO 27001 LEAD AUDITOR (I27001IA/LA)

Duration:

Duración:

60 min

Number of questions:

40 Preguntas

Minimum passing:

80%

Available languages:​

English, Spanish, Portuguese

Second chance (free):

SI
Take your exam online.

$150.00

en_US
en_US pt_BR es_ES

Do you want to log out?

YES
NO

Verification

   This course is NOT 15098 verified

   Issued by

This user is NOT verified

   VERIFIED