If you’re new to ISO 27001, you might be finding it difficult to choose a training course that suits your needs.
The first thing you need to do is work out the skills you want to acquire and the sort of jobs you’d like to perform. With ISO 27001, the two most popular qualifications are lead auditor and lead implementer courses.
The difference between them is as obvious as it sounds: an implementer implements an ISMS (information security management system) in accordance with ISO 27001, whereas an auditor audits a third party’s ISMS.
(It’s not good practice to audit your own implementation of the Standard.)
So, if you’re an ISO 27001 practitioner who wants to learn how to implement information security best practice in your organisation, a lead implementer course is for you.
A lead auditor training course, on the other hand, is for information security professionals who want to gain the skills needed to audit and certify an ISMS to ISO 27001.
IT Governance offers classroom and online training for both, and they have each been updated in line with the latest version of ISO 27001, which was released in October 2022.
ISO 27001 ISMS Lead Implementer training
An ISO 27001 lead implementer is an advanced information security position that comes with big responsibilities. Lead implementers set out the ISMS’s scope and for ensure the Standard’s requirements have been addressed.
ISO 27001 lead implementers will need to understand:
- The role and structure of an ISMS (information security management system);
- The key concepts, principles and main requirements of ISO 27001;
- The terms and definitions used in the Standard, including risk and options for risk assessments;
- How to interpret the requirements of ISO 27001 to determine the scope of your ISMS;
- How to secure senior management commitment by building a compelling business case;
- How to structure and manage an ISO 27001 project;
- How to review and map your existing controls to Annex A of ISO 27001;
- The benefits of, and key issues when selecting, a risk assessment tool;
- How to develop a management framework, write policies and produce other critical documentation;
- The importance of staff, an effective communication strategy and general awareness training;
- The key elements of management review;
- How to prepare for an ISO 27001 certification audit and ensure that you pass first time; and
- How to manage and drive continual improvement under ISO 27001.

Our Certified ISO 27001:2022 ISMS Lead Implementer Training Course teaches you the nine key steps involved in planning and adopting an ISO 27001-compliant ISMS.
Over the span of three days, you’ll discover everything you need to lead an ISO 27001 implementation project.
You’ll gain the knowledge to set out the ISMS’s scope, implement the necessary information security controls and review the ISMS over time to address any new concerns.
This training course is designed for those who are responsible for ISO 27001 and those leading the implementation project.
You should already have a solid understanding of the Standard’s risk assessment process and will have already taken a foundation-level ISO 27001 training course.
ISO 27001 Lead Auditor training
An ISO 27001 lead auditor is the person responsible for overseeing an organisation’s information security compliance status. They prepare the audit plan, deliver meetings and submit audit report at the end of quarter or year.
The lead auditor can work internally or audit a second or third party’s ISMS. Their expertise is usually required when the organisation is seeking ISO 27001 certification, or if a partner organisation requests a supply chain audit.
To ensure success as an ISO 27001 lead auditor, you will need to gain a thorough understanding of the Standard and its audit procedures, together with qualifications that are certified by accredited and respected independent organisations.

Our Certified ISO 27001:2022 ISMS Lead Auditor Training Course provides the expertise to help you gain the necessary skills.
This four-and-a-half-day training course is split into two sections. The first half of the course teaches you about auditing in general, and the second half covers best-practice advice for how to audit an ISMS.
The course is ideal for anyone who wants the responsibility for implementing and maintaining an ISMS – whether internally or for a third party. It’s also suitable for those who want to work for a specific auditing organisation, such as the BSI.
A version of this blog was originally published on 18 June 2018.