Unlock Your ISO Potential Take the Quiz

New Course ROI Now Open!

ISO 14001:2026 Transition today!

Access to Course Content:12 Months from the date of enrolment
Competency Units: Exemplar Global AU26 Auditing Management Systems
Exemplar Global TL26 Leading Management System Audit Teams
Exemplar Global - PIMS Privacy Information Management Systems Auditing
Certificate Type: Certificate of Attainment - TPECS

Lead auditor capability plus ISO 27701 privacy expertise.

Behind every organisation that handles personal information and keeps the trust that comes with it, there is someone who can examine how privacy is managed in practice and back the answer with evidence. That person could be you.

This bundle is complete ISO lead auditor training with a privacy specialisation. Privacy regulation keeps tightening around the world, and organisations increasingly need to show regulators, partners, and customers that personal information is managed systematically.

  • The Management Systems Auditor course builds your management system auditing foundation to ISO 19011:2026, with remote auditing methods from ISO/IEC TS 17012:2024 integrated throughout.
  • The Privacy Information Management Systems Specialist course then takes you inside ISO/IEC 27701 clause by clause, from PIMS scope and leadership through privacy risk, operational control, and improvement, including the distinct obligations of PII controllers and processors.

The bundle is open to everyone, and it suits compliance career development at any stage. No prior auditing, privacy, or security experience is needed, whether you are starting fresh or formalising skills you already use in data protection work.

The management system auditing methodology you build here also transfers across legislative and regulatory compliance contexts, privacy law included.

You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 and TL26 for Management Systems Auditor, and PIMS for the specialist course. When both courses are complete, you receive the MS Auditor + ISO 27701 Specialist Digital Credential, professional auditing credentials that travel across borders the same way privacy obligations do.


Who this bundle is for

Privacy work used to sit in legal teams. Now it lives everywhere personal information flows, and the people who can audit it are far rarer than the people who can talk about it. This bundle is for anyone who wants to be in the first group:

  • Newcomers building a compliance and auditing career with a privacy specialisation from day one
  • Data protection officers and privacy officers who need recognised auditing capability behind their advice
  • Internal auditors who want to add privacy information management to their first-party audit scope
  • IT, security, and GRC professionals formalising the privacy side of their role
  • Aspiring external and certification auditors building a privacy audit portfolio
  • Consultants advising clients on ISO 27701 conformance and privacy programme maturity
  • Teams and organisations building in-house privacy audit capability, with group enrolment available through ATOL corporate training
  • Anyone building toward Exemplar Global Lead Auditor personnel certification with a privacy focus

Want information security depth as well?

ISO/IEC 27701 builds on the ISO 27001 framework. If you want the full picture across security, privacy, and AI, the Management Systems Auditor + Data Trust Integrated Management Systems bundle covers ISO 27001, ISO 27701, and ISO 42001 in one pathway.


What you'll be able to do after this bundle

Professional auditing credentials matter most when they map to what you can actually do. By the time you complete both courses, you will be able to:

  • Plan, conduct, and lead management system audits using a consistent ISO 19011:2026 methodology
  • Lead an audit team through every stage of an audit, from initiation and planning through to reporting and corrective action follow-up
  • Interpret ISO/IEC 27701 clause by clause, knowing what conformance looks like for a privacy information management system
  • Distinguish the obligations of PII controllers and processors and audit each role appropriately
  • Evaluate how an organisation identifies, assesses, and treats its privacy risks
  • Audit effectively in on-site, remote, and hybrid environments using ISO/IEC TS 17012:2024 methods
  • Write audit findings and reports that are clear, accurate, fair, and useful to the organisation
  • Demonstrate three Exemplar Global competency units and a Digital Credential to employers, clients, and certification bodies

What you'll learn

Two courses, one structured learning pathway. Each theme below builds on the one before it.

Auditing any management system with confidence

Before you can audit privacy effectively, you need to understand how auditing works. The Management Systems Auditor course builds that foundation using ISO 19011:2026 and ISO/IEC TS 17012:2024 for remote auditing. You will learn the seven auditing principles, how to plan and manage an audit programme, collect and evaluate evidence, run opening and closing meetings, document findings, and lead a team through a complete audit from initiation to follow-up.

How a privacy information management system actually works

A PIMS is how an organisation manages personal information deliberately rather than reactively. You will learn how ISO/IEC 27701 extends the ISO 27001 information security framework into privacy, the relationship between security risk and privacy risk, and why the standard treats PII controllers and PII processors differently.

