+27 087 405 5715     info.africa@pinkelephant.co.za


ISO/IEC 27001 Information Security Manager – Auditor

Course Type:
Training Costs:
Exam Costs:
Next Course:
R 17,000
5 days
Closed Course


Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.


After successfully completing the exam; participants can apply for the credentials of PECB Certified ISO/IEC 27001 Provisional Auditor; PECB Certified ISO/IEC 27001 Auditor or PECB Certified ISO/IEC 27001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors. A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential: (view the brochure)


Start Date Type Start Day Location Cost (excl. VAT) Register


The “PECB Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP).


The Course

This five-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team of auditors by applying widely recognised audit principles, procedures and techniques. During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC 27001 standard.

Target Group

The training ISO Standards is designed to provide insight into the basic processes of, understanding, and is therefore especially suitable for:

  • Internal auditors
  • Auditors wanting to perform and lead an ISMS certification audits
  • Members of an Information Security team
  • Technical experts wanting to prepare for an Information Security audit function

Knowledge Objective

  • Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27001
  • Normative, regulatory and legal framework related to Information Security
  • Fundamental principles of Information Security
  • The ISO/IEC 27001 certification process
  • Detailed presentation of the clauses of ISO/IEC 27001
  • Planning and initiating an ISO/IEC 27001 audit
  • Fundamental audit concepts and principles
  • Audit the approach based on evidence and on risk
  • Preparation of an ISO/IEC 27001 certification audit
  • Documenting of an ISMS audit
  • Conducting an ISO/IEC 27001 audit
  • Communication during the audit
  • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Drafting test plans
  • Formulation of audit findings, drafting of nonconformity reports
  • Concluding and ensuring the follow-up of an ISO/IEC 27001 audit
  • Audit documentation
  • Conducting a closing meeting and conclusion of an ISO/IEC 27001 audit
  • Evaluation of corrective action plans
  • ISO/IEC 27001 surveillance audit and audit management program
  • To acquire expertise of performing an ISO/IEC 27001 internal audit, following the ISO 19011 guidelines
  • To acquire expertise of performing an ISO 27001 certification audit, following the ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
  • To acquire necessary expertise for managing an ISMS audit team
  • To understand the operation of an ISO/IEC 27001


5 days