Get 20% discount

ISO 27001 Lead Auditor for Information Security (ISMS)


1. Introduction
ISO 27000 series is the globally and most-adopted information security management system (ISMS). 27001 sets the requirements of ISMS and other members of 27000 family sets out guidelines for different activities to make ISMS effective, including implementation and auditing. This course covers clear understanding of the 27001 and the audit activities on 27001 in line with ISO 19011. It does not include the official certification exam on 27001 LA, but includes a simulated exam to prepare for an exam.

2. How participants will benefit after the course
It is a very useful training to learn ISO 27001, 27002, 31000 and 19011. It also develops auditing skill in participants. Participants can contribute to 27001 establishment in their organizations very skillfully with the tips from the resource person, a professional auditor.

27001-conversant professionals are treated with a higher priority among their competitors in job hunting.


PPT demonstartion, reference book walkthrough, practice exams & discussions, etc.

Contents of Training:

Part-1: Understanding ISO 27001

Session-1: Understanding ISO 27000 series & PDCA cycle
a. Understanding information security and CIA
b. ISO 27000 product family and usage in relation to 27001
c. Scope of ISO 27001
d. Legal, regulatory and contractual (LRC) compliance
e. Compliance vs. conformance
f. ISO 27001 certification / conformance benefits
g. Plan – Do – Check – Act (PDCA) cycle for ISO management standards

Session-2: Understanding ISO 27001 clauses 4.1 to 4.2.2
4. Information security management system
4.1. General requirements
4.2. Establishing and managing the ISMS
4.2.1. Establish the ISMS
4.2.2. Implement and operate the ISMS

Session-3: Understanding ISO 27001 clauses 4.2.3 to 4.3.3
4.2.3 Monitor and review the ISMS
4.2.4 Maintain and improve the ISMS
4.3 Documentation requirements
4.3.1 General
4.3.2 Control of documents
4.3.3 Control of records

Session-4: Understanding ISO 27001 clauses 5 to 8
5. Management responsibility
5.1. Management commitment
5.2. Resource management
6. Internal ISMS audits
7. Management review of the ISMS
7.1. General
7.2. Review input
7.3. Review output
8. ISMS improvement
8.1. Continual improvement
8.2. Corrective action
8.3. Preventive action

Session-5: Understanding IS risk management using ISO-31000
a. Vulnerability
b. Threat
c. Threat source
d. Motivation and exploiting likelihood
e. Business impact
f. Risk evaluation
g. Risk classification and prioritization
h. Risk treat options (4Ts) and plan (controls)
i. Residual risk
j. Risk mitigation monitoring
k. Self control assessment

Session-6: Understanding Controls, A.5 to A.10
A.5. Security policy
A.6. Organization of information security
A.7. Asset management
A.8. Human resources security
A.9. Physical and environmental security
A.10. Communications and operations management

Session-7: Understanding Controls, A.11 to A.15
A.11. Access control
A.12. Information systems acquisition, development and maintenance
A.13. Information security incident management
A.14. Business continuity management
A.15. Compliance

Session-8: Implementation Aids for ISO 27001 (summarized)
a. Policy and process documentation
b. Information asset register
c. Thread assessment
d. Business impact analysis
e. Risk assessment & risk register
f. Risk mitigation plan (RTP) & tracker
g. LRC compliance plan & tracker for information security
h. Documentation archive for ISMS
i. Management & functional ownership
j. Management review & monitoring templates for ISMS

Part-2: Auditing ISMS for conformance with ISO 27001

Session-9: ISO 19011 for auditing management systems (ISMS)
4. Principles of auditing
5. Managing an audit program
6. Performing an audit
7. Competence and evaluation of auditors

Session-10: Writing audit reports for ISO 27001 conformance
a. Documentation audit
b. Effectiveness audit
c. Transition from documentation audit to effectiveness audit
d. Report template
e. ISO 27001 audit report grading & criteria
f. Writing style of individual non-conformance or observation

Session-11: Preparing for ISO 27001 LA exam
a. MCQ
b. Short answers
c. Long answers
d. Auditing on case studies and reporting non-conformance

Session-12: Sample Exam on ISO 27001 audits based on case study
ISO 27001 LA simulated exam

Reference ISO standards:
* ISO 27001: security requirements (standards)
* ISO 27002: guidance for implementing 27001 (code of practice)
* ISO 19011: auditing management systems in general

Related Courses

Abu Shams Mahmood Arif
  • Friday, July 7, 2017

Day to day HR and Admin data analysis, reporting, tools and ...

Muhammad Arif-ur-Rahman
  • 7 - 8 Jul 2017 (2 Days)

If you are a new comer in Excel or after all these years of ...

Mostofa Monower
  • 8 - 21 Jul 2017 (4 evenings)

This training program builds upon advanced level knowledge ...

Muhammad Arif-ur-Rahman
  • 9 - 18 Jul 2017 (4 session)

Advanced Microsoft Excel 2007 & 2010 course to develop ...



9140345, 9117179 Ltd.

19 th floor (East), BDBL Building (Old BSRS)
12 Karwan Bazaar
Dhaka - 1215

Auditors, IT career-seekers, IT professionals, etc (virtually anyone, as it is a management system and a general competency).