loader

Training & Certifications

ISO/IEC 27001 Lead Auditor


ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. The ISO/IEC 27001:2022 Lead Auditor training program offered by Multimatics is designed to equip participants with the knowledge and skills required to assess the Information Security Management System (ISMS) of an organization in accordance with the requirements of the ISO / IEC 27001:2022 standard. The training material is prepared based on the latest edition of ISO/IEC 27001:2022, accompanied by discussions and exercises to work on the questions.


At the end of the program, the participants will be able to :

  • Understand the purpose of an Information Security Management System and the processes involved in establishing, implementing, maintaining and continually improving an ISMS
  • Apply PDCA approach to information security management processes
  • Understand the role and skills required by an auditor / lead auditor
  • Understand auditing concepts and principles
  • Plan, conduct and report audits in accordance with ISO 19011

This program is specially designed for:

  • Members/supporting personnel of the Information Security Management Team who have responsibility to audit/implement/improve an information security management system
  • All ISMS auditors who wish to acquire an internationally recognized auditor status
  • Any other personnel who wish to advance their career in management systems, irrespective of discipline

This program is 5 days of intensive training class.


Candidate must hold ISO/IEC 27001 Foundation certification to qualify to sit the Practitioner exam.


The program provided by Multimatics will be delivered through interactive presentation by professional instructor(s), group debriefs, individual and team exercises, behavior modelling and roleplays, one-to-one and group discussion, case studies, and projects.


Participants are expected to have prior knowledge on the following subjects:

  • Management systems: Understand the Plan-Do-Check-Act (PDCA) cycle;
  • Information security management principles and concepts: awareness of the need for information security; the assignment of responsibility for information security; incorporating management commitment and the interests of stakeholders; enhancing societal values; using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk; incorporating security as an essential element of information networks and systems; the active prevention and detection of information security incidents; ensuring a comprehensive approach to information security management; continual reassessment of info. security and making of modifications as appropriate
  • Knowledge on ISO/IEC 27001 requirements (and ISO/IEC 27002) may be gained by completing a CQI IRCA certified ISMS Foundation Training course or equivalent.

Participants will be assessed throughout the ISO 27001 Lead Auditor training course for punctuality, presentation skills, interactive approach, involvement, role-play, daily tests etc., and finally through a written examination (closed book) at the end of the course. Participants who score 70% and above in both the continuous assessment and written examination will be issued a CQI IRCA accredited ISO 27001 lead auditor training course certificate.



Scroll to Top