________________________________________________________________
Do you want to take this course in another training mode?
Contact us
Other modes: Telepresence - Classroom
________________________________________________________________
ISO 27001 Information Security Management Systems Internal Auditor Certification Course
Course Overview
The ISO/IEC 27001:2022 Internal Auditor Certification provides the necessary knowledge and skills to plan, execute, and report internal audits of an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2022 standard.
This certification enables professionals to assess ISMS conformity, identify non-conformities, detect improvement opportunities, and contribute to the continuous improvement of the system, ensuring sustained compliance with international standard requirements.
It is aimed at those involved in internal auditing processes or wishing to specialize in information security control and assurance within an organization.
Virtual course with certification exam included as a gift!
(If the student belongs to LaaS Cert, the training does not include the exam)
ISO 27001 Training Course Objectives
Upon completion of the course, participants will be able to:
- Understand the requirements of the ISO/IEC 27001:2022 standard from an internal audit perspective.
- Plan and execute internal ISMS audits.
- Identify non-conformities, risks, and opportunities for improvement.
- Prepare clear and structured audit reports.
- Verify the effectiveness of corrective actions and the continuous improvement of the ISMS.
Prerequisites
The following prerequisites are not specific for taking the exam but are highly recommended for those intending to take the ISO/IEC 27001 Lead Auditor exam.
- ISO/IEC 27001 Implementer Certified
- ISO/IEC 27001 Internal Auditor Certified
⏱️
Course Duration:
100 hours
🔑
Virtual Campus Access:
3 months
Who is this course for?
This training is aimed at:
- Internal management system auditors.
- Information Security Managers.
- IT professionals involved in ISMS.
- Cybersecurity and compliance consultants.
- Risk, business continuity, and regulatory compliance managers.
- Professionals who wish to specialize in ISO/IEC 27001 auditing.
ISO 27001 Internal Auditor Training Content – Course Program
Module 1: Fundamentals of Auditing and Information Security Management
- 1.1 Auditing Principles according to ISO 19011
- 1.2 High-Level Structure (HLS) and its Application
- 1.3 Types of Audit and the Role of the Lead Auditor
- 1.4 Terminology
- 1.5 PDCA Cycle
- 1.6 27001 Structure
- 1.7 ISO/IEC 17021-1
Practical activities:
- Activity 1.1: Analysis of Auditing Principles
- Activity 1.2: Classification of Findings
Upon completing this module, you will be able to:
- Explain the fundamental auditing principles according to ISO 19011:2018 and their application in leading teams.
- Understand the High-Level Structure (HLS) and its harmonized application in ISO/IEC 27001:2022.
- Distinguish between audit types and the role of the lead auditor in each.
- Master advanced audit terminology: criterion, evidence, finding, conclusion, major/minor NC.
- Understand the PDCA cycle applied to ISMS and its relationship with risk-based thinking.
- Identify the complete structure of ISO/IEC 27001:2022: clauses 4-10, Annex A, and Amd 1.
- Know the requirements of ISO/IEC 17021-1:2015 and their impact on the work of the lead auditor.
Module 2: Audit Program Management and Team Leadership
- 2.1 Program Design
- 2.2 Roles and Competencies
- 2.3 Selection and Mentoring
- 2.4 Resource Management
- 2.5 Performance Evaluation
- 2.6 Complex Plans
- 2.7 Situational Leadership
Practical workshop
Upon completing this module, you will be able to:
- Design, implement, and maintain the risk-based ISMS audit program.
- Define roles, responsibilities, and competency criteria within the audit team.
- Select, evaluate, and mentor audit team members.
- Manage audit program resources.
- Evaluate and document the audit team's performance.
- Develop complex, multi-site, or integrated audit plans.
- Apply situational leadership and conflict management techniques.
Module 3: Lead Audit Execution: Clauses 4 to 10
- 3.1 Audit of Clause 4: Context of the Organization
- 3.2 Clause 5: Leadership
- 3.3 Clause 6: Planning
- 3.4 Clause 7: Support
- 3.5 Clause 8: Operation
- 3.6 Clause 9: Evaluation
- 3.7 Advanced Techniques
Practical workshop
Upon completing this module, you will be able to:
- Audit clause 4: organizational context, interested parties, and climate change.
- Audit clause 5: leadership, security policy, and accountability.
- Audit clause 6: planning, risk assessment, and objectives.
- Audit clause 7: support, competence, awareness, and documented information.
- Audit clause 8: operation, change control, suppliers, and SoA.
