ISO/IEC 27001 Lead Auditor - HKPC Academy
ISO/IEC 27001 Lead Auditor
    P0000168
    HKPC Building 78 Tat Chee Avenue Kowloon
    2026-01-12 - 2026-01-16
    Ms. Lee Tel : +852 2788 5704
    cybersec@hkpc.org
     Enquiry    Print  
    Secure Your Seat

    Information security threats and attacks grow and evolve continuously. As such, organisations are increasingly concerned about how their valuable information is handled and protected. The best form of defense against threats and attacks is the proper implementation, auditing, and management of information security controls and best practices. Information security is a key expectation and requirement of customers, legislators, and other interested parties.

    ISO/IEC 27001 Lead Auditor training course is designed to enable you to audit an information security management system (ISMS) based on ISO/IEC 27001. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits.

    The training content is comprised of practical exercises and case studies which bring you real-world expertise that you can apply to your day-to-day operations and activities. Through practical exercises, you will be able to master audit techniques and become competent to manage an audit programme, audit team, communication with customers, and conflict resolution.

    What is ISO/IEC 27001 ?

    ISO/IEC 27001 provides requirements for organisations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the security of your information, which will exemplify reliability and add value to services of your organisation.

    Course Outline

    Day 1 – Introduction to the information security management system (ISMS) & ISO/IEC27001

    • Training course objectives and structure
    • Standards and regulatory frameworks
    • Certification process
    • Fundamental concepts and principles of information security
    • Information security management system (ISMS)

    Day 2 – Audit principles, preparation, and initiation of an audit

    • Fundamental audit concepts and principles
    • The impact of trends and technology in auditing
    • Evidence-based auditing
    • Risk-based auditing
    • Initiation of the audit process
    • Stage 1 audit

    Day 3 – On-site audit activities

    • Preparing for stage 2 audit
    • Stage 2 audit
    • Communication during the audit
    • Audit procedures
    • Creating audit test plans

    Day 4 – Closing the audit

    • Drafting audit findings and nonconformity reports
    • Audit documentation and quality review
    • Closing of the audit
    • Evaluation of action plans by the auditor
    • Beyond the initial audit
    • Managing an internal audit program
    • Closing of the training course

    Certification Examination

    • Duration: 3 hours
    • Online examination to be booked after completion of the training course.

    Who Should Attend

      • Individuals who are interested in mastering the audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001
      • Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
      • Managers or consultants seeking to master an Information Security Management System (ISMS) audit process
      • Individuals responsible for maintaining conformance with Information Security Management
      • System (ISMS) requirements
      • Technical experts seeking to prepare for an Information Security Management System (ISMS) audit
      • Expert advisors in Information Security

    Medium

    Cantonese with English terminology

    Course Fee

    HK$12,800 per person

     

    Tutors 

    Mr Poon Wai Tung, Keith

    Mr. Poon Wai Tung, Keith has been the Principal Consultant and has been integral for over 25 years, playing a key role in developing auditing practices and training courses in the increasingly vital areas of business risk assessment, business continuity management, information security, and IT service management, with a particular focus on service companies and manufacturing.

    Poon Hei Lun, Thomson

    Mr. Poon Hei Lun, Thomson is the Principal Consultant, bringing more than 30 years of expertise in information management systems and compliance. He has overseen ISMS audits across Hong Kong, Macau, and Mainland China, guiding organizations in strengthening their management systems and achieving certification readiness. He also delivers in-house and public ISO training programs, ensuring clients consistently align with international standards and maintain compliance excellence.

    Tsui Wai Yip, Raymond

    Mr. Tsui Wai Yip, Raymond serves as Principal Consultant in Governance Services, bringing more than 20 years of expertise in corporate governance, compliance, and risk management. He leads audits, develops policies, and delivers training programs that help organizations maintain accountability, transparency, and adherence to international standards. Trusted by both multinational corporations and SMEs, he advises boards and executive teams to strengthen governance practices across industries.

    Certificate of Training

    Participants who have attained at least 75% attendance of lecture will be awarded an Attestation of Course Completion for claiming Continuing Professional Development (CPD) credits.

     

    Secure Your Seat