| Access to Course Content: | 12 Months from the date of enrolment |
| Competency Units: |
Exemplar Global AU26 Auditing Management Systems
Exemplar Global TL26 Leading Management System Audit Teams Exemplar Global - PIMS Privacy Information Management Systems Auditing |
| Certificate Type: |
Certificate of Attainment - TPECS |
Lead auditor capability plus ISO 27701 privacy expertise.
Behind every organisation that handles personal information and keeps the trust that comes with it, there is someone who can examine how privacy is managed in practice and back the answer with evidence. That person could be you.
This bundle is complete ISO lead auditor training with a privacy specialisation. Privacy regulation keeps tightening around the world, and organisations increasingly need to show regulators, partners, and customers that personal information is managed systematically.
- The Management Systems Auditor course builds your management system auditing foundation to ISO 19011:2026, with remote auditing methods from ISO/IEC TS 17012:2024 integrated throughout.
- The Privacy Information Management Systems Specialist course then takes you inside ISO/IEC 27701 clause by clause, from PIMS scope and leadership through privacy risk, operational control, and improvement, including the distinct obligations of PII controllers and processors.
The bundle is open to everyone, and it suits compliance career development at any stage. No prior auditing, privacy, or security experience is needed, whether you are starting fresh or formalising skills you already use in data protection work.
The management system auditing methodology you build here also transfers across legislative and regulatory compliance contexts, privacy law included.
You will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units as you successfully complete each course: AU26 and TL26 for Management Systems Auditor, and PIMS for the specialist course. When both courses are complete, you receive the MS Auditor + ISO 27701 Specialist Digital Credential, professional auditing credentials that travel across borders the same way privacy obligations do.
Who this bundle is for
Privacy work used to sit in legal teams. Now it lives everywhere personal information flows, and the people who can audit it are far rarer than the people who can talk about it. This bundle is for anyone who wants to be in the first group:
- Newcomers building a compliance and auditing career with a privacy specialisation from day one
- Data protection officers and privacy officers who need recognised auditing capability behind their advice
- Internal auditors who want to add privacy information management to their first-party audit scope
- IT, security, and GRC professionals formalising the privacy side of their role
- Aspiring external and certification auditors building a privacy audit portfolio
- Consultants advising clients on ISO 27701 conformance and privacy programme maturity
- Teams and organisations building in-house privacy audit capability, with group enrolment available through ATOL corporate training
- Anyone building toward Exemplar Global Lead Auditor personnel certification with a privacy focus
Want information security depth as well?
ISO/IEC 27701 builds on the ISO 27001 framework. If you want the full picture across security, privacy, and AI, the Management Systems Auditor + Data Trust Integrated Management Systems bundle covers ISO 27001, ISO 27701, and ISO 42001 in one pathway.
What you'll be able to do after this bundle
Professional auditing credentials matter most when they map to what you can actually do. By the time you complete both courses, you will be able to:
- Plan, conduct, and lead management system audits using a consistent ISO 19011:2026 methodology
- Lead an audit team through every stage of an audit, from initiation and planning through to reporting and corrective action follow-up
- Interpret ISO/IEC 27701 clause by clause, knowing what conformance looks like for a privacy information management system
- Distinguish the obligations of PII controllers and processors and audit each role appropriately
- Evaluate how an organisation identifies, assesses, and treats its privacy risks
- Audit effectively in on-site, remote, and hybrid environments using ISO/IEC TS 17012:2024 methods
- Write audit findings and reports that are clear, accurate, fair, and useful to the organisation
- Demonstrate three Exemplar Global competency units and a Digital Credential to employers, clients, and certification bodies
What you'll learn
Two courses, one structured learning pathway. Each theme below builds on the one before it.
Auditing any management system with confidence
Before you can audit privacy effectively, you need to understand how auditing works. The Management Systems Auditor course builds that foundation using ISO 19011:2026 and ISO/IEC TS 17012:2024 for remote auditing. You will learn the seven auditing principles, how to plan and manage an audit programme, collect and evaluate evidence, run opening and closing meetings, document findings, and lead a team through a complete audit from initiation to follow-up.
