ISO/IEC 27001 Information Security Management System (ISMS) is an important standard for protecting critical information of enterprises in terms of confidentiality, integrity and accessibility. The most effective way to keep this standard alive in institutions and the easiest way to know and apply the requirements of the standard is to know the ISO/IEC 27001 requirements in every aspect. Therefore, ISO/IEC 27001 Lead Auditor training is preferred.

The difference of ISO/IEC 27001 Lead Auditor training from other trainings; ISO 19011, ISO 17021, ISO 27006 standards criteria are detailed in this training. Training is not evaluated only on standard articles. ISO 19011 for the analysis of the criteria that should be in the internal auditor, ISO 17021 for the criteria that the certification bodies will look for in the auditors, and ISO 27006 for the criteria that should be in the Information Security auditors are discussed in the training content. In this context, the training period lasts for 5 days (40 hours).


In order to plan, implement and control the documented information security studies of the enterprises and to take the necessary measures, it is necessary to know and implement ISO/IEC 27001 processes very well. In this context, competent personnel with the Lead Auditor certificate are preferred to receive support. Most businesses prefer personnel with ISO/IEC 27001 Lead Auditor certificate in order not to lose the maturity level of their information security processes.


Benefits of ISO/IEC 27001 Certificate;

  • • A certified Lead Auditor demonstrates that you have the expertise to support an organization to avoid potential threats, vulnerabilities, and adverse impacts.
  • • He/she takes an active role to analyze the information security risks of businesses and to ensure the protection of sensitive data.
  • • He/she allows certified employees to make continuous improvement and regulations within the enterprise and to control compliance.
  • • He/she provides alternative solutions to overcome difficult obstacles in solving complex problems of enterprises in terms of information security.
  • • He/she ensures that the processes of planning, implementation and reporting of audits to be carried out by enterprises are carried out easily. ,
  • • He/she ensures that the resources needed to perform second-party audits (suppliers and subcontractors) are met. In this way, the business is saved from additional costs.
  • • He/she enables employees to gain the competence to go to third-party audits with the completion of the candidate auditing processes specified in accredited certification bodies.



Training content;


  • • Intermediate exercises in training content
  • • Homework at the end of the training day
  • • Day-to-day and end-of-day assessments
  • • Organizational structure of ISO
  • • Terms and terminologies used in information security management
  • • Importance and scope of information security
  • • Confidentiality, integrity and availability
  • BGYS ANNEX-A Controls
    A.5 OrganisaEonal controls
    A.6 People controls
    A.7 Physical controls
    A.8 Technological controls
  • • Asset Management
  • • Controls to be applied according to risk analysis and results
  • • ISO 27001 requirements
  • • Handling of control articles
  • • Control types
  • • Laws and other conditions
  • • Benefits of accreditation and certification
  • • Auditor's characteristics
  • • Audit process
  • • Audit scope and audit objectives
  • • Duration of audit
  • • Auditor selection and creating an audit team
  • • Phase 1 audits
  • • Audit planning
  • • Preparing a list of questions
  • • Opening meeting
  • • Conducting an audit interview
  • • Phase 2 audits
  • • Identification of non-compliance
  • • Audit review
  • • Closing meeting
  • • Nonconformity recording and reporting
  • • Audit reporting
  • • Follow-up audits and corrective actions
  • • Examination information
  • • Examination