ISO 27001 Lead Auditor

To ensure independent and consistent audits, the ISO 27001 Lead Auditor Course prepares professionals to plan and conduct audits to an ISMS, assessing conformity and effectiveness against ISO/IEC 27001. The training covers the full audit cycle, with a strong focus on evidence and professional judgement.

Register
Companies: request a proposal

Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Programme· Exam & Certification· Other information· Benefits· Logistics· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training with interaction with the trainer and the group.

19 May 2026
Live Online • next edition
20 July 2026
Live Online • base price
Duration: 4 days / 40h
Language: available in PT or ENG
Training: practical and case-study based
Exam: 4h
SPECIALIST LEVEL – Advanced competencies to address critical challenges in the field.

Why this course exists

To transform ISO/IEC 27001 requirements and controls into real, evidential and internationally aligned auditing practice.

Many organisations implement (or maintain) an ISMS, but fail when they need to demonstrate conformity, auditable evidence and the ability to respond to internal and external audits. This course prepares professionals to structure an Audit Programme, lead teams and conduct audits to an ISMS, with method, consistency and results-oriented direction.

What this course enables you to do

Structure

Design and maintain an audit programme (internal and/or external) aligned with ISO/IEC 27001 and with audit best practices.

Plan

Prepare and plan audits (objectives, criteria, scope, team, plan and approach), including Stage 1 and Stage 2 audits.

Conduct

Carry out audits using appropriate methods for collecting and verifying evidence, effective communication and team management in a real context.

Conclude

Record findings and nonconformities, build conclusions, produce the report and manage follow-up, supporting the maintenance of ISO/IEC 27001 certification.

Frameworks, standards and best practices addressed throughout the course

ISO/IEC 27001
ISO/IEC 27002
ISO 19011
ISO/IEC 27007
ISO/IEC 27008
ISO/IEC 17021-1
ISO/IEC 27006
ISO/IEC 17024
Audit Programme
Stage 1 & Stage 2
BEHAVIOUR Methodology (step by step)

Value for the organisation

  • Greater governance and control capability over the ISMS, with structured internal audits and consistent evidence
  • Reduced risk of critical nonconformities in external audits, through preparation and method
  • Continuous improvement based on findings, corrective actions and auditable follow-up
  • A more competent team to engage with Certification Bodies and support the maintenance of ISO/IEC 27001 certification

Introduction

The ISO 27001 Lead Auditor course is supported by a practical case study and prepares participants to plan, prepare, conduct, conclude and report audits of an Information Security Management System (ISMS), based on the requirements of ISO/IEC 27001 and internationally recognised auditing best practices.

Beyond mastering the concepts, principles, clause-by-clause requirements and applicable controls, the course focuses on the ability to audit with method, consistency and professional judgement, through a step-by-step methodology proposed by BEHAVIOUR. This approach includes the establishment and management of an Audit Programme, audit preparation and planning, the definition of objectives, criteria and scope, the collection and validation of evidence, the identification of findings and nonconformities, the formulation of conclusions, report preparation and follow-up activities.

The ISO 27001 Lead Auditor course is also aligned with the best practices of the ISO/IEC 27000 family (including ISO/IEC 27002, ISO 19011, ISO/IEC 27007 and ISO/IEC 27008), ensuring an integrated view of conformity, auditing, risk management and continuous improvement, and preparing participants to perform internal and external ISMS audits with confidence and rigour, including Stage 1 and Stage 2 audits.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

At the end of this course, participants will be able to:

