Key details

Cost: $3,395 (inc. GST)

Duration: 5 Days

CPD Points: 40

Qualifications: AU TL IS

About the course

ISO/IEC 27001:2022 provides the framework to ensure your organisation has robust security processes and controls so you can meet supplier, customer, and regulatory expectations in data protection.

The standard was updated in October 2022, published with its Annex A incorporating the controls outlined in ISO/IEC 27002:2022, released in February 2022. The updated standard also made changes to some management system clauses, making some requirements more explicit and aligning them with other Annex SL standards, such as ISO 9001. 

Our 5-day Information Security Management Systems Lead Auditor course outlines the key changes to the 2022 update of the standard. We show you how to audit an Information Security Management System in accordance with ISO 19011:2018 and give you comprehensive and practical understanding of the requirements of ISO/IEC 27001:2022. 

An information security management system such as ISO/IEC 27001 can protect information assets such as customer details, sensitive corporate information, and financial data safe from cyber-attacks and inspires confidence from key stakeholders. 

This course has the equivalent of 40 Continuing Professional Development (CPD) points.

Plus, you receive a complimentary licensed copy of:

  • ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

    After successful completion of the course, you’ll gain access to a suite of downloadable resources including templates and checklists

 

Whilst this training package uses the word “audit” and its derivatives, this does not equate with the terms audit, review, or assurance in accordance with Pronouncements or Standards issued by the Australian Auditing and Assurance Standards Board. References to the term “audit” and similar terminology within this training relate to the process of auditing in accordance with ISO 19011:2018.

Our training is different because

No homework or take-home assessment.

Internationally recognised courses.

Trainers are practising risk, audit, and systems experts.

Access a suite of downloadable resources and refresher learning bursts upon completion of the course.

Certificates are issued promptly.

We never cancel a course - enrol with confidence.

Secure your place now

Book now

Course overview

Learning Outcomes

After successful completion of this course, you will understand:

  • The principles and procedures of auditing
  • Auditor roles and responsibilities
  • The benefits of a risk-based audit programme
  • How to plan an effective audit
  • Timetabling
  • Resource allocation
  • Interpersonal skills and personal behaviours of an auditor
  • How to conduct effective opening and closing meetings
  • Preparing and distributing an audit report
  • How to implement processes and controls within the Information Security management system
  • How to identify gaps in an Information Security management system
  • Understand the mandatory documentation requirements of an Information Security system
  • How to improve your organisation’s conformance with ISO/IEC 27001:2022

 

Course Content

This course is divided into two flexible modules, enabling you to attend both modules in the one week, or spread across different sessions.The first 2-day module is equivalent to our ‘Becoming a Skilled Lead Internal/External Auditor’ course where you learn how to conduct an audit of any management system in accordance with ISO 19011. The remaining 3-day module covers the requirements of the updated information security management systems standard, ISO/IEC 27001:2022. 

Timetable

Monday

Management Systems Auditing – preparation
  • What is auditing?
  • Roles and responsibilities of an auditor and an audit team leader
  • The 6 principles of auditing from ISO 19011
  • Effective audit planning and timetabling
  • Communication skills, interview techniques, and useful questioning methods
  • Setting appropriate audit objectives, scope, and criteria
  • Developing audit checklists

Tuesday

Management Systems Auditing – the audit
  • Conducting an opening meeting
  • Identifying objective evidence and taking good notes
  • Reviewing auditing scenarios
  • Writing audit findings including nonconformities and non-compliances
  • Presenting a closing meeting
  • Compiling a meaningful audit report

Wednesday

Information Security Management Systems
  • Introduction to Information Security
  • Context of Information Security
  • Information Security management systems requirements
  • Risk-based approach to information security
  • Structure of Information Security controls and control attributes.

Thursday

Information Security controls
  • Information Security controls – Organisational, people, physical, technological
  • Information classification
  • Documentation requirements of Information security management systems

Friday

Information Security application
  • Statement of applicability
  • Information security audit scenarios
  • Course review

Qualification 

Upon successful completion of the course, you will receive a Certificate of Attainment which identifies the 3 Exemplar Global competencies below:

  1. Exemplar Global IS – Information Security management systems
  2. Exemplar Global AU – Management systems auditing
  3. Exemplar Global TL – Leading management systems audit teams

 

Prerequisites

There are no prerequisites for this course.

Assessment

Throughout the course, you will complete a series of workshops which form part of the assessment. A short multiple-choice exam at the completion of each module assesses the knowledge and understanding gained throughout the training. You will receive continual assistance and feedback from the trainer and are given anecdotal examples of real world audit situations.

No homework or take-home assessment. 

