Unlock Your ISO Potential Take the Quiz

New Course ROI Now Open!

ISO 14001:2026 Transition today!

Access to Course Content:12 Months from the date of enrolment
Competency Units: Exemplar Global AU26 Auditing Management Systems
Exemplar Global TL26 Leading Management System Audit Teams
Exemplar Global ISMS Information Security Management Systems
Exemplar Global - PIMS Privacy Information Management Systems Auditing
Exemplar Global AI Artificial Intelligence Management Systems Auditing
Certificate Type: Certificate of Attainment - TPECS

Lead auditor capability across security, privacy, and AI.

Behind every organisation trusted with data, there is someone who can look at its security controls, its privacy practices, and now its AI systems, and determine whether that trust is earned. That person could be you.

This bundle is complete ISO lead auditor training for the disciplines boards are asking hardest about. The Management Systems Auditor course builds your management system auditing foundation to ISO 19011:2026, with remote auditing methods from ISO/IEC TS 17012:2024 integrated throughout. Three specialist courses then take you inside the digital trust standards one at a time: ISO/IEC 27001 for information security, ISO/IEC 27701 for privacy information management, and ISO/IEC 42001 for artificial intelligence management systems. Because all three share the same core management system structure, each course builds directly on the last.

The bundle is open to everyone, and it is built for compliance career development at any stage. No prior auditing, security, privacy, or AI experience is needed, whether you are starting fresh or formalising skills you already use across governance, risk, and compliance work.

The management system auditing methodology you build here also transfers across legislative and regulatory compliance contexts, from privacy regulation through to emerging AI governance frameworks.

You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 and TL26 for Management Systems Auditor, then IS, PIMS, and AIMS as you complete each specialist course. Your professional auditing credentials build with every stage of the pathway.


Who this bundle is for

Digital trust is where three careers are converging: the security people are being asked about privacy, the privacy people are being asked about AI, and everyone is being asked for evidence. This bundle is built for people who want to be credible across all three conversations, with the lead auditor certification to prove it:

  • Newcomers building a compliance and auditing career in the fastest-moving corner of the profession
  • Internal auditors extending first-party audit scope across security, privacy, and AI
  • IT, security, privacy, and GRC professionals formalising the audit side of their role
  • Aspiring external and certification auditors building a digital trust audit portfolio
  • Consultants advising clients across ISO 27001, ISO 27701, and ISO 42001 conformance
  • Data protection officers and AI governance leads who need recognised auditing capability behind their advice
  • Teams and organisations building in-house digital trust audit capability, with group enrolment available through ATOL corporate training
  • Anyone building toward Exemplar Global Lead Auditor personnel certification across the data trust disciplines

Already completed Management Systems Auditor?

If you already hold your AU26 and TL26 Exemplar Global competency units, consider the Data Trust Integrated Management System Specialist course, which covers the ISO 27001, ISO 27701, and ISO 42001 content without repeating the auditing foundation.


What you'll be able to do after this bundle

Professional auditing credentials matter most when they map to what you can actually do. By the time you complete all four courses, you will be able to:

  • Plan, conduct, and lead management system audits using a consistent ISO 19011:2026 methodology
  • Lead an audit team through every stage of an audit, from initiation and planning through to reporting and corrective action follow-up
  • Interpret ISO/IEC 27001 clause by clause, from ISMS scope and risk treatment through the role of Annex A
  • Evaluate how an organisation manages privacy information under ISO/IEC 27701, including the distinct obligations of PII controllers and processors
  • Audit how AI systems are governed under ISO/IEC 42001, from AI policy and risk assessment through impact considerations and operational control
  • Move between the three disciplines efficiently, using the shared management system structure to focus on what each standard adds
  • Audit effectively in on-site, remote, and hybrid environments using ISO/IEC TS 17012:2024 methods
  • Demonstrate five Exemplar Global competency units spanning auditing, security, privacy, and AI to employers, clients, and certification bodies

What you'll learn

Four courses, one structured learning pathway. Each theme below builds on the one before it.

Auditing any management system with confidence

Before you can audit security, privacy, or AI effectively, you need to understand how auditing works. The Management Systems Auditor course builds that foundation using ISO 19011:2026 and ISO/IEC TS 17012:2024 for remote auditing. You will learn the seven auditing principles, how to plan and manage an audit programme, collect and evaluate evidence, run opening and closing meetings, document findings, and lead a team through a complete audit from initiation to follow-up.

Securing information with ISO 27001

The information security course takes you through ISO/IEC 27001 clause by clause: ISMS scope and context, leadership and the information security policy, risk assessment and risk treatment, operational control, performance evaluation, and improvement, plus the role Annex A plays in control selection. This is the anchor standard for the whole pathway; the privacy and AI standards both build on the structure you master here.

Protecting privacy with ISO 27701

ISO/IEC 27701 extends the information security framework into privacy information management. You will learn how privacy risk differs from security risk, the distinct obligations of PII controllers and processors, and how privacy objectives, operational controls, and performance evaluation work when regulators and data subjects are the interested parties that matter.

