Information Security Management System

ISO 27001 Internal Auditor & Implementer Training Course

Be well equipped to effectively manage your organisation’s ISMS

Be well equipped to effectively manage your organisation’s ISMS


In today's digital age, the protection of information has become crucial for any organization's success. A security breach can lead to a tarnished reputation, loss of revenue, and other severe consequences. 

The internal auditor course starts with an overview of Information Security Management System (ISMS) and the ISO/IEC 27001:2022 certification standard. We will also delve into its relation to the ISO 27000 series of standards for information security management. This course is based on the principles of ISO 19011:2011 and is designed for those who wish to conduct internal audit assessments to the ISO/IEC 27001:2022 certification standard.

Following the internal auditor module, we offer training on ISO/IEC 27001 ISMS implementer. This training course is structured to provide a detailed understanding of the requirements specified in the ISO/IEC 27001:2022 standard for establishing, implementing, maintaining, and continually improving an ISMS tailored to the needs of the organisation.

Duration: 6-day course (2-day for ISO/IEC 27001 Internal Auditor course & 4-day for ISO/IEC 27001 Implementer course)
Language: English

Note: SGTech members can apply for course funding under STAR FUND 2.0 and receive up to S$500/pax funding. Please refer to FAQ for more details.


At the end of this course, participants will be able to:

  • To gain an understanding of the ISO/IEC 27001:2022 requirements
  • Prepare, conduct and follow-up on ISO/IEC 27001:2022 audit activities
  • Gain the skills to assess an organisation’s capability to manage its ISMS
  • Write factual audit reports
  • Understand ISMS terminology and key elements of information security management
  • Learn the Plan-Do-Check-Act (PDCA) approach
  • Know more about processes and their interconnections
  • Gain valuable insights to the management with regards to ISMS implementation.
Topics to be covered in this course include:


  • ISO/IEC 27001:2022 Information Security Management Systems Internal Auditor course
    • Introduction to information security management systems 
    • Key changes in ISO 27001:2013 vs ISO 27001:2022
    • Objectives and benefits of an ISMS
    • Key Principles and Concepts of the ISMS
    • Code of practice ISO/IEC 27001:2022
    • Certification specification ISO/IEC 27001:2022
    • Certification to ISO/IEC 27001:2022
    • The ISO 27000 series of standards
    • Essentials of the Standard
    • The ISMS Audit Planning
    • The ISMS Audit Preparation
    • Conducting an ISMS Audit
    • Recording the results
    • Root Cause Identification
    • Presenting reports
    • Conducting Audit Follow-Up
  • ISO/IEC 27001:2022 Information Security Management Systems Implementer course
    • Understanding the purpose of an Information Security Management System by establish the context of the organization and the processes involved in establishing, implementing, maintaining and continually improving an ISMS.
    • Key changes in ISO 27001:2013 vs ISO 27001:2022
    • Understanding the mandatory documents and records required by the international standard
    • Formulation of ISMS Scope and Statement of Applicability (SoA).Assist top management in formulating the Information Security Policy and Information Security Objectives that are aligned with the strategic direction of the organisation
    • Establishing Risk Assessment and Risk Treatment methodology based on the context of the organisation and implementing the same
    • Assist in establishing the internal audit program and management reviews within an organisation
    • Understanding controls listed in Annex A of the standard and knowledge of implementing correct type of controls to mitigate risks
    • Planning and Implementing ISMS
    • Performance Evaluation, Monitoring and Measurement of an ISMS
    • Continual Improvement of an ISMS
    • Preparation for an ISMS Certification audit
    • Conducting Internal audits and Management Review
    • Corrective action and effectiveness of Corrective action
    • Case studies



Participants will learn through lectures, case studies, group exercises and discussions.


This course is specially designed for:

  • IT and ITMS representatives of an organisation
  • Personnel responsible for implementing information security management system framework within an organisation.
  • Project managers or consultants responsible for establishing, implementing, maintaining, auditing and improving Information Security Management Systems within an organisation.
  • Top Management (IT Head, CISO etc.) and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Those people who wish to understand and conduct internal audit assessments to the ISO 27001:2022 certification standard and its relation to the emerging ISO 27000 series of standards for information security management

Prerequisite: None


The course content and structure are designed by the domain experts from TÜV SÜD.

With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.

  • What are the benefits of enrolling in this course?
    • World-class training – by learning from TÜV SÜD’s industry experts and training specialists
    • Interactive learning style – with interactive formats such as lectures, illustrations and simulations are used
    • Networking opportunity – where you can meet and build network with like-minded individuals at our instructor-led training
    • Gain a competitive edge – by getting trained by experts known in the fields of safety, security and sustainability.



Next Steps

Site Selector