ISO 27001 qualifications: Lead Auditor or Lead Implementer?

If you’re new to the international standard for information security management, ISO 27001, you might be finding it difficult to choose a training course that suits your needs.

If you can’t decide between a lead auditor and a lead implementer course, the following information should help.

First and foremost, it really is as obvious as it sounds: an implementer implements an ISMS (information security management system) in accordance with ISO 27001 and an auditor audits a third party’s ISMS. (It’s not good practice to audit your own implementation of the Standard.)

So, if you’re a practitioner who wants to learn how to implement information security best practice in your organisation, a lead implementer course is for you.

A lead auditor course, on the other hand, is for information security professionals who want to be able to audit and certify* an ISMS to ISO 27001.

IT Governance is the world’s leading provider of classroom and online ISO 27001 training. Our team led the world’s first ISO 27001 certification project and we’ve helped more than 7,000 professionals with ISO 27001 training on ISMS implementations and audits.

Our ISMS lead implementer and lead auditor training courses are available in classroom and Live Online formats.


ISO27001 Certified ISMS Lead Implementer training course

ISO 27001 certified ISMS lead implementer training courseDeveloped by Alan Calder and Steve Watkins, joint authors of IT Governance: An International Guide to Data Security and ISO27001/ISO27002, and acknowledged as the most comprehensive ISO 27001 implementation course in the UK, this three-day certificated course equips you with the skills to lead an ISO 27001-compliant ISMS implementation project.

Now available as a classroom and Live Online course.

Course contents

  • How to secure senior management commitment and build the business case.
  • The role and structure of an information security policy.
  • How to determine the scope of your ISMS based on the requirements of ISO 27001.
  • Developing a management framework.
  • How to structure and manage your ISO 27001 project.
  • How to allocate roles and responsibilities for your ISO 27001 implementation.
  • The definition of risk in ISO 27001 and options for risk assessments under the Standard.
  • The benefits of, and key issues when selecting, a risk assessment tool.
  • How to carry out an information security risk assessment – the core competence of information security management.
  • The Statement of Applicability (SoA), and justifications for inclusions and exclusions.
  • Reviewing your existing controls and mapping controls to Annex A of ISO 27001.
  • The importance of an effective communication strategy.
  • Writing policies and producing other critical documentation.
  • The importance of staff and general awareness training.
  • The key elements of management review.
  • How to manage and drive continual improvement under ISO 27001.
  • How to prepare for your ISO 27001 certification audit.
  • Important information to ensure that you pass the audit first time.

Book your place on the ISO27001 Certified ISMS Lead Implementer training course >>


ISO27001 Certified ISMS Lead Auditor training course

Certified ISMS Lead Auditor training courseTake the first step toward developing a career as an ISO 27001 lead auditor. This four-and-a-half-day certificated course has been designed to develop practical knowledge and auditing skills based on the core audit requirements outlined in the ISO 19011 standard. For implementation managers, understanding the requirements and the methodology employed by an external ISO 27001 lead auditor is crucial to the success of any ISO 27001 implementation project.

Now available as a classroom and Live Online course.

Course contents

  • Understanding the audit process used by certification bodies.
  • An overview of the structure and requirements of ISO 27001.
  • How to use audits to monitor conformance.
  • How to continually improve the ISMS.
  • The purpose and benefits of the audit.
  • The role of auditors and standards in audits.
  • Common audit terms and definitions.
  • The principles of effective auditing.
  • Critical skills required for performing an audit.
  • The importance of observing and listening.
  • Conducting an audit follow-up.
  • The competence and evaluation of auditors.
  • Accredited certification audit specifics.
  • Selecting and leading an audit team.
  • Managing communications with the audit client.
  • How the audit process is used in first-, second- and third-party audits.
  • How to establish and maintain an audit programme.
  • Planning, conducting, reporting and following up on an audit.
  • Selecting and leading an audit team.
  • Managing communications with the audit client.
  • Best-practice audit methodology based on ISO 19011.

Book your place on the ISO27001 Certified ISMS Lead Auditor training course >>

Find out more about ISO 27001 training and qualifications >>

* Note that ISO 27001 certificates can only be issued under the auspices of accredited certification bodies – if you hold a CIS LA (Certified ISMS Lead Auditor) qualification you will not automatically be entitled to issue them.

corporate account

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.