25,000+ Courses Nationwide
0203 908 2376

ISO 27001 Internal Auditor

Learn how to drive continual improvement within your organisation’s information management system (ISMS) and find out how to identify opportunities for improvement and take corrective action to maintain conformity to the ISO 27001 standard.

Designed by the team that led the world’s rst successful ISO 27001 implementation project.

A real-world auditor shows you how to tackle an ISMS audit from start to finish.

Participate in group discussions, practical exercises and case studies throughout the course.

Aligned with best-practice ISO 19011:2011 (Guidelines for auditing management systems) audit methodology.

What’s included in this course?

  • A professional training venue with lunch and refreshments;
  • Full course materials (digital copy provided as a PDF file);
  • The ISO 27001 Certified ISMS Internal Auditor exam; and
  • A certificate of attendance.

Course duration and times

Day 1: 9:30 am – 4:30 pm Day 2: 9:15 am – 5:00 pm

Select specific date to see price, venue and full details.

Learning Objectives

What does the ISO 27001 Internal Auditor course cover?

  • An overview of the structure and requirements of ISO 27001.
  • The mandatory documents for an ISO 27001-compliant ISMS.
  • The relationship between ISO 27001, ISO 19011 and ISO 27007. 
  • How an internal audit contributes to the effectiveness of an ISMS. 
  • Internal audit concepts, terms and definitions.
  • The principles of auditing conformance to ISO 27001.
  • The resources required for an internal audit. 
  • The roles, responsibilities and desired attributes of the internal auditor.
  • The different approaches to conducting an internal audit.
  • How to plan, develop and manage an effective audit programme.
  • How to plan individual internal audits.
  • How to conduct an internal audit and handle the interview process.  
  • How to identify and report evidence-based nonconformities.
  • How to take corrective action and conduct an internal audit follow-up.
  • The seven principles of a quality management system. 
  • An overview of the certification process.


What equipment should I bring?

The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

Are there any prerequisites for this course?

Before joining this course, you need to have attended the ISO 27001 Certified ISMS Foundation training course or you have a good working knowledge of ISO 27001 gained through practical experience.

Course Content

Course agenda:

  • Internal audit concepts
  • Why pursue ISO 27001 certification?
  • Structure and content of ISO 27001
  • Internal audit resource
  • The audit programme
  • Planning individual internal audits
  • Conducting audits
  • Reporting
  • Corrective action and follow up


Exams & Certification

Achieve the ISO27001 Certified ISMS Internal Auditor (CIS IA) qualification (ISO 17024-certificated). Exam included in the course.

Attendees take the ISO 27001 Certified ISMS Internal Auditor (CIS IA), ISO 17024-certificated, exam at the end of the course. This is a 60-minute multiple-choice online exam, consisting of 40 questions. Candidates need to achieve a minimum of 65% to pass.

How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Can exams be retaken?

Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.

Do I need to bring proof of identity?

Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

CPD/CPE points

This course is equivalent to 14 CPD/CPE points.

CIS IA is acknowledged by the Payment Card Industry Security Standards Council (PCI SSC) as an approved qualification meeting the requirements of an application for an individual to become a Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA).


Is there any recommended reading?

We strongly recommend you purchase and read the standard prior to attending the course:

  • ISO IEC 27001 2013 and ISO IEC 27002 2013

We also recommend that you purchase and read the following textbooks:

  • ISO27001/ISO27002 – A Pocket Guide
  • An Introduction to Information Security and ISO27001:2013 – A Pocket Guide

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best