Governing AI with ISO 42001

ISO/IEC 42001 is the first certifiable management system standard for artificial intelligence, and organisations are moving on it quickly. You will learn what an AI management system is, how AI policy, risk, and impact considerations shape planning, and how operational control, performance evaluation, and improvement apply when the system being governed learns and changes.

For the full module-by-module breakdown across both courses, see the Modules tab above.


Tools and resources included

From Management Systems Auditor (ISO 19011:2026)
Programme and planning
  • Audit Programme Objectives Guide
  • Audit Programme Template
  • Audit Programme Register
  • Audit Preparation Toolkit (initiation checklist, audit plan template, timetable template, and audit checklist template)
Fieldwork and evidence
  • Opening Meeting Checklist
  • Audit Working Papers and Evidence Notes Template
  • Recording Audit Findings resource
Closing and reporting
  • Closing Meeting Preparation Checklist
  • Closing Meeting Checklist
  • Audit Report Template (aligned to ISO 19011:2026 Clause 6.5, including remote auditing documentation)
  • Corrective Action Follow-up Record
Competence and evaluation
  • Auditor Competency Log
  • Auditor Evaluation Toolkit

 

Management Systems Auditor (ISO 19011:2026) Content Modules

Module 1

Management System Auditing Fundamentals (Clauses 1 to 4)
The foundation of ISO 19011:2026: scope, normative references, and key terms, then the principles of auditing in Clause 4, from integrity, fair presentation, due professional care, confidentiality, and independence through to the evidence-based approach. Each principle is paired with practical content showing how it plays out in real audits.

Module 2

Managing an Audit Programme (Clause 5)
How to establish, implement, monitor, review, and improve an audit programme: setting programme objectives, evaluating programme risks and opportunities, the roles and competence of the people managing the programme, programme scope and resources.

Module 3

Planning the Audit (Clauses 6.1 to 6.3)
Initiating the audit and preparing audit activities: reviewing documented information, audit planning, assigning work to the audit team, and preparing the documented information you will carry into the audit.

Module 4

Conducting the Audit (Clauses 6.4.1 to 6.4.7)
The fieldwork phase: the roles of guides and observers, running the opening meeting, communicating during the audit, providing access to audit information, reviewing documented information while auditing, and collecting and verifying the information that becomes your audit evidence.

Module 5

Determining Audit Findings (Clause 6.4.8)
How verified audit evidence is evaluated against the audit criteria to generate findings, including documenting conformity and nonconformity and applying the process in practice with the included tools.

Module 6

Concluding the Audit (Clauses 6.4.9 to 6.7)
Bringing the audit home: determining audit conclusions, conducting the closing meeting, preparing and distributing the audit report in line with Clause 6.5, completing the audit, and conducting audit follow-up.

Module 7

Competence and Evaluation of Auditors (Clause 7)
What it takes to be and remain a competent auditor and audit team leader: personal behaviour, generic and discipline-specific knowledge and skills, achieving auditor and audit team leader competence, and establishing auditor evaluation criteria and methods.

ISO 27001:2025 Quality Management Systems Specialist Course Modules

The Information Security Management Systems Specialist course (Exemplar Global – ISMS) is internationally recognized. It is 100% online, and you complete it at your own pace.

Topics and clauses covered:  
Introduction to ISO 27001 Clause 1 Scope and 2 Normative References
Clause 3 Terms and definitions Clause 4 Context of the organization
Clause 5 Leadership and worker participation Clause 6 Planning
Clause 7 Support Clause 8 Operation
Clause 9 Performance evaluation Clause 10 Improvement

 

ISO/IEC 27701:2025 Privacy Information Management Systems Specialist Modules

This course provides a structured understanding of ISO/IEC 27701 and the implementation of a Privacy Information Management System (PIMS), guiding learners through each clause to effectively manage and protect personally identifiable information (PII).

Lesson Summary of Module Content
Introduction to ISO/IEC 27701 & PIMS Provides an overview of ISO/IEC 27701, the PIMS framework, and key concepts such as PDCA and risk-based thinking.
Clause 4 – Context of the Organization Explains how to identify internal and external factors, interested parties, and define the scope of the PIMS.
Clause 5 – Leadership Covers top management’s role in establishing policies, assigning responsibilities, and supporting the PIMS.
Clause 6 – Planning Focuses on identifying privacy risks and opportunities, setting objectives, and planning actions to address them.
Clause 7 – Support Describes the resources, competence, awareness, communication, and documented information required for the PIMS.
Clause 8 – Operation Details how to plan, implement, and control processes for managing and protecting PII.
Clause 9 – Performance Evaluation Explains how to monitor, measure, audit, and review the effectiveness of the PIMS.
Clause 10 – Improvement Focuses on continual improvement through corrective actions and managing nonconformities.

 

ISO 42001:2023 Quality Management Systems Specialist Course Modules

ATOL courses are broken up into a series of modules followed by related assessments completed as part of the learning, step-by-step, module-by-module. You can exit and re-enter your course at any point without losing your place.

