ISO 27701 Lead Auditor

Course Description

The ISO/IEC 27701 Lead Auditor training enables participants to acquire the expertise to perform a Privacy Information Management System (PIMS) audit by applying widely recognized audit principles, procedures, and techniques. This training helps participants understand the relationship between ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, and other regulatory frameworks, and provides the skills to conduct audits in compliance with ISO 19011 and ISO/IEC 17021-1.

Duration

5 Days

Course Objectives

  • Understand the operations of a Privacy Information Management System (PIMS) based on ISO/IEC 27701.
  • Acknowledge the correlation between ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, and other standards and
    regulatory frameworks.
  • Master audit principles, techniques, and become competent in planning, conducting, and closing audits.
  • Manage an audit program and lead an audit team effectively.
  • Demonstrate compliance with best practices in auditing privacy and information security management systems.

Course Audience

  • Auditors seeking to perform and lead PIMS audits.
  • Managers or consultants wishing to master the PIMS audit process.
  • Individuals responsible for maintaining conformity with ISO/IEC 27701 requirements.
  • Technical experts preparing for a PIMS audit.
  • Expert advisors in information security and privacy management.

Course Prerequisites

  • A fundamental understanding of information security and privacy concepts.
  • Knowledge of ISO/IEC 27001 and ISO/IEC 27002 standards is recommended.
  • Audit experience is beneficial but not mandatory.

Course Outline

  • Day 1 Introduction to Privacy Information Management Systems and ISO/IEC 27701

    1. Course objectives and structure.
    2. Standards and regulatory frameworks.
    3. Privacy Information Management System (PIMS).
    4. Fundamental principles of information security and privacy.
    5. Overview of ISO/IEC 27701 requirements.

  • Day 2 Audit Principles, Preparation, and Launch of an Audit

    1. Audit fundamentals and principles (ISO 19011).
    2. Audit initiation: objectives, scope, and criteria.
    3. Risk-based and evidence-based auditing.
    4. Stage 1 audit preparation.
    5. Organizing and conducting opening meetings.

  • Day 3 On-site Audit Activities

    1. Preparing for stage 2 audit.
    2. Conducting stage 2 audit.
    3. Audit procedures, data collection, and verification.
    4. Building audit test plans.
    5. Communication during the audit.

  • Day 4 Closing the Audit

    1. Preparing audit findings and nonconformity reports.
    2. Documenting audit results.
    3. Closing meeting.
    4. Follow-up activities and corrective actions.
    5. Managing an internal audit program.
    6. Continuous improvement of the audit process.

  • Day 5 Certification Exam

    1. 3-hour exam, covering 7 domains of competence:

      • Fundamental principles and concepts of PIMS.
      • PIMS requirements (ISO/IEC 27701).
      • Fundamental audit concepts and principles.
      • Preparing an ISO/IEC 27701 audit.
      • Conducting an ISO/IEC 27701 audit.
      • Closing an ISO/IEC 27701 audit.
      • Managing an ISO/IEC 27701 audit program.