How a privacy information management system actually works
A PIMS is how an organisation manages personal information deliberately rather than reactively. You will learn how ISO/IEC 27701 extends the ISO 27001 information security framework into privacy, the relationship between security risk and privacy risk, and why the standard treats PII controllers and PII processors differently.
Auditing the requirements of ISO 27701
The specialist course works through the standard clause by clause: defining PIMS scope and context, leadership and the privacy policy, privacy risk assessment and treatment, competence and documented information, operational control, performance evaluation, and improvement. You will finish knowing what evidence to look for against each requirement and where privacy programmes most often fall short of what they promise.
For the full module-by-module breakdown across both courses, see the Modules tab above.
Tools and resources included |
|
| Programme and planning |
|
| Fieldwork and evidence |
|
| Closing and reporting |
|
| Competence and evaluation |
|
Discover more about this course:
ISO 19011 Management Systems Auditing |
|
| Module 1 |
Management System Auditing Fundamentals (Clauses 1 to 4) |
| Module 2 |
Managing an Audit Programme (Clause 5) |
| Module 3 |
Planning the Audit (Clauses 6.1 to 6.3) |
| Module 4 |
Conducting the Audit (Clauses 6.4.1 to 6.4.7) |
| Module 5 |
Determining Audit Findings (Clause 6.4.8) |
| Module 6 |
Concluding the Audit (Clauses 6.4.9 to 6.7) |
| Module 7 |
Competence and Evaluation of Auditors (Clause 7) |
*This course does not include a copy of ISO 19011:2026 as it is not required for you to complete your training. Course content includes extracts from the standards in the form of clause statements as per the example below.
ISO/IEC 27701 Privacy Information Management Systems Specialist |
|
| Module 1 |
Introducing ISO/IEC 27701 Privacy Information Management Systems (Clauses 1 to 3) |
| Module 2 |
Context of the Organization (Clause 4) |
| Module 3 |
Leadership (Clause 5) |
| Module 4 |
Planning (Clause 6) |
| Module 5 |
Support (Clause 7) |
| Module 6 |
Operation (Clause 8) |
| Module 7 |
Performance Evaluation (Clause 9) |
| Module 8 |
Improvement (Clause 10) |
*This course does not include a copy of ISO/IEC 27701:2025 as it is not required for you to complete your training. Course content includes extracts from the standards in the form of clause statements as per the example below.
Knowledge checks throughout
Every module across both courses includes knowledge checks that reinforce your understanding before you move on. These are non-graded and can be revisited as often as you like, with instant feedback.
Practical, audit-based learning in Management Systems Auditor
In the Management Systems Auditor course, your learning is reinforced through practical audit activities using the included templates, including an audit plan, working papers, findings record, and audit report. You build genuine audit documentation as you progress, not just answer questions about auditing.
Applying the standard in the specialist course
In the Privacy Information Management Systems Specialist course, assessment focuses on applying ISO/IEC 27701 requirements clause by clause. Note: the content export does not state the exact assessment format or pass marks for this course. Confirm these details against the course build before this section is published.
Statements of Attainment and the Digital Credential
On successful completion of all assessment requirements for each course, you will be issued with an Exemplar Global Statement of Attainment covering the relevant competency units. Your MS Auditor + ISO 27701 Specialist Digital Credential is issued when both courses are complete.
$1,395.00 USD
This course includes:
- Management Systems Auditor (ISO 19011:2026)
- ISO/IEC 27701:2025 Privacy Information Management Systems Specialist
Course details:
-
Bundle
-
Approx 32 hours full-time study*
-
Exemplar Global Internationally & Industry Recognized
-
Standard: ISO 19011:2026 and ISO 27701:2022
-
No prerequisites required
* All ATOL courses are delivered in such a way you can work through them at your own pace, the actual time to complete the training may change depending on the individual learners' experience and/or learning style



NO PREREQUISITES