Skip to Menu Skip to Search Contact Us Philippines Websites & Languages Skip to Content


This Virtual Instructor Led Training (VILT) course is designed to provide learners the relevant skills and knowledge to carry out audits of Information Security Management Systems (ISMS) against ISO 27001.


Jul 13, 2020, 06:30


Jul 17, 2020, 15:30



Chris Yau - Hong Kong

Tutor's Profile

Chris Yau
SGS Hong Kong Ltd.
Global Products & Services Development Manager

Chris handles various management and technical positions with his stay in SGS. He currently handled projects that involve market analysis, resource planning, product development, project management, and deployment or rollout of new products.

Chris has a vast experience on research since he used to be a member of The Hongkong University of Science and Technology. He published several articles and technical documents including the SGS White Paper on Understanding the Supply Chain Security Certification Standards: A Discussion about the Challenges, Impacts and Opportunities for the Security of Supply Chain Management Systems.


This course is certificated by the Chartered Quality Institute (CQI) and the International Register of Certified Auditors (IRCA) globally.  CQI and IRCA Course Number 17279 - PR 320.

 This course consists of 11 VILT sessions and 1 face to face classroom based refresher and the final examination.

 Learners will be required to complete the face to face examination within 180 days of the start date of the VILT course.

IRCA Accreditation

We are accredited by the International Register of Certified Auditors (IRCA) globally. This course is accredited by IRCA, reference number 17279 - PR 320.

Prior Knowledge Requirements

Prior to attending this training course, learners must have knowledge of ISO/IEC 27001:2013 or acceptable equivalent standard and the following information security management principles and concepts:

  • Management Systems.
  • Understand the Plan-Do-Check-Act (PDCA) cycle.
  • Information Security Management.
  • Knowledge of the following security management principles and concepts:
  • Awareness of the need for information security.
  • The assignment of responsibility for information security.
  • Incorporating management commitment and the interests of stakeholders.
  • Enhancing societal values.
  • Understanding the results of risk assessments to determine appropriate controls to reach acceptable levels of risk.
  • Incorporating security as an essential element of information networks and systems; the active prevention and detection of information security incidents.
  • Enduring a comprehensive approach to information security management.
  • Continual reassessment of information security and making modifications as appropriate.

Trusted ISO 27001 Lead auditor training from a leading course provider

Our courses are delivered by tutors who are information security management system experts and experienced trainers. Your knowledge and skills will be developed through an interactive and practical approach to learning. Case study materials and role-play exercises are used to develop and practice skills in all phases of auditing. Participants are continually assessed and required to complete an end-of-course written examination.


An ISMS compliant with these requirements allows organizations to examine and control information security risks, threats and vulnerabilities.

What will you learn on our ISO 27001 lead auditor course?
On training completion you will be able to:

  • Explain the purpose of an Information Security Management System (ISMS) and explain the processes involved in establishing, implementing, operating and monitoring, reviewing and improving an ISMS as defined in ISO 27001, including the significance of these for ISMS auditors
  • Explain the purpose, content and interrelationship of ISO 27001 to other relevant standards and the legislative framework relevant to an ISMS
  • Apply an in-depth knowledge of the ISO 27001 audit and certification process
  • Have the skills and knowledge needed to conduct third party audits against the requirements of the ISO 27001 Information Security Management Systems and to report and follow-up the results

Please note: Participants should have some prior experience of Information Security Management or ISO 27001 before attending this training.


This course provides an opportunity for Information Security professionals to update their skills in interactive and supportive surroundings.

Case study materials and role-play exercises are used to develop and practice skills in all phases of auditing. Participants are continually assessed and required to complete a midcourse test along with an end-of-course written examination.