ISO/IEC 27001:2013 Information Security Management System or ISO/IEC 27701:2019 Privacy Management System - Internal Auditor & Lead Implementer Training

ISO/IEC 27001:2013 and ISO/IEC 27701:2019 can help maintain a common set of policies, procedures and controls to manage information security and privacy risks.

ISO 27001 is one of the most popular information security standards in the world, with the number of certifications growing every year. The standard provides a framework for the management of information security risks and enables organizations to take into account their legal and regulatory requirements. This can help to reduce likelihood of facing prosecution and fines while also gain status as preferred supplier.

ISO 27701 is a newly published ISO standard from August 2019 and is a privacy extension to ISO/IEC 27001. It is a jurisdiction neutral framework in terms of its controls which may be used to comply with multiple privacy regimes. The ISO 27701 standard defines controls for controllers and processors, Further, a mapping of the 27701 controls to the GDPR articles is also included in the standard.

Our ISO 27001/ ISO 27701 Internal Auditor and Lead Implementer Training is designed to enhance your knowledge on how to implement and audit a compliance program with focus on Information Security/ Privacy Management System, using EY’s industry and solution knowledge as well as practical examples.

Through a combination of tutorials, group exercises and role-playing, you will learn everything you need to know about how to be an internal auditor and implementer of Information Security/ Privacy Management Systems.

Key objectives of the training:

  • Understand how to identify and address the risks associated with your organization
  • Understand how to effectively design and implement information security/ privacy policies and processes
  • Learn to plan and execute an audit to verify conformity with the ISO/IEC 27001:2013 or ISO/IEC 27701:2019 standard
  • Develop internal auditing skills and boost information security/ privacy management knowledge


The participants will get the opportunity to develop skills in the following:

  • Gaining essential knowledge about auditing according to ISO/IEC 27001:2013 or ISO/IEC 27701:2019
  • Identifying risks and focus areas for the information security/ privacy management system
  • Practical insights on how to audit specific ISO/IEC 27001:2013 or ISO/IEC 27701:2019 requirements
  • Gaining skills to help improve auditing capabilities
  • Practicing end-to-end audit execution including preparation, planning, identification of nonconformities, reporting and review of corrective actions
  • Becoming a certified Internal Auditor and Lead Implementer for Information Security/ Privacy Management System

The participants get to choose during registration:

  • Which standard they want to be trained on – ISO/IEC 27001:2013 or ISO/IEC 27701:2019
  • Which course they want to follow – Lead Implementer only or Lead Implementer and Internal Auditor

The high level agenda of the training is as follows:

  • First 2 days of the training is common for all the participants discussing the topics from the High Level Structure (HLS) of ISO.
  • Day 3 and Day 4 of the training shall discuss the specific topics from ISO/IEC 27001:2013 and ISO/IEC 27701:2019 from an implementation perspective where the participants shall be split into two groups depending on the standard they want to get trained on.
  • Day 5 shall of the training shall discuss the specific topics from ISO/IEC 27001:2013 and ISO/IEC 27701:2019 from an internal auditor perspective where the participants shall be split into two groups depending on the standard they want to get trained on.

Upcoming courses at EY CertifyPoint

February 10 to February 14, 2020

Location: EY New York City – 5 Times Square, New York, NY 10036, USA

Training Fee*:
Lead Implementer and Internal Auditor: $ 2.500 (if registered before December 20, 2019)
Lead Implementer : $ 2.000 (if registered before December 20, 2019)
Lead Implementer and Internal Auditor: $ 3.000
Lead Implementer: $ 2.500

RSVP due date: January 24, 2020

February 17 to February 21, 2020

Location: EY Amsterdam - Cross Towers, Antonio Vivaldistraat 150, 1083HP, Amsterdam, The Netherlands

Training Fee*:
Lead Implementer and Internal Auditor: € 2.500 (if registered before December 20, 2019)
Lead Implementer : € 2.000 (if registered before December 20, 2019)
Lead Implementer and Internal Auditor: € 3.000
Lead Implementer: € 2.500

RSVP due date: January 31, 2020

Why EY CertifyPoint?

  • EY CertifyPoint is one of the global market leaders for ISO certifications. We are known for a smart approach as well as efficient audit techniques minimizing the efforts of our clients.
  • We have developed a strong global practice and obtained expertise knowledge in the area of Information Security/ Privacy as well as the ISO/IEC 27001:2013 and ISO/IEC 27701:2019 standards.
  • The training will be held by professionals with practical experience in implementing and auditing organizational Information Security/ Privacy Management Systems according to the ISO standards.
  • EY CertifyPoint provides a focused Information Security/ Privacy Management System training for a deep understanding of the ISO/IEC 27001:2013 and ISO/IEC 27701:2019 standards.

*The training fees include:

  • In-class training
  • Certification is based on performance during the training, homework assignments and an exam.