Auditing the requirements of ISO 27701

The specialist course works through the standard clause by clause: defining PIMS scope and context, leadership and the privacy policy, privacy risk assessment and treatment, competence and documented information, operational control, performance evaluation, and improvement. You will finish knowing what evidence to look for against each requirement and where privacy programmes most often fall short of what they promise.

For the full module-by-module breakdown across both courses, see the Modules tab above.


Tools and resources included

Programme and planning
  • Audit Programme Objectives Guide
  • Audit Programme Template
  • Audit Programme Register
  • Audit Preparation Toolkit (initiation checklist, audit plan template, timetable template, and audit checklist template)
Fieldwork and evidence
  • Opening Meeting Checklist
  • Audit Working Papers and Evidence Notes Template
  • Recording Audit Findings resource
Closing and reporting
  • Closing Meeting Preparation Checklist
  • Closing Meeting Checklist
  • Audit Report Template (aligned to ISO 19011:2026 Clause 6.5, including remote auditing documentation)
  • Corrective Action Follow-up Record
Competence and evaluation
  • Auditor Competency Log
  • Auditor Evaluation Toolkit

 

ISO 19011 Management Systems Auditing

Module 1

Management System Auditing Fundamentals (Clauses 1 to 4)
The foundation of ISO 19011:2026: scope, normative references, and key terms, then the principles of auditing in Clause 4, from integrity, fair presentation, due professional care, confidentiality, and independence through to the evidence-based approach. Each principle is paired with practical content showing how it plays out in real audits.

Module 2

Managing an Audit Programme (Clause 5)
How to establish, implement, monitor, review, and improve an audit programme: setting programme objectives, evaluating programme risks and opportunities, the roles and competence of the people managing the programme, programme scope and resources.

Module 3

Planning the Audit (Clauses 6.1 to 6.3)
Initiating the audit and preparing audit activities: reviewing documented information, audit planning, assigning work to the audit team, and preparing the documented information you will carry into the audit.

Module 4

Conducting the Audit (Clauses 6.4.1 to 6.4.7)
The fieldwork phase: the roles of guides and observers, running the opening meeting, communicating during the audit, providing access to audit information, reviewing documented information while auditing, and collecting and verifying the information that becomes your audit evidence.

Module 5

Determining Audit Findings (Clause 6.4.8)
How verified audit evidence is evaluated against the audit criteria to generate findings, including documenting conformity and nonconformity and applying the process in practice with the included tools.

Module 6

Concluding the Audit (Clauses 6.4.9 to 6.7)
Bringing the audit home: determining audit conclusions, conducting the closing meeting, preparing and distributing the audit report in line with Clause 6.5, completing the audit, and conducting audit follow-up.

Module 7

Competence and Evaluation of Auditors (Clause 7)
What it takes to be and remain a competent auditor and audit team leader: personal behaviour, generic and discipline-specific knowledge and skills, achieving auditor and audit team leader competence, and establishing auditor evaluation criteria and methods.

*This course does not include a copy of ISO 19011:2026 as it is not required for you to complete your training. Course content includes extracts from the standards in the form of clause statements as per the example below.


ISO/IEC 27701 Privacy Information Management Systems Specialist

Module 1

Introducing ISO/IEC 27701 Privacy Information Management Systems (Clauses 1 to 3)
How ISO/IEC 27701 extends the ISO 27001 framework into privacy: scope, key terms, the relationship between information security and privacy information management, and the roles of PII controllers and processors.

Module 2

Context of the Organization (Clause 4)
Internal and external issues affecting privacy, the needs and expectations of interested parties including regulators and PII principals, and defining the scope of the privacy information management system.

Module 3

Leadership (Clause 5)
Top management leadership and commitment, the privacy policy, and organisational roles, responsibilities and authorities for privacy information management.

Module 4

Planning (Clause 6)
Actions to address privacy risks and opportunities, privacy objectives and planning to achieve them, and planning of changes to the PIMS.

Module 5

Support (Clause 7)
Resources, competence, awareness, communication, and documented information requirements for an effective PIMS.

Module 6

Operation (Clause 8)
Operational planning and control for privacy, and privacy risk assessment and treatment in practice.

Module 7

Performance Evaluation (Clause 9)
Monitoring, measurement, analysis and evaluation of privacy performance, internal audit, and management review.

Module 8

Improvement (Clause 10)
Continual improvement, and managing nonconformity and corrective action within the PIMS.

