ISO 27001:2022 Internal Auditor (ISMS)

Develop critical auditing skills aligned with ISO 19011 and ISO 27001.

Expand All

The ISO 27001:2022 Internal Auditor (ISMS) course is designed to equip learners with the essential knowledge and practical skills to audit Information Security Management Systems effectively. Delivered in association with CQI and IRCA Approved Training Partner Antaris, the course is aligned with international best practices and provides a pathway to globally recognised auditing credentials. It offers participants a comprehensive understanding of ISO 27001:2022 requirements and the auditing process based on ISO 19011.

With evolving cyber threats and the critical importance of safeguarding information, this training helps organisations assess, improve and maintain their ISMS frameworks. Through practical exercises and expert instruction, learners gain the confidence to conduct meaningful audits that drive continuous improvement and compliance.

ISO/IEC 27001:2022 introduced significant updates, including a streamlined set of 93 controls in Annex A (down from 114), now aligned with ISO/IEC 27002:2022. These changes reflect a more flexible and risk-focused approach to information security.

This course provides a blend of theoretical and hands-on learning aligned with the auditing of ISMS under ISO 27001. Topics include:

Introduction to ISO 27001 and Annex A
Understanding Annex A Information security controls
Terminology and definitions
ISMS context, leadership, planning and operations
Statement of Applicability and risk assessment
Awareness, training and continuous improvement
Internal audit process and ISO 19011
Competencies and responsibilities of internal auditors
Audit planning, preparation, checklists
Interviewing and evidence collection
Reporting, follow-up and corrective actions

Learners participate in a practical internal audit exercise using realistic scenarios. Content can be tailored for in-company delivery.

This programme is designed for anyone involved in the auditing, management, or implementation of an Information Security Management System (ISMS) that conforms to ISO 27001:2022. It is equally valuable for those who are new to auditing and for experienced auditors who wish to strengthen their skills.

It will benefit individuals who:

Conduct, plan, or support internal audits of an ISMS
Manage, maintain, or implement ISO 27001:2022 quality systems
Need to identify and address gaps in system effectiveness to support compliance
Carry out supplier or external audits on behalf of their organisation

Typical participants include ISMS Internal Auditors, IT Security professionals, DPO, Compliance and risk officers, Quality Managers and governance managers.

English Language Competency
A good standard of written and spoken English is important to engage effectively with this programme.

On successful completion of this course, learners will be able to:

Explain the principles and requirements of ISO 27001:2022
Describe the roles and responsibilities of internal auditors
Plan and prepare internal ISMS audits using audit checklists
Conduct audits using effective questioning and evidence-gathering techniques
Report findings clearly and objectively
Follow up on corrective actions
Apply ISO 19011 auditing guidelines within an ISO 27001 context

These outcomes ensure learners can immediately contribute to ISMS auditing and improvement within their organisations.

Gerry Higgins

With extensive experience of implementing quality, environmenta...

Read More

CQI IRCA recommend learners have the following prior knowledge:

Understanding of the Plan-Do-Check-Act (PDCA) cycle
Basic knowledge of ISO 27001 concepts and terminology
Familiarity with the requirements of  ISO 27001

These foundational concepts are essential for keeping pace with the course content. Without them, learners may struggle to engage fully with the material and audit methodologies introduced throughout the programme.

Learners are assessed through continuous participation and an end-of-course multiple-choice assessment. Assessment includes:

Role-plays and simulations
Case studies and documentation review
Practical audit exercises
Final knowledge check via multiple-choice questions

Full attendance and active engagement are essential for successful completion.

Our training approach is practical, highly interactive and discussion-based, with flexibility to meet organisational needs:

Pre-training consultation to align with your ISMS system (for in-company courses)
Where appropriate, exercises incorporate the organisation’s own ISMS documentation, offering learners the opportunity to practise audit techniques in a relevant and realistic setting. This hands-on approach culminates in a tutor-supervised internal audit, reinforcing practical application and embedding core learning outcomes.
Real-time support from expert tutors

Class sizes are generally limited to 10 - 12 to support personalised learning and individual support.

Certified by CQI IRCA, Course ID Number: 2140
Delivered in association with Antaris, a CQI IRCA Approved Training Partner

Certification demonstrates ISO 27001 audit competence and supports professional recognition and organisational assurance.

This course forms part of a broader learning journey in auditing and information security. Possible next steps include:

ISO 27001:2022 Lead Auditor Training
ISO 27701 Data Privacy Extension Courses

Advance your capability and contribute to secure and compliant operations.

Collapse All

Download brochure

Snapshot

Accreditation

This Programme (PT218) is presented by Antaris (01185832)

CQI and IRCA Certified - Programme Ref 2140

Online Learning FAQ >

Course Code

IS001

Duration

2 training days

Public Price

+ €31 for CQI IRCA Course Certification
(includes course documentation)

Delivery Mode

This programme is delivered by or In-Company training

stdClass Object
(
    [primary_category] => Information Security
    [primary_slug] => information-security
    [categories_slugs] => Array
        (
            [0] => auditing
            [1] => information-security
        )

    [parent_categories_slugs] => Array
        (
            [0] => quality-training-courses
            [1] => compliance-standards-auditing
        )

)

News & Updates

Why Your Business Needs ISO 27001:2017 Internal Auditor Training

The last thing you want to do in this climate is to neglect your responsibilities when it comes to GDPR. Read our interview where Gemma Creagh from Careers Unli...