Unlock Your ISO Potential Take the Quiz

New Course ROI Now Open!

ISO 14001:2026 Transition today!

Access to Course Content:12 Months from the date of enrolment
Competency Units: Exemplar Global AU26 Auditing Management Systems
Exemplar Global TL26 Leading Management System Audit Teams
Exemplar Global ISMS Information Security Management Systems
Certificate Type: Certificate of Attainment - TPECS

Lead Auditor capability plus ISO 27001 information security expertise.

Behind every ISO 27001 certificate, every passed client security review, and every regulator satisfied that data is under control, there is someone who knew how to ask the right questions, follow the evidence, and determine whether the security controls actually work. That person could be you.

This bundle is the complete pathway: recognised auditor training plus specialist depth in a discipline where demand keeps climbing. The Management Systems Auditor course builds your auditing foundation to ISO 19011:2026, with remote auditing methods from ISO/IEC TS 17012:2024 integrated throughout. The Information Security Management Systems Specialist course then takes you inside ISO/IEC 27001:2022 clause by clause, from ISMS scope and leadership through risk assessment, risk treatment, and the role of Annex A.

The bundle is open to everyone. No prior auditing or IT security experience is needed, and it works whether you are starting from scratch or formalising skills you already use at work.

The auditing methodology you build here also transfers to other structured audit contexts, including but not limited to the NDIS Practice Standards, NHVAS, and legislative compliance auditing.

You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 and TL26 for Management Systems Auditor, and IS for the specialist course. When both courses are complete, you receive the MS Auditor + 27001 Specialist Digital Credential.


Who this bundle is for

Information security auditing sounds like a field reserved for career technologists. It is not. The auditors organisations trust with their ISMS come from all sorts of backgrounds: IT, compliance, operations, and plenty who started somewhere else entirely. What they share is the ability to examine a system objectively and back every finding with evidence. If any of these sound like you, or like the person you plan to become, this bundle was built for you:

  • Newcomers building an auditing career with an information security specialisation from day one
  • Internal auditors who want to add ISMS audits to their first-party audit scope
  • IT, security, and GRC professionals formalising the audit side of their role
  • Aspiring external and certification auditors building an information security audit portfolio
  • Consultants who need to audit and advise clients on ISO 27001 conformance
  • Supply chain and second-party auditors evaluating the security posture of suppliers and partners
  • Anyone building toward Exemplar Global Lead Auditor personnel certification with an information security focus

Already completed Management Systems Auditor?

If you already hold your AU26 and TL26 Exemplar Global competency units, consider enrolling in the Information Security Management Systems Specialist course on its own.

What you'll be able to do after this bundle

Credentials open the door, but what builds a career is what you can walk in and do. Complete both courses and you will be able to:

  • Plan, conduct, and lead management system audits using a consistent ISO 19011:2026 methodology
  • Lead an audit team through every stage of an audit, from initiation and planning through to reporting and corrective action follow-up
  • Interpret ISO/IEC 27001:2022 clause by clause, knowing what conformance looks like and where the common gaps appear
  • Evaluate how an organisation identifies, assesses, and treats its information security risks
  • Understand the role of Annex A and how control selection connects to the risk treatment process
  • Audit effectively in on-site, remote, and hybrid environments using ISO/IEC TS 17012:2024 methods
  • Write audit findings and reports that are clear, accurate, fair, and useful to the organisation
  • Demonstrate three Exemplar Global competency units and a Digital Credential to employers, clients, and certification bodies

What you'll learn

Two courses, one structured learning pathway. Each theme below builds on the one before it.

Auditing any management system with confidence

Before you can audit information security effectively, you need to understand how auditing works. The Management Systems Auditor course builds that foundation using ISO 19011:2026 and ISO/IEC TS 17012:2024 for remote auditing. You will learn the seven auditing principles, how to plan and manage an audit programme, collect and evaluate evidence, run opening and closing meetings, document findings, and lead a team through a complete audit from initiation to follow-up.

