ISO 27001 qualifications: Lead Auditor or Lead Implementer?

If you’re new to ISO 27001, you might be finding it difficult to choose a training course that suits your needs.

Two of the more popular options are the lead auditor and lead implementer courses, but which one is right for you?

First and foremost, it really is as obvious as it sounds: an implementer implements an ISMS (information security management system) in accordance with ISO 27001, and an auditor audits a third party’s ISMS.

(It’s not good practice to audit your own implementation of the Standard.)

So, if you’re a practitioner who wants to learn how to implement information security best practice in your organisation, a lead implementer course is for you.

A lead auditor training course, on the other hand, is for information security professionals who want to be able to audit and certify an ISMS to ISO 27001.

IT Governance offers classroom and online training for both implementing to and auditing against ISO 27001.

Our team of trainers are leaders in the field, having led the world’s first ISO 27001 certification project, and we’ve since helped more than 7,000 professionals with ISO 27001 training.

ISO 27001 ISMS Lead Implementer training

Our Certified ISO 27001 ISMS Lead Implementer Training Course teaches you the nine key steps involved in planning and adopting an ISO 27001-compliant ISMS.

Over the span of three days, you’ll discover everything you need to lead an ISO 27001 implementation project. You’ll gain the knowledge to set out the ISMS’s scope, implement the necessary information security controls and review the ISMS over time to address any new concerns.

This training course is designed for those who are responsible for ISO 27001 and those leading the implementation project.

You should already have a solid understanding of the Standard’s risk assessment process and will have already taken a foundation-level ISO 27001 training course.

ISO 27001 Lead Auditor training

Our Certified ISO 27001 ISMS Lead Auditor Training Course provides the expertise to help you audit against the Standard.

This four-and-a-half-day training course is split into two sections. The first half of the course teaches you about auditing in general, and the second half covers best-practice advice for how to audit an ISMS.

The course is ideal for anyone who wants the responsibility for implementing and maintaining an ISMS – whether internally or for a third party. It’s also suitable for those who want to work for a specific auditing organisation, such as the BSI.


A version of this blog was originally published on 18 June 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.