  • Understand fundamental concepts of information security and the main requirements and controls of ISO/IEC 27001
  • Know the correlation within the ISO/IEC 27000 family, including ISO/IEC 27001 and ISO/IEC 27002, as well as relevant practices, legislation and regulation
  • Understand the ISO/IEC 27001 certification process
  • Understand fundamental audit concepts and principles based on ISO 19011
  • Establish, implement, maintain and improve an internal audit programme aligned with ISO/IEC 27001 and supported by audit best practices
  • Prepare and plan ISO/IEC 27001 audits, defining objectives, criteria, scope, team, plan and approach
  • Understand roles (including the auditor role), competence requirements and communication requirements for successful audits
  • Conduct internal and external ISO/IEC 27001 audits (1st, 2nd and 3rd party), including Stage 1 and Stage 2
  • Complete an ISO/IEC 27001 audit, ensuring follow-up and closure activities
  • Use the audit process to support ongoing conformity and maintenance of ISO/IEC 27001 certification
  • Acquire the knowledge required to succeed in the “BEHAVIOUR Certified Information Security 27001 Lead Auditor” exam

Target Audience

  • Information Security/IT consultants and other professionals who need to perform internal or external audits
  • Internal auditors who participate in or lead ISO/IEC 27001 audits
  • External auditors (contracted) and professionals who wish to work with Certification Bodies in ISO/IEC 27001 certification audits
  • Managers or heads of audit functions/departments who want to strengthen a compliant audit programme
  • Project managers who lead (or are preparing to lead) an ISO/IEC 27001 implementation programme and need to understand audit requirements
  • Professionals involved in the implementation or operation of an ISMS who wish to understand the audit process in depth

Prerequisites

There are no mandatory formal prerequisites. However, prior experience or exposure to information security, Information Security Management Systems (ISMS), audits, risk management, governance and operations is recommended, as well as familiarity with standards and best practices from the ISO/IEC 27000 family.

In addition, other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please consult the proposal)..

Programme

Information Security, ISO/IEC 27001 and related best practices
  • Introduction to the course
  • Information security standards and conformity requirements
  • Preparation for ISO/IEC 27001 certification
  • Information security fundamentals
  • Presentation and overview of ISMS requirements (Part 1: Clauses 4 to 6.1)
ISMS and fundamental audit principles
  • Presentation and overview of ISMS requirements (Part 2: Clauses 6.2 to 10 and Annex A)
  • Introduction to audit concepts and principles based on ISO 19011
Prepare, plan and initiate the audit; perform document review and on-site audit
  • Internal audit programme
  • Preparation and planning of ISMS audits
  • Communication during the audit
  • Audit planning and initiation
  • Document review audit (Stage 1)
  • Information synthesis and planning for on-site audit (Stage 2)
  • On-site audit execution (Stage 2)
Complete on-site activities and close the audit
  • Obtain and verify information: audit methods and testing
  • Identify and record audit findings
  • Prepare audit conclusions
  • Audit closure; prepare and distribute the report
  • Follow-up activities
  • Maintenance of ISO/IEC 27001 certification
  • Personal certification and training closure

Exam(s) and Certification

Exam “Certified Information Security 27001 Lead Auditor”

The exam covers the following competence domains:

  • Domain 1: Information security fundamentals and ISO/IEC 27001 requirements
  • Domain 2: Fundamental audit concepts and principles based on ISO 19011
  • Domain 3: Establish and maintain an ISO/IEC 27001 internal audit programme
  • Domain 4: Prepare and plan ISO/IEC 27001 audit activities
  • Domain 5: Conduct ISO/IEC 27001 audit activities
  • Domain 6: Complete and close ISO/IEC 27001 audit activities

 

Language(s): Portuguese and English (please consult BEHAVIOUR regarding availability in other languages).
Duration: 4 hours (240 minutes).
Format: Multiple choice and open questions, based on a main case study and related to the competence domains.
Number of questions: 48 questions.
Pass mark: 700/1000 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the date on which the exam result is made available.

Certification (levels and requirements)

After successfully completing the exam and accepting/signing the applicable agreement and Code of Ethics, the candidate may apply for one of three levels, according to experience:

  • Certified Information Security 27001 Associate Auditor: no prior experience required
  • Certified Information Security 27001 Auditor: 2 years of experience in information security and auditing
  • Certified Information Security 27001 Lead Auditor: 5 years of experience in information security and auditing

 

A Certificate and a Digital Certification Badge (i.e., “badge”) will be issued to participants who successfully complete the certification exam and satisfy all the requirements of the certification for which they are applying. Certification is issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.

