| Access to Course Content: | 12 Months from the date of enrolment |
| Competency Units: |
Exemplar Global AU26 Auditing Management Systems
Exemplar Global TL26 Leading Management System Audit Teams Exemplar Global ISMS Information Security Management Systems Exemplar Global - PIMS Privacy Information Management Systems Auditing Exemplar Global AI Artificial Intelligence Management Systems Auditing |
| Certificate Type: |
Certificate of Attainment - TPECS |
Lead auditor capability across security, privacy, and AI.
Behind every organisation trusted with data, there is someone who can look at its security controls, its privacy practices, and now its AI systems, and determine whether that trust is earned. That person could be you.
This bundle is complete ISO lead auditor training for the disciplines boards are asking hardest about. The Management Systems Auditor course builds your management system auditing foundation to ISO 19011:2026, with remote auditing methods from ISO/IEC TS 17012:2024 integrated throughout. Three specialist courses then take you inside the digital trust standards one at a time: ISO/IEC 27001 for information security, ISO/IEC 27701 for privacy information management, and ISO/IEC 42001 for artificial intelligence management systems. Because all three share the same core management system structure, each course builds directly on the last.
The bundle is open to everyone, and it is built for compliance career development at any stage. No prior auditing, security, privacy, or AI experience is needed, whether you are starting fresh or formalising skills you already use across governance, risk, and compliance work.
The management system auditing methodology you build here also transfers across legislative and regulatory compliance contexts, from privacy regulation through to emerging AI governance frameworks.
You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 and TL26 for Management Systems Auditor, then IS, PIMS, and AIMS as you complete each specialist course. Your professional auditing credentials build with every stage of the pathway.
Who this bundle is for
Digital trust is where three careers are converging: the security people are being asked about privacy, the privacy people are being asked about AI, and everyone is being asked for evidence. This bundle is built for people who want to be credible across all three conversations, with the lead auditor certification to prove it:
- Newcomers building a compliance and auditing career in the fastest-moving corner of the profession
- Internal auditors extending first-party audit scope across security, privacy, and AI
- IT, security, privacy, and GRC professionals formalising the audit side of their role
- Aspiring external and certification auditors building a digital trust audit portfolio
- Consultants advising clients across ISO 27001, ISO 27701, and ISO 42001 conformance
- Data protection officers and AI governance leads who need recognised auditing capability behind their advice
- Teams and organisations building in-house digital trust audit capability, with group enrolment available through ATOL corporate training
- Anyone building toward Exemplar Global Lead Auditor personnel certification across the data trust disciplines
Already completed Management Systems Auditor?
If you already hold your AU26 and TL26 Exemplar Global competency units, consider the Data Trust Integrated Management System Specialist course, which covers the ISO 27001, ISO 27701, and ISO 42001 content without repeating the auditing foundation.
What you'll be able to do after this bundle
Professional auditing credentials matter most when they map to what you can actually do. By the time you complete all four courses, you will be able to:
- Plan, conduct, and lead management system audits using a consistent ISO 19011:2026 methodology
- Lead an audit team through every stage of an audit, from initiation and planning through to reporting and corrective action follow-up
- Interpret ISO/IEC 27001 clause by clause, from ISMS scope and risk treatment through the role of Annex A
- Evaluate how an organisation manages privacy information under ISO/IEC 27701, including the distinct obligations of PII controllers and processors
- Audit how AI systems are governed under ISO/IEC 42001, from AI policy and risk assessment through impact considerations and operational control
- Move between the three disciplines efficiently, using the shared management system structure to focus on what each standard adds
- Audit effectively in on-site, remote, and hybrid environments using ISO/IEC TS 17012:2024 methods
- Demonstrate five Exemplar Global competency units spanning auditing, security, privacy, and AI to employers, clients, and certification bodies
What you'll learn
Four courses, one structured learning pathway. Each theme below builds on the one before it.
Auditing any management system with confidence
Before you can audit security, privacy, or AI effectively, you need to understand how auditing works. The Management Systems Auditor course builds that foundation using ISO 19011:2026 and ISO/IEC TS 17012:2024 for remote auditing. You will learn the seven auditing principles, how to plan and manage an audit programme, collect and evaluate evidence, run opening and closing meetings, document findings, and lead a team through a complete audit from initiation to follow-up.
Securing information with ISO 27001
The information security course takes you through ISO/IEC 27001 clause by clause: ISMS scope and context, leadership and the information security policy, risk assessment and risk treatment, operational control, performance evaluation, and improvement, plus the role Annex A plays in control selection. This is the anchor standard for the whole pathway; the privacy and AI standards both build on the structure you master here.
Protecting privacy with ISO 27701
ISO/IEC 27701 extends the information security framework into privacy information management. You will learn how privacy risk differs from security risk, the distinct obligations of PII controllers and processors, and how privacy objectives, operational controls, and performance evaluation work when regulators and data subjects are the interested parties that matter.
Governing AI with ISO 42001
ISO/IEC 42001 is the first certifiable management system standard for artificial intelligence, and organisations are moving on it quickly. You will learn what an AI management system is, how AI policy, risk, and impact considerations shape planning, and how operational control, performance evaluation, and improvement apply when the system being governed learns and changes.