*This course does not include a copy of ISO/IEC 27701:2025 as it is not required for you to complete your training.  Course content includes extracts from the standards in the form of clause statements as per the example below.


Knowledge checks throughout

Every module across both courses includes knowledge checks that reinforce your understanding before you move on. These are non-graded and can be revisited as often as you like, with instant feedback.

Practical, audit-based learning in Management Systems Auditor

In the Management Systems Auditor course, your learning is reinforced through practical audit activities using the included templates, including an audit plan, working papers, findings record, and audit report. You build genuine audit documentation as you progress, not just answer questions about auditing.

Applying the standard in the specialist course

In the Privacy Information Management Systems Specialist course, assessment focuses on applying ISO/IEC 27701 requirements clause by clause. Note: the content export does not state the exact assessment format or pass marks for this course. Confirm these details against the course build before this section is published.

Statements of Attainment and the Digital Credential

On successful completion of all assessment requirements for each course, you will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units. Your MS Auditor + ISO 27701 Specialist Digital Credential is issued when both courses are complete.

Two courses completed in a fixed order: Management Systems Auditor (ISO 19011:2026), then Privacy Information Management Systems Specialist (ISO/IEC 27701).
Yes. The order is fixed, not just recommended. Start with Management Systems Auditor, then move to the specialist course. The specialist content uses the auditing language and methodology established in the first course, so completing them in sequence is what makes the privacy material click.
You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 Auditing Management Systems and TL26 Leading Management System Audit Teams for the Management Systems Auditor course, and PIMS Privacy Information Management Systems Specialist for the specialist course. When both courses are complete, you receive the MS Auditor + ISO 27701 Specialist Digital Credential.
Yes. The Management Systems Auditor course covers the AU26 and TL26 Exemplar Global competency units, the complete lead auditor certification foundation as defined in ISO 19011:2026. The specialist course extends that capability into privacy information management, which is what separates this pathway from single-topic ISO certification courses.
No prerequisite applies, and the specialist course introduces the relationship between ISO 27001 and ISO 27701 as part of the content. That said, ISO/IEC 27701 does build on the information security framework, so if you want full depth across both, plus AI governance, consider the Data Trust Integrated Management Systems bundle instead.
No. This bundle is open entry with no prerequisites. It works whether you are completely new to auditing and privacy, or you have existing data protection experience you want to formalise with professional auditing credentials.
The bundle covers ISO 19011:2026, ISO/IEC TS 17012:2024, and ISO/IEC 27701. The management system auditing methodology you build also transfers to other structured audit and compliance contexts, including but not limited to privacy regulation and legislative compliance auditing.
Yes. The 16 audit tools from the Management Systems Auditor course are built around the audit process itself rather than any single standard, so they apply directly to PIMS audits without modification.
Yes. ATOL delivers corporate and group training for organisations building in-house audit and compliance capability, from small teams to enterprise rollouts. Talk to our team about group enrolment: https://auditortrainingonline.com/home/corporate
Fully online and self-paced. Both courses include video and audio content, written material, practical tools, and knowledge checks throughout. No live sessions or scheduled attendance required, which makes it practical compliance training to roll out across distributed teams.
The full bundle is equivalent to approximately 32 hours of full-time study, around four days, across both courses. Because everything is self-paced, you can spread it over any timeframe that works for you.
Full access to both courses, 15 modules in total, 16 downloadable audit tools and templates, knowledge checks throughout, and access to the ATOL Community, a private network of auditing professionals. Credentials are issued as you complete each course. The full list of tools is on this page above
You will hold three Exemplar Global competency units and a Digital Credential covering auditing and privacy, a strong base for continued professional development in ISO management systems. From there, many graduates add ISO 27001 information security depth or extend across AI governance with the Data Trust pathway.
No prerequisites required

$1,395.00 USD

This course includes:

  • Management Systems Auditor (ISO 19011:2026)
  • ISO/IEC 27701:2025 Privacy Information Management Systems Specialist
Enrol Now Enquire about this course

Course details:

  • icon
    Bundle
  • icon
    Approx 32 hours full-time study*
  • icon
    Exemplar Global Internationally & Industry Recognized
  • icon
    Standard: ISO 19011:2026 and ISO 27701:2022
  • icon
    No prerequisites required

* All ATOL courses are delivered in such a way you can work through them at your own pace, the actual time to complete the training may change depending on the individual learners' experience and/or learning style