This course consists of the following modules: 

Topics and clauses covered:  
Introduction to ISO 42001:2023 Clause 1 Scope and 2 Normative References
Clause 3 Terms and definitions Clause 4 Context of the organization
Clause 5 Leadership and worker participation Clause 6 Planning
Clause 7 Support Clause 8 Operation
Clause 9 Performance evaluation Clause 10 Improvement

Knowledge checks throughout

Every module across all four courses includes knowledge checks that reinforce your understanding before you move on. These are non-graded and can be revisited as often as you like, with instant feedback.

Practical, audit-based learning in Management Systems Auditor

In the Management Systems Auditor course, your learning is reinforced through practical audit activities using the included templates, including an audit plan, working papers, findings record, and audit report. You build genuine audit documentation as you progress, not just answer questions about auditing.

Applying the standards in the specialist courses

In the ISO 27001, ISO 27701, and ISO 42001 specialist courses, assessment focuses on applying each standard's requirements clause by clause. Note: the content exports do not state the exact assessment format or pass marks for these courses. Confirm these details against the course builds before this section is published.

Statements of Attainment and your Credly credentials

On successful completion of all assessment requirements for each course, you will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units. Your Credly digital credentials build across the pathway as each course completes.

Four courses completed in a fixed order: Management Systems Auditor (ISO 19011:2026), Information Security Management Systems Specialist (ISO/IEC 27001), Privacy Information Management Systems Specialist (ISO/IEC 27701), then Artificial Intelligence Management Systems Specialist (ISO/IEC 42001).
No. However, even though the order is not fixed, we recommend you start with Management Systems Auditor, then move to the specialist content ISO 27001 Information Security, followed by ISO 27701 which extends the information security framework into privacy and assumes familiarity. ISO 42001 completes the pathway. Each course builds directly on the one before it.
You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 Auditing Management Systems and TL26 Leading Management System Audit Teams for the Management Systems Auditor course, then IS, PIMS, and AIMS as you complete each specialist course. Your Credly digital credentials build across the pathway as each course completes.
Yes. The Management Systems Auditor course covers the AU26 and TL26 Exemplar Global competency units, the complete lead auditor certification foundation as defined in ISO 19011:2026. The three specialist courses extend that capability across information security, privacy, and AI, which is what makes this pathway different from single-standard ISO certification courses.
No. This bundle is open entry with no prerequisites. It works whether you are completely new to auditing and the digital trust disciplines, or you have existing governance, risk, and compliance experience you want to formalise with professional auditing credentials.
Because organisations no longer manage them separately. The same data flows through security controls, privacy obligations, and AI systems, and boards increasingly want one view of whether it is all under control. Auditors who can work across ISO 27001, ISO 27701, and ISO 42001 can answer that question end to end, and the three standards share enough structure that learning them together is faster than learning them apart.
The bundle covers ISO 19011:2026, ISO/IEC TS 17012:2024, ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 42001. The management system auditing methodology you build also transfers to other structured audit and compliance contexts, including but not limited to privacy regulation, AI governance frameworks, and legislative compliance auditing.
Yes. The 16 audit tools from the Management Systems Auditor course are built around the audit process itself rather than any single standard, so they apply directly to security, privacy, and AI audit activities without modification.
Yes. ATOL delivers corporate and group training for organisations building in-house audit and compliance capability, from small teams to enterprise rollouts, with progress visibility across the group. Talk to our team about group enrolment: https://auditortrainingonline.com/home/corporate
Fully online and self-paced. All four courses include video and audio content, written material, practical tools, and knowledge checks throughout. No live sessions or scheduled attendance required, which also makes it practical compliance training to roll out across teams in different locations and time zones.
The full bundle is equivalent to approximately 64 hours of full-time study, around 8 days, across the four courses. Because everything is self-paced, you can spread it over any timeframe that works for you.
Full access to all four courses, 31 modules in total, 16 downloadable audit tools and templates, knowledge checks throughout, and access to the ATOL Community, a private network of auditing professionals. Credentials are issued as you complete each course. The full list of tools is on this page above.
You will hold five Exemplar Global competency units spanning auditing, security, privacy, and AI, one of the strongest positions for professional development in ISO management systems right now. From there, many graduates extend into quality, safety, and environment through the Integrated Management Systems pathway, or deepen their leadership of first-party programmes with the Internal Audit Leadership focus course.
No prerequisites required

$2,195.00 USD

This course includes:

  • Management Systems Auditor (ISO 19011:2026)
  • ISO 27001 Information Security Management Systems Specialist
  • ISO/IEC 27701:2025 Privacy Information Management Systems Specialist
  • ISO 42001 AI Management Systems Specialist
Enrol Now Enquire about this course

Course details:

  • icon
    Bundle
  • icon
    Approx 64 hours full-time study*
  • icon
    Exemplar Global Internationally & Industry Recognized
  • icon
    Standard: ISO 19011:2026, ISO 27001:2022, ISO 27701:2025 and ISO 42001:2023
  • icon
    No prerequisites required

* All ATOL courses are delivered in such a way you can work through them at your own pace, the actual time to complete the training may change depending on the individual learners' experience and/or learning style