For the full module-by-module breakdown across both courses, see the Modules tab above.
Tools and resources included
| From Management Systems Auditor (ISO 19011:2026) | |
| Programme and planning |
|
| Fieldwork and evidence |
|
| Closing and reporting |
|
| Competence and evaluation |
|
Discover more about this course:
Management Systems Auditor (ISO 19011:2026) Content Modules
| Module 1 |
Management System Auditing Fundamentals (Clauses 1 to 4) |
| Module 2 |
Managing an Audit Programme (Clause 5) |
| Module 3 |
Planning the Audit (Clauses 6.1 to 6.3) |
| Module 4 |
Conducting the Audit (Clauses 6.4.1 to 6.4.7) |
| Module 5 |
Determining Audit Findings (Clause 6.4.8) |
| Module 6 |
Concluding the Audit (Clauses 6.4.9 to 6.7) |
| Module 7 |
Competence and Evaluation of Auditors (Clause 7) |
ISO 27001:2025 Quality Management Systems Specialist Course Modules
The Information Security Management Systems Specialist course (Exemplar Global – ISMS) is internationally recognized. It is 100% online, and you complete it at your own pace.
| Topics and clauses covered: | |
|---|---|
| Introduction to ISO 27001 | Clause 1 Scope and 2 Normative References |
| Clause 3 Terms and definitions | Clause 4 Context of the organization |
| Clause 5 Leadership and worker participation | Clause 6 Planning |
| Clause 7 Support | Clause 8 Operation |
| Clause 9 Performance evaluation | Clause 10 Improvement |
ISO/IEC 27701:2025 Privacy Information Management Systems Specialist Modules
This course provides a structured understanding of ISO/IEC 27701 and the implementation of a Privacy Information Management System (PIMS), guiding learners through each clause to effectively manage and protect personally identifiable information (PII).
| Lesson | Summary of Module Content |
|---|---|
| Introduction to ISO/IEC 27701 & PIMS | Provides an overview of ISO/IEC 27701, the PIMS framework, and key concepts such as PDCA and risk-based thinking. |
| Clause 4 – Context of the Organization | Explains how to identify internal and external factors, interested parties, and define the scope of the PIMS. |
| Clause 5 – Leadership | Covers top management’s role in establishing policies, assigning responsibilities, and supporting the PIMS. |
| Clause 6 – Planning | Focuses on identifying privacy risks and opportunities, setting objectives, and planning actions to address them. |
| Clause 7 – Support | Describes the resources, competence, awareness, communication, and documented information required for the PIMS. |
| Clause 8 – Operation | Details how to plan, implement, and control processes for managing and protecting PII. |
| Clause 9 – Performance Evaluation | Explains how to monitor, measure, audit, and review the effectiveness of the PIMS. |
| Clause 10 – Improvement | Focuses on continual improvement through corrective actions and managing nonconformities. |
ISO 42001:2023 Quality Management Systems Specialist Course Modules
ATOL courses are broken up into a series of modules followed by related assessments completed as part of the learning, step-by-step, module-by-module. You can exit and re-enter your course at any point without losing your place.
This course consists of the following modules:
| Topics and clauses covered: | |
|---|---|
| Introduction to ISO 42001:2023 | Clause 1 Scope and 2 Normative References |
| Clause 3 Terms and definitions | Clause 4 Context of the organization |
| Clause 5 Leadership and worker participation | Clause 6 Planning |
| Clause 7 Support | Clause 8 Operation |
| Clause 9 Performance evaluation | Clause 10 Improvement |
Knowledge checks throughout
Every module across all four courses includes knowledge checks that reinforce your understanding before you move on. These are non-graded and can be revisited as often as you like, with instant feedback.
Practical, audit-based learning in Management Systems Auditor
In the Management Systems Auditor course, your learning is reinforced through practical audit activities using the included templates, including an audit plan, working papers, findings record, and audit report. You build genuine audit documentation as you progress, not just answer questions about auditing.
Applying the standards in the specialist courses
In the ISO 27001, ISO 27701, and ISO 42001 specialist courses, assessment focuses on applying each standard's requirements clause by clause. Note: the content exports do not state the exact assessment format or pass marks for these courses. Confirm these details against the course builds before this section is published.
Statements of Attainment and your Credly credentials
On successful completion of all assessment requirements for each course, you will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units. Your Credly digital credentials build across the pathway as each course completes.
$2,195.00 USD
This course includes:
- Management Systems Auditor (ISO 19011:2026)
- ISO 27001 Information Security Management Systems Specialist
- ISO/IEC 27701:2025 Privacy Information Management Systems Specialist
- ISO 42001 AI Management Systems Specialist
Course details:
-
Bundle
-
Approx 64 hours full-time study*
-
Exemplar Global Internationally & Industry Recognized
-
Standard: ISO 19011:2026, ISO 27001:2022, ISO 27701:2025 and ISO 42001:2023
-
No prerequisites required
* All ATOL courses are delivered in such a way you can work through them at your own pace, the actual time to complete the training may change depending on the individual learners' experience and/or learning style



NO PREREQUISITES