- Audit clause 9: performance evaluation, internal audit, and management review.
- Audit clause 10: improvement, NC, root cause analysis, and corrective actions.
- Apply advanced auditing techniques in real-world contexts.
Module 4: Advanced Evaluation of Annex A Controls: 2022
- 4.1 Organizational Domain (5.1 to 5.37)
- 4.2 People Domain (6.1 to 6.8)
- 4.3 Physical Domain (7.1 to 7.14)
- 4.4 Technological Domain (8.1 to 8.34)
- 4.5 SoA Audit
- 4.6 Integration & Amd 1
Practical activities
Upon completing this module, you will be able to:
- Critically evaluate controls in the Organizational Domain (5.1 to 5.37).
- Evaluate the effectiveness of controls in the People Domain (6.1 to 6.8).
- Evaluate the adequacy of controls in the Physical Domain (7.1 to 7.14).
- Thoroughly evaluate controls in the Technological Domain (8.1 to 8.34).
- Audit the SoA with critical judgment: justifications, coverage, and alignment.
- Evaluate the integrated effectiveness of controls and dependencies between domains.
- Incorporate the evaluation of controls related to climate change (Amd 1).
Module 5: Communication, Executive Reports, and Follow-up
- 5.1 Opening and Closing Meetings with Top Management
- 5.2 Review and Validation of Team Findings
- 5.3 Classification of Non-Conformities
- 5.4 Preparation of Executive Reports
- 5.5 Audit Opinions and Judgments
- 5.6 Management of Appeals and Disputes
- 5.7 Follow-up of Corrective Actions
Upon completing this module, you will be able to:
- Lead opening and closing meetings with top management.
- Review, validate, and approve audit team findings.
- Classify NCs as major or minor according to objective criteria.
- Prepare executive audit reports for top management.
- Issue audit opinions and judgments.
- Manage the appeals and disputes process.
- Lead the follow-up of corrective actions.
Module 6: Integrated Audit, Regulatory Context, and Program Improvement
- 6.1 Integrated ISMS Audits
- 6.2 Regulatory and Legal Compliance
- 6.3 Complementary Frameworks
- 6.4 Complex Scenarios in Regulated Sectors
- 6.5 ISMS Maturity Assessment
- 6.6 Continuous Improvement of the Audit Program
- 6.7 Trends and Best Practices
Practical workshop
Upon completing this module, you will be able to:
- Lead integrated ISMS audits with other management systems.
- Assess ISMS compliance with regulatory and legal requirements.
- Evaluate ISMS alignment with complementary frameworks.
- Analyze complex audit scenarios in highly regulated sectors.
- Assess ISMS maturity using models like CMMI or ISO 15504.
- Manage the continuous improvement of the audit program.
- Identify trends and best practices in ISMS auditing.
Want to take this course? Request information now
If you wish to take this course virtually, you can purchase it at the top of the product page. For any questions, please contact us.
If you wish to take this course in classroom or telepresence modality, please contact us:
Nanfor, a CertJoin partner IT training center
Nanfor is an IT training center with extensive experience in official and specialized training in cybersecurity, ISO standards, Microsoft technologies, and advanced corporate environment training.
As an authorized CertJoin partner, Nanfor delivers this training aligned with official certification standards, guaranteeing:
- Updated and accredited training.
- Specialized instructors with real experience in ISO projects.
- Specific preparation to pass the official exam.
- Support and guidance throughout the training process.
Frequently Asked Questions
Is this certification official?
Yes. The ISO/IEC 27001:2022 Internal Auditor Certified is an official CertJoin certification, delivered by Nanfor as an authorized partner IT training center.
Does the course directly prepare for the certification exam?
Yes. The training is specifically designed to prepare participants to pass the official ISO/IEC 27001:2022 Internal Auditor Certified exam. Plus, the training includes the exam as a gift!
In what language is the exam available?
The official certification exam is available in Spanish and English.
What is the duration and modality of the course?
The training is virtual – e-learning with support always by your side. It takes place in Nanfor's virtual classroom, with 3 months of access and the possibility of extending one more month (not available for subsidized training).
On-site or telepresence training can also be arranged upon request.
What type of exam is taken?
The exam is multiple-choice, taken online, timed, and completed without external assistance.
Can this course be subsidized through FUNDAE?
Yes. Nanfor offers subsidized training through FUNDAE (Spanish State Foundation for Training in Employment). Companies that meet the requirements can fully or partially subsidize the course cost using their training credits.
Nanfor supports the company throughout the entire subsidy management process.