ISO 37301 Lead Auditor Course prepares professionals to plan and conduct audits of Compliance Management Systems, assessing conformity and effectiveness against the requirements of ISO 37301. The training addresses the full audit cycle, with focus on independence, evidence and professional judgement.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • base price
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 4h
SPECIALIST LEVEL — advanced skills to address critical challenges in the field.
Why this course exists
To transform ISO 37301 requirements into real, evidence-based auditing aligned with international best practices.
Many organisations implement or maintain a CMS, but struggle when they need to demonstrate conformity, auditable evidence and ability to respond to internal and external audits. This ISO 37301 Lead Auditor course prepares professionals to structure an Audit Programme, lead teams and conduct audits of a Compliance Management System, with method, consistency and results orientation.
What this course enables you to do
Structure
Design and maintain an audit programme, internal and/or external, aligned with ISO 37301 and audit best practices.
Plan
Prepare and plan audits, including objectives, criteria, scope, team, plan and approach, including Stage 1 and Stage 2 audits.
Conduct
Conduct audits using appropriate methods for collecting and verifying evidence, effective communication and team management in a real context.
Conclude
Record findings and nonconformities, build conclusions, produce reports and manage follow-up, supporting the maintenance of ISO 37301 certification.
Frameworks, standards and best practices addressed throughout the course
ISO 37000
ISO 37002
ISO 37004
ISO 37005
ISO 31000
ISO 19011
ISO/IEC 17021-1
ISO/IEC 17024
Audit Programme
Stage 1 & Stage 2
BEHAVIOUR methodology — step by step
Value for the organisation
- Greater governance and control capability over the CMS, with structured internal audits and consistent evidence.
- Reduced risk of critical nonconformities in external audits, through preparation and method.
- Continuous improvement based on findings, corrective actions and auditable follow-up.
- Teams more capable of engaging with Certification Bodies and supporting the maintenance of ISO 37301 certification.
Introduction
The ISO 37301 Lead Auditor course is supported by a practical case study and challenges participants to plan, conduct, report and follow up audits of a Compliance Management System (CMS), based on the requirements of ISO 37301 and internationally recognised best practices.
In addition to mastering the standard’s clause-by-clause concepts, principles and requirements, the course focuses on developing the ability to perform effective and robust audits, through a step-by-step audit methodology proposed by BEHAVIOUR. This approach integrates audit programme planning, definition of criteria and objectives, assessment of compliance risks, conduct of interviews, analysis of evidence, formulation of findings, report writing and follow-up of corrective and improvement actions.
The ISO 37301 Lead Auditor course also connects with audit and governance best practices, including the principles of ISO 19011, integration with other management systems and a structured view of ethics, integrity, compliance culture and continuous improvement, preparing participants to act as Lead Auditors in internal audits, supplier audits or audits of certified entities, with confidence, rigour and professional consistency.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Understand the fundamental concepts of compliance management and the main requirements of ISO 37301.
- Know and understand the correlation between standards in the ISO 37301 family, including ISO 37000, ISO 37002, ISO 37004, ISO 37005 and other related practices, including ISO standards, applicable legislation and regulations.
- Understand the ISO 37301 certification process.
- Understand the requirements for an ISO 37301 CMS and its implementation and operation process.
- Understand the fundamental audit concepts and principles based on ISO 19011.
- Establish and improve an internal audit programme in accordance with ISO 37301.
- Prepare and plan CMS audits in accordance with ISO 37301; conduct audits and conclude with report and follow-up.
- Acquire the knowledge required to succeed in the “BEHAVIOUR Certified Compliance Management 37301 Lead Auditor” exam.
Target Audience
- Compliance directors and managers, risk managers and other GRC functions that need to perform assessments and/or internal or external audits in the context of a CMS.
- Internal auditors who participate in or lead ISO 37301 audits.
- External auditors and professionals who wish to work with Certification Bodies in ISO 37301 certification audits.
- Managers or owners of audit departments who wish to establish a compliant audit programme.
- Project managers coordinating or preparing to coordinate an ISO 37301 implementation programme and needing to understand audit requirements.
