| Access to Course Content: | 12 Months from the date of enrolment |
| Competency Units: |
Exemplar Global AU26 Auditing Management Systems
Exemplar Global TL26 Leading Management System Audit Teams Exemplar Global ISMS Information Security Management Systems |
| Certificate Type: |
Certificate of Attainment - TPECS |
Lead Auditor capability plus ISO 27001 information security expertise.
Behind every ISO 27001 certificate, every passed client security review, and every regulator satisfied that data is under control, there is someone who knew how to ask the right questions, follow the evidence, and determine whether the security controls actually work. That person could be you.
This bundle is the complete pathway: recognised auditor training plus specialist depth in a discipline where demand keeps climbing. The Management Systems Auditor course builds your auditing foundation to ISO 19011:2026, with remote auditing methods from ISO/IEC TS 17012:2024 integrated throughout. The Information Security Management Systems Specialist course then takes you inside ISO/IEC 27001:2022 clause by clause, from ISMS scope and leadership through risk assessment, risk treatment, and the role of Annex A.
The bundle is open to everyone. No prior auditing or IT security experience is needed, and it works whether you are starting from scratch or formalising skills you already use at work.
The auditing methodology you build here also transfers to other structured audit contexts, including but not limited to the NDIS Practice Standards, NHVAS, and legislative compliance auditing.
You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 and TL26 for Management Systems Auditor, and IS for the specialist course. When both courses are complete, you receive the MS Auditor + 27001 Specialist Digital Credential.
Who this bundle is for
Information security auditing sounds like a field reserved for career technologists. It is not. The auditors organisations trust with their ISMS come from all sorts of backgrounds: IT, compliance, operations, and plenty who started somewhere else entirely. What they share is the ability to examine a system objectively and back every finding with evidence. If any of these sound like you, or like the person you plan to become, this bundle was built for you:
- Newcomers building an auditing career with an information security specialisation from day one
- Internal auditors who want to add ISMS audits to their first-party audit scope
- IT, security, and GRC professionals formalising the audit side of their role
- Aspiring external and certification auditors building an information security audit portfolio
- Consultants who need to audit and advise clients on ISO 27001 conformance
- Supply chain and second-party auditors evaluating the security posture of suppliers and partners
- Anyone building toward Exemplar Global Lead Auditor personnel certification with an information security focus
Already completed Management Systems Auditor?
If you already hold your AU26 and TL26 Exemplar Global competency units, consider enrolling in the Information Security Management Systems Specialist course on its own.
What you'll be able to do after this bundle
Credentials open the door, but what builds a career is what you can walk in and do. Complete both courses and you will be able to:
- Plan, conduct, and lead management system audits using a consistent ISO 19011:2026 methodology
- Lead an audit team through every stage of an audit, from initiation and planning through to reporting and corrective action follow-up
- Interpret ISO/IEC 27001:2022 clause by clause, knowing what conformance looks like and where the common gaps appear
- Evaluate how an organisation identifies, assesses, and treats its information security risks
- Understand the role of Annex A and how control selection connects to the risk treatment process
- Audit effectively in on-site, remote, and hybrid environments using ISO/IEC TS 17012:2024 methods
- Write audit findings and reports that are clear, accurate, fair, and useful to the organisation
- Demonstrate three Exemplar Global competency units and a Digital Credential to employers, clients, and certification bodies
What you'll learn
Two courses, one structured learning pathway. Each theme below builds on the one before it.
Auditing any management system with confidence
Before you can audit information security effectively, you need to understand how auditing works. The Management Systems Auditor course builds that foundation using ISO 19011:2026 and ISO/IEC TS 17012:2024 for remote auditing. You will learn the seven auditing principles, how to plan and manage an audit programme, collect and evaluate evidence, run opening and closing meetings, document findings, and lead a team through a complete audit from initiation to follow-up.
How an information security management system actually works
An ISMS is how an organisation protects the confidentiality, integrity, and availability of its information in a deliberate, repeatable way. You will learn the structure ISO/IEC 27001:2022 shares with other ISO management system standards, the PDCA cycle and risk-based thinking that drive it, the information security management principles behind the requirements, and where Annex A and the wider ISO 27000 family fit.
Auditing the requirements of ISO 27001:2022
The specialist course works through the standard clause by clause: defining ISMS scope and context, leadership and the information security policy, risk assessment and risk treatment, competence and documented information, operational control, performance evaluation, and improvement. You will finish knowing what evidence to look for against each requirement and where organisations most often fall short.
For the full module-by-module breakdown across both courses, see the Modules tab above.
Tools and resources included |
|
| Programme and planning |
|
| Fieldwork and evidence |
|
| Closing and reporting |
|
| Competence and evaluation |
|
Discover more about this course:
Management Systems Auditor (ISO 19011:2026) Content Modules
| Module 1 |
Management System Auditing Fundamentals (Clauses 1 to 4) |
| Module 2 |
Managing an Audit Programme (Clause 5) |
| Module 3 |
Planning the Audit (Clauses 6.1 to 6.3) |
| Module 4 |
Conducting the Audit (Clauses 6.4.1 to 6.4.7) |
| Module 5 |
Determining Audit Findings (Clause 6.4.8) |
| Module 6 |
Concluding the Audit (Clauses 6.4.9 to 6.7) |
| Module 7 |
Competence and Evaluation of Auditors (Clause 7) |
ISO 27001:2025 Quality Management Systems Specialist Course Modules
The Information Security Management Systems Specialist course (Exemplar Global – ISMS) is internationally recognized. It is 100% online, and you complete it at your own pace.
| Topics and clauses covered: | |
|---|---|
| Introduction to ISO 27001 | Clause 1 Scope and 2 Normative References |
| Clause 3 Terms and definitions | Clause 4 Context of the organization |
| Clause 5 Leadership and worker participation | Clause 6 Planning |
| Clause 7 Support | Clause 8 Operation |
| Clause 9 Performance evaluation | Clause 10 Improvement |
Knowledge checks throughout
Every module across both courses includes knowledge checks that reinforce your understanding before you move on. These are non-graded and can be revisited as often as you like, with instant feedback.
Practical, audit-based learning in Management Systems Auditor
In the Management Systems Auditor course, your learning is reinforced through practical audit activities using the included templates, including an audit plan, working papers, findings record, and audit report. You build genuine audit documentation as you progress, not just answer questions about auditing.
Applying the standard in the specialist course
In the Information Security Management Systems Specialist course, assessment focuses on applying ISO/IEC 27001:2022 requirements clause by clause. Note: the content export does not state the exact assessment format or pass marks for this course. Confirm these details against the course build before this section is published.
Statements of Attainment and the Digital Credential
On successful completion of all assessment requirements for each course, you will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units. Your MS Auditor + 27001 Specialist Digital Credential is issued when both courses are complete.
No prerequisites. This bundle suits all experience levels, whether you are new to auditing and information security or building on existing experience.
This course is currently undergoing certification and will be available shortly.
Register Your Interest Enquire about this courseCourse details:
-
Coming Soon
-
Approx 32 hours full-time study*
-
Exemplar Global Internationally & Industry Recognized
-
Standard: ISO 19011:2026 and ISO 27001:2022
-
This course has prerequisites
* All ATOL courses are delivered in such a way you can work through them at your own pace, the actual time to complete the training may change depending on the individual learners' experience and/or learning style



NO PREREQUISITES