Who should attend 

Designed to cater to a variety of people currently involved in the audit and Information Security Management System process, you should attend if you:

  • want to become an internal ISMS auditor
  • want to become a 3rd party IS auditor
  • need to write and implement a ISMS
  • are involved in the Information Security management process
  • are a manager responsible for an ISMS and ISMS auditing
  • wish to consolidate your existing knowledge into a formal qualification.

Prior experience in auditing and management systems is not essential.

Study Pathway – Where to from here?

If you wish to become a registered third-party or external Information Security Management Systems auditor with Exemplar Global, you need to have obtained the competency units from this course.

Additional Exemplar Global competencies for Quality Management Systems (Exemplar Global QM), Environmental Management Systems (Exemplar Global EM) and/or OH&S Management Systems (Exemplar Global OH 45001), Food Safety Management Systems (Exemplar Global FS), and Business Continuity (Exemplar Global BC) may be attended separately. We also offer courses in Risk Management and Psychological Health and Safety at Work

Price

The price of this course is $3,395 (inc. GST). Discounts for multiple attendees are available – please contact us to find out what discounts can be applied.

How to enrol

We offeran easy, streamlined enrolment process – you can either enrol directly into your course online, or call us on 1300 95 96 92 to enrol over the phone.

How to pay

We offer a variety of payment methods:

  • Direct debit
  • Credit card
  • Cheque
  • Payment plans

Payment plans

We are able to arrange flexible payment plans on an individual basis. Please be aware that your certificate will be held until full payment has been received.

Delivery

Public – Virtual/Online

This course is delivered online via our virtual training platform. Our virtual courses are available to participants in Australia and New Zealand. They provide the same premium learning experience as our face-to-face sessions, with the added convenience of online learning. The virtual platform mimics in-person learning and aims to be engaging and interactive, with real-time group exercises, Q&A sessions, and online assessments. No matter your location, you can benefit from our expert-led training and become proficient in auditing an information security management system.

Please note: Due to licensing restrictions, our virtual courses are open to participants from Australia and NZ only.

In-house – Face-to-face or virtual

In-house training can provide a cost-effective training solution for organisations with a number of staff who require training. We can also customise a course to suit your own individual needs, and include your own audit documentation. Call us on 1300 95 96 92 or complete the form below to request a quote. 

Request an In-house quote

Training Course Locations

Sydney

Karstens, Level 1, 111 Harrington St, Sydney NSW 2000

Perth

Karstens, Level 1, 111 St Georges Terrace, Perth WA 6000

Brisbane

Karstens, Level 24, 215 Adelaide Street, Brisbane QLD 4000

Melbourne

Karstens, 123 Queen Street, Melbourne VIC 3000

Adelaide

ETC, Level 5, 38 Gawler Place, Adelaide SA 5000

Canberra

Cliftons, Level 2, 10 Moore St, Canberra ACT 2601

Risk Training Professionals

Secure your place now

Book now

Course Dates

Sort Location Start Finish Duration
Virtual - AEDT (AUST & NZ participants only) Mon 10 Feb 2025 Fri 14 Feb 2025 5 Days Book now
Virtual - AEDT (AUST & NZ participants only) Mon 24 Mar 2025 Fri 28 Mar 2025 5 Days Book now
Virtual - AEST (AUST & NZ participants only) Mon 16 Jun 2025 Fri 20 Jun 2025 5 Days Book now
Virtual - AEST (AUST & NZ participants only) Mon 08 Sep 2025 Fri 12 Sep 2025 5 Days Book now
Virtual - AEDT (AUST & NZ participants only) Mon 08 Dec 2025 Fri 12 Dec 2025 5 Days Book now

There are no search results in your chosen search.
Register and we'll be in touch when courses are available

Register Now

Can't find course dates in your city?

Register and we'll be in touch when courses are available

Register Now

“The virtual classroom coupled with an enthusiastic trainer made the course easy to run through and as good as any face to face courses I have ever attended.”

It was evident that the trainer had significant industry related experience in auditing. They were able to reinforce learnings and keep us interested by integrating their experiences into the course with relevant and engaging real world examples.

Course was enjoyable and I like the fact that we’re given a copy of the each of the Standards!

Honestly thought it was gonna be boring. I was very wrong! Very engaging and informative. Loved all 5 days and will be back for more courses!

Really enjoyed the training. What could be a very stale topic was delivered in a very engaging and detailed way. I particularly enjoyed the conversational delivery of the content and the practical activities were challenging and well presented. The catering was great too.

Need help finding a course?

Speak directly with a member of the RTP team to decide which course is right for you.

Talk to a training expert

Get 10% off the standard price of our virtually-delivered courses. Download your 2024/25 calendar here.
×
Menu