- Professionals involved in implementing or operating an ISO 37301-based CMS who wish to better understand the audit process.
Prerequisites
There are no mandatory formal prerequisites. However, other specific requirements may apply, where relevant, depending on the quotation or proposal presented. Please consult the applicable proposal.
Programme
Compliance management, framework and certification
- Introduction to the course
- Compliance management standards, common requirements for legal and regulatory compliance, and ethical principles
- Relationship between ISO 37301 and ISO 31000 and integration with other Management System Standards (MSS)
- Main differences between ISO 19600 and ISO 37301
- Progressing towards ISO 37301 certification
- Compliance management fundamentals
CMS requirements (ISO 37301) — clauses
- Presentation and overview of CMS requirements — Part 1: Clauses 4 to 7
- Presentation and overview of CMS requirements — Part 2: Clauses 8 to 10
Audit programme and planning; Stage 1 & Stage 2
- Introduction to audit concepts and principles based on ISO 19011
- Internal audit programme
- Preparation and planning of CMS audits
- Communication during the audit
- Audit planning and initiation
- Document audit (Stage 1)
- Planning for on-site audit (Stage 2)
- On-site audit (Stage 2)
Conclusion, report, follow-up and maintenance of certification
- Obtaining and verifying information: audit methods and tests
- Identification and recording of audit results
- Preparation for conclusions
- Closing the audit; preparing and distributing the report
- Follow-up activities
- Maintenance of ISO 37301 certification
- Personal certification and training closure
Exam(s) and Certification
Exam “Certified Compliance Management 37301 Lead Auditor”
The exam covers the following competence domains:
- Domain 1: Compliance management fundamentals and ISO 37301 requirements
- Domain 2: Fundamental audit concepts and principles based on ISO 19011
- Domain 3: Establishing and maintaining an ISO 37301 internal audit programme
- Domain 4: Preparing and planning ISO 37301 audit activities
- Domain 5: Conducting ISO 37301 audit activities
- Domain 6: Completing and closing ISO 37301 audit activities
Language(s): Portuguese and English. Please consult BEHAVIOUR for availability in other languages.
Duration: 4 hours (240 minutes).
Format: Multiple-choice questions and open questions, based on a main case study and related to the competence domains.
Number of questions: 48 questions.
Pass mark: 700/1000 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the exam result release date.
Certification — levels and requirements
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate may apply for one of three levels, according to experience:
- Certified Compliance Management 37301 Associate Auditor: no previous experience required
- Certified Compliance Management 37301 Auditor: 2 years of experience in compliance management and audits
- Certified Compliance Management 37301 Lead Auditor: 5 years of experience in compliance management and audits
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying. The certification is issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
The personal certification programme Certified Compliance Management 37301 Lead Auditor is designed and maintained in accordance with the standard ISO/IEC 17024.
Certification programmes are valid only for individuals, not companies, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.
If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Online training materials (documentation in English), with online access, in accordance with the awarded conditions.
- Practical step-by-step audit methodology.
- Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits.
- Online Certification Exam; it may be taken up to 2 months after the course start date.
- Free retake in accordance with the scheme rules.
- Digital Diploma and Digital Badge after passing and application, with no additional cost.
Trainer(s)
The trainers are consultants and auditors with experience in compliance management, auditing and implementation of management systems, with focus on ISO 37301 and correlated standards.
Benefits
View benefits
- ISO 37301 defines requirements for an auditable and internationally recognised Compliance Management System.
- Audit-oriented course, with practical step-by-step methodology and case study.
- Objective preparation for the certification exam (4h; case study; mixed questions).
- Free retake within the period defined in the scheme.
Logistics
Useful information
- Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- 28 hours of synchronous training, distributed across 4 consecutive days
- Estimated 12 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside the synchronous sessions
- Requirements: computer with stable internet, updated browser, PDF reader and audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.
Frequently Asked Questions
Objective answers to the most common questions about the ISO 37301 Lead Auditor course. More FAQs coming soon.
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
This course may be attended by individual professionals. It may also be integrated into capacity-building pathways for audit, compliance, risk and internal control teams that need to assess Compliance Management Systems with rigour, consistency and objectivity.