How an information security management system actually works

An ISMS is how an organisation protects the confidentiality, integrity, and availability of its information in a deliberate, repeatable way. You will learn the structure ISO/IEC 27001:2022 shares with other ISO management system standards, the PDCA cycle and risk-based thinking that drive it, the information security management principles behind the requirements, and where Annex A and the wider ISO 27000 family fit.

Auditing the requirements of ISO 27001:2022

The specialist course works through the standard clause by clause: defining ISMS scope and context, leadership and the information security policy, risk assessment and risk treatment, competence and documented information, operational control, performance evaluation, and improvement. You will finish knowing what evidence to look for against each requirement and where organisations most often fall short.

For the full module-by-module breakdown across both courses, see the Modules tab above.

Tools and resources included

Programme and planning
  • Audit Programme Objectives Guide
  • Audit Programme Template
  • Audit Programme Register
  • Audit Preparation Toolkit (initiation checklist, audit plan template, timetable template, and audit checklist template)
Fieldwork and evidence
  • Opening Meeting Checklist
  • Audit Working Papers and Evidence Notes Template
  • Recording Audit Findings resource
Closing and reporting
  • Closing Meeting Preparation Checklist
  • Closing Meeting Checklist
  • Audit Report Template (aligned to ISO 19011:2026 Clause 6.5, including remote auditing documentation)
  • Corrective Action Follow-up Record
Competence and evaluation
  • Auditor Competency Log
  • Auditor Evaluation Toolkit

 

Management Systems Auditor (ISO 19011:2026) Content Modules

Module 1

Management System Auditing Fundamentals (Clauses 1 to 4)
The foundation of ISO 19011:2026: scope, normative references, and key terms, then the principles of auditing in Clause 4, from integrity, fair presentation, due professional care, confidentiality, and independence through to the evidence-based approach. Each principle is paired with practical content showing how it plays out in real audits.

Module 2

Managing an Audit Programme (Clause 5)
How to establish, implement, monitor, review, and improve an audit programme: setting programme objectives, evaluating programme risks and opportunities, the roles and competence of the people managing the programme, programme scope and resources.

Module 3

Planning the Audit (Clauses 6.1 to 6.3)
Initiating the audit and preparing audit activities: reviewing documented information, audit planning, assigning work to the audit team, and preparing the documented information you will carry into the audit.

Module 4

Conducting the Audit (Clauses 6.4.1 to 6.4.7)
The fieldwork phase: the roles of guides and observers, running the opening meeting, communicating during the audit, providing access to audit information, reviewing documented information while auditing, and collecting and verifying the information that becomes your audit evidence.

Module 5

Determining Audit Findings (Clause 6.4.8)
How verified audit evidence is evaluated against the audit criteria to generate findings, including documenting conformity and nonconformity and applying the process in practice with the included tools.

Module 6

Concluding the Audit (Clauses 6.4.9 to 6.7)
Bringing the audit home: determining audit conclusions, conducting the closing meeting, preparing and distributing the audit report in line with Clause 6.5, completing the audit, and conducting audit follow-up.

Module 7

Competence and Evaluation of Auditors (Clause 7)
What it takes to be and remain a competent auditor and audit team leader: personal behaviour, generic and discipline-specific knowledge and skills, achieving auditor and audit team leader competence, and establishing auditor evaluation criteria and methods.

ISO 27001:2025 Quality Management Systems Specialist Course Modules

The Information Security Management Systems Specialist course (Exemplar Global – ISMS) is internationally recognized. It is 100% online, and you complete it at your own pace.

Topics and clauses covered:  
Introduction to ISO 27001 Clause 1 Scope and 2 Normative References
Clause 3 Terms and definitions Clause 4 Context of the organization
Clause 5 Leadership and worker participation Clause 6 Planning
Clause 7 Support Clause 8 Operation
Clause 9 Performance evaluation Clause 10 Improvement

 

Knowledge checks throughout

Every module across both courses includes knowledge checks that reinforce your understanding before you move on. These are non-graded and can be revisited as often as you like, with instant feedback.

