ISO/IEC 27001 Lead Auditor - HKPC Academy
ISO/IEC 27001 Lead Auditor
    HKPC Building 78 Tat Chee Avenue Kowloon
    Mr CHAN Tel: +852 2788 5497
    25 -27 & 31 October 2023 ClassApply Now
    9-12 January 2024 ClassApply Now
    12-15 March 2024 ClassApply Now


    Information security threats and attacks grow and evolve continuously. As such, organisations are increasingly concerned about how their valuable information is handled and protected. The best form of defense against threats and attacks is the proper implementation, auditing, and management of information security controls and best practices. Information security is a key expectation and requirement of customers, legislators, and other interested parties.

    ISO/IEC 27001 Lead Auditor training course is designed to prepare you to audit an information security management system (ISMS) based on ISO/IEC 27001. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits.

    The training content is comprised of practical exercises and case studies which bring you real-world expertise that you can apply to your day-to-day operations and activities. Through practical exercises, you will be able to master audit techniques and become competent to manage an audit programme, audit team, communication with customers, and conflict resolution.

    What is ISO/IEC 27001 ?

    ISO/IEC 27001 provides requirements for organisations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organisation.

    Course Outline

    Day 1 – Introduction to the information security management system (ISMS) & ISO/IEC27001

    • Training course objectives and structure
    • Standards and regulatory frameworks
    • Certification process
    • Fundamental concepts and principles of information security
    • Information security management system (ISMS)

    Day 2 – Audit principles, preparation, and initiation of an audit

    • Fundamental audit concepts and principles
    • The impact of trends and technology in auditing
    • Evidence-based auditing
    • Risk-based auditing
    • Initiation of the audit process
    • Stage 1 audit

    Day 3 – On-site audit activities

    • Preparing for stage 2 audit
    • Stage 2 audit
    • Communication during the audit
    • Audit procedures
    • Creating audit test plans

    Day 4 – Closing the audit

    • Drafting audit findings and nonconformity reports
    • Audit documentation and quality review
    • Closing of the audit
    • Evaluation of action plans by the auditor
    • Beyond the initial audit
    • Managing an internal audit program
    • Closing of the training course

    Certification Examination

    • Duration: 3 hours
    • Online examination to be booked after completion of the training course.

    Who Should Attend

      • Individuals who are interested in mastering the audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001
      • Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
      • Managers or consultants seeking to master an Information Security Management System (ISMS) audit process
      • Individuals responsible for maintaining conformance with Information Security Management
      • System (ISMS) requirements
      • Technical experts seeking to prepare for an Information Security Management System (ISMS) audit
      • Expert advisors in Information Security


    Cantonese with English terminology

    Course Fee

    HK$16,800 per person

    RTTP Training Grant Application

    This course is applying Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details:

    Companies should submit their RTTP training grant application for their employee(s) via at least two weeks before course commencement. Alternatively, application form could be submitted by email to along with supporting documents.


    Mr Poon Wai Tung, Keith

    Mr Poon Wai Tung, Keith is the Principal Consultant of an IT security consultancy company. Mr Poon has been instrumental in developing professional consulting solutions, auditing and training courses in the increasingly vital areas of business risk assessment, business continuity management, information security and IT service management with a particular focus on services companies and manufacturing.

    Mr Lau Wai Leung, Terry

    Mr Lau Wai Leung, Terry is the Senior Consultant of an IT security consultancy company. Mr Lau has conducted many IMS audit in Hong Kong, Macau and China and provided various in-house and public ISO training to ensure the clients meet the standard requirements and achieve certification. The clients focus on MNC and SME.

    Mr Lo Hok Sik, OK

    Mr Lo Hok Sik, OK is the Senior Consultant of an IT security consultancy company. Mr Lo has conducted many risk assessment and business continuity management in government sector in systems integrator industry and IT infrastructure virtualisation and VDI project in local and countries in overseas.

    Certificate of Training

    Participants who have attained at least 75% attendance of lecture will be awarded an Attestation of Course Completion for claiming Continuing Professional Development (CPD) credits.

    Download Full Course Detail