Behaviour® professional certification (proprietary scheme), with international market recognition. The scheme is designed and operated based on best practices for the certification of persons, principles of impartiality and exam quality, and applicable international references (including the principles of ISO/IEC 17024).

Certification programmes are valid only for individuals (not companies), and the granting and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement/Code of Ethics.

If the professional does not comply with the agreement/Code of Ethics, the certification is not granted or is revoked.

Other Information

General Information
  • Training in Portuguese or English
  • Online training materials in Portuguese or English, with online access, and in accordance with the awarded conditions
  • Practical step-by-step audit methodology
  • Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits
  • Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date
  • If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result
  • Digital Certification Diploma and Digital Certification Badge, after successfully passing the exam and completing the application process. This record has no associated cost
Trainer(s)
The trainers are renowned consultants and auditors, with several years of experience in implementation, auditing and training within the ISO 27000 family, with particular focus on ISO 27001, ISO 27005 and related standards.

Benefits

View benefits
  • The ISO/IEC 27001 standard defines an auditable and certifiable Information Security Management System (ISMS), recognised internationally.
  • ISO/IEC 27001 supports certification and international recognition, market access, operational optimisation and strengthened trust with clients, partners and regulatory authorities.
  • The ISO 27001 Lead Auditor Course is based on the BEHAVIOUR pedagogical model, with a personal certification programme in accordance with ISO/IEC 17024.
  • Audit-oriented course, with a step-by-step process covering the audit programme, planning, evidence gathering, findings and follow-up.
  • Preparation for internal and external audits, including best practices based on ISO 19011 and requirements applicable to certification audits.
  • Customised methodology that transforms knowledge into practice, with tools and techniques applicable in a real context.
  • Certification exam supervised by an official BEHAVIOUR administrator.
  • Exam with multiple choice and open questions, based on a case study, to measure competence more effectively.
  • After passing the exam and applying for certification, the professional reaches the applicable level. In case of failure, there is a free retake within the period defined in the scheme.

Logistics

Useful information
  • Live Online (synchronous time): 9:30–17:30 (Lisbon, GMT 0), with lunch break and short breaks
  • Classroom (synchronous time): 9:30–17:30 (Lisbon, GMT 0), with lunch break and short breaks
  • 28 hours of synchronous training, distributed across 4 consecutive days
  • Estimated 12 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside synchronous sessions
  • Requirements: computer with stable internet, browser, PDF reader, audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to the most common questions about the ISO 27001 Lead Auditor Course.

What is the difference between this course and an ISO 27001 Lead Implementer course?
This course is oriented towards the audit perspective: preparing, planning, conducting, concluding and reporting audits to an ISMS based on ISO/IEC 27001 and related references. A Lead Implementer course, in turn, focuses mainly on the design, implementation, operation and improvement of the ISMS. They are complementary paths, but with different professional focuses.
Is this course useful for organisations that are not yet certified to ISO/IEC 27001?
Yes. Even before certification, the course helps the organisation understand how the ISMS will be analysed in an audit context, what type of evidence tends to be valued and how to prepare teams, processes and records for a more robust and consistent assessment process.
Is the course relevant only for certification audits?
No. The knowledge acquired is also useful for internal audits, supplier audits, conformity assessments and other structured verification initiatives related to information security. The value of the course lies in the ability to apply audit principles and methods in different organisational contexts.
Can professionals who manage or support an ISMS, but do not work exclusively as auditors, benefit from this course?
Yes. The course is particularly useful for professionals who need to understand how auditors assess the ISMS, how to interpret evidence, how to prepare the organisation for audits and how to improve interaction with internal teams, clients, partners and Certification Bodies.
Does this course help improve evidence quality and reduce recurring findings?
Yes. One of the practical contributions of the course is to strengthen the ability to distinguish strong evidence from weak evidence, identify gaps more rigorously and improve the way the organisation prepares, presents and supports ISMS conformity. This tends to support more consistent audits and reduce repeated weaknesses over time.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
Request Proposal