Practical, audit-based learning in Management Systems Auditor

In the Management Systems Auditor course, your learning is reinforced through practical audit activities using the included templates, including an audit plan, working papers, findings record, and audit report. You build genuine audit documentation as you progress, not just answer questions about auditing.

Applying the standard in the specialist course

In the Information Security Management Systems Specialist course, assessment focuses on applying ISO/IEC 27001:2022 requirements clause by clause. Note: the content export does not state the exact assessment format or pass marks for this course. Confirm these details against the course build before this section is published.

Statements of Attainment and the Digital Credential

On successful completion of all assessment requirements for each course, you will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units. Your MS Auditor + 27001 Specialist Digital Credential is issued when both courses are complete.

Two courses completed in a fixed order: Management Systems Auditor (ISO 19011:2026), then Information Security Management Systems Specialist (ISO 27001:2022).
No. However, even though the order is not fixed, we recommend you start with Management Systems Auditor, then move to the ISO 27001 specialist course. The specialist content uses the auditing language and methodology established in the first course, so completing them in sequence is what makes the specialist material click.
You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 Auditing Management Systems and TL26 Leading Management System Audit Teams for the Management Systems Auditor course, and IS Information Security Management Systems Specialist for the specialist course. When both courses are complete, you receive the MS Auditor + 27001 Specialist Digital Credential.
No. This bundle is open entry with no prerequisites. It works whether you are completely new to auditing and information security, or you have existing experience you want to formalise and extend.
Yes. The Management Systems Auditor course covers the AU26 and TL26 Exemplar Global competency units, which form the complete lead auditor foundation as defined in ISO 19011:2026. The specialist course extends that capability into information security.
This bundle covers ISO 19011:2026, ISO/IEC TS 17012:2024 and ISO 27001:2022. The auditing principles and techniques you develop can also be applied when auditing other ISO management system standards, legislative compliance auditing, or other industry programmes.
Yes, in context. The specialist course explains the role Annex A plays in ISO/IEC 27001:2022, how control selection connects to the risk treatment process, and where the wider ISO 27000 family of standards fits. The focus is on auditing the management system requirements in Clauses 4 to 10, with Annex A treated the way the standard treats it: as a reference set of controls rather than a checklist to memorise.
Yes. The 16 audit tools from the Management Systems Auditor course are built around the audit process itself rather than any single standard, so they apply directly to ISMS audits. You can use the audit programme, working papers, findings, and reporting templates for information security audit activities without modification.
Fully online and self-paced. Both courses include video and audio content, written material, practical tools, and knowledge checks throughout. No live sessions or scheduled attendance required.
The full bundle is equivalent to approximately 32 hours of full-time study, around four days, across both courses. Because everything is self-paced, you can spread it over any timeframe that works for you.
Full access to both courses, 15 modules in total, 16 downloadable audit tools and templates, knowledge checks throughout, and access to the ATOL Community, a private network of auditing professionals. Credentials are issued as you complete each course, with the Digital Credential issued when both are done. The full list of tools is on this page above.
You will hold three Exemplar Global competency units and a Digital Credential covering both auditing and information security. From there, many graduates extend into the Privacy Information Management Systems Specialist course (ISO/IEC 27701:2025) or the Data Trust Integrated Management System Specialist, which spans ISO 27001, ISO 27701, and ISO 42001.

No prerequisites. This bundle suits all experience levels, whether you are new to auditing and information security or building on existing experience.

This course is currently undergoing certification and will be available shortly.

Register Your Interest Enquire about this course

Course details:

  • icon
    Coming Soon
  • icon
    Approx 32 hours full-time study*
  • icon
    Exemplar Global Internationally & Industry Recognized
  • icon
    Standard: ISO 19011:2026 and ISO 27001:2022
  • icon
    This course has prerequisites

* All ATOL courses are delivered in such a way you can work through them at your own pace, the actual time to complete the training may change depending on the individual learners' experience and/or learning style