Certified ISO 27701 Lead Auditor

Participants should have:

• A fundamental understanding of information security and privacy concepts
• A comprehensive understanding of audit principles and management system auditing practices
• Knowledge of privacy information management systems and ISO-based management systems is beneficial

Target audience

This course is designed for:

• Auditors seeking to perform and lead PIMS certification audits
• Managers and consultants responsible for privacy management or audit programmes
• Professionals maintaining conformance with privacy information management system requirements
• Technical experts preparing for internal, supplier, or certification audits
• Information security, governance, risk, and compliance professionals supporting privacy initiatives
• Expert advisors focused on the protection of personally identifiable information

By the end of this course, learners will be able to:

• Explain the principles and business benefits of a privacy information management system based on ISO/IEC 27701
• Describe the purpose and value of management system auditing and third-party certification
• Interpret ISO/IEC 27701:2025 requirements from the perspective of an auditor
• Apply recognised audit principles, procedures, and techniques to PIMS auditing activities
• Plan, conduct, report, and follow up on ISO/IEC 27701 audits in alignment with ISO 19011 and ISO/IEC 17021-1 guidance
• Evaluate the implementation and effectiveness of privacy controls for PII controllers and PII processors
• Apply risk-based thinking, leadership principles, and process management approaches within audit activities
• Assess organisational capability to maintain, monitor, and continually improve a PIMS
• Manage an ISO/IEC 27701 audit programme and support stakeholder confidence through effective auditing practices
• Demonstrate the practical auditing skills required to complete the PECB Certified ISO/IEC 27701 Lead Auditor examination

Introduction to privacy information management systems and ISO/IEC 27701

• Introduction to privacy information management systems
• Understanding ISO/IEC 27701:2025 and its purpose
• Relationship between ISO/IEC 27701 and ISO/IEC 27001
• Key concepts, terminology, and principles of privacy management
• Understanding personally identifiable information and privacy obligations
• The role of PII controllers and PII processors
• Benefits of implementing and auditing a PIMS
• Understanding third-party certification and organisational assurance

Audit principles and audit programme management

• Introduction to management system auditing principles
• Understanding ISO 19011 and ISO/IEC 17021-1 guidance
• Roles and responsibilities of auditors and lead auditors
• Applying risk-based thinking within audits
• Managing audit integrity, confidentiality, and professionalism
• Planning and managing an audit programme
• Defining audit objectives, scope, and criteria
• Selecting audit methods and techniques
• Preparing audit plans, checklists, and working documents

Preparing for and initiating an ISO/IEC 27701 audit

• Reviewing documented information and organisational context
• Assessing readiness for audit activities
• Identifying audit risks and opportunities
• Establishing communication with stakeholders and auditees
• Preparing opening meeting activities
• Understanding privacy controls for PII controllers and PII processors
• Reviewing leadership, governance, and process management requirements
• Preparing evidence collection approaches and sampling activities

Conducting on-site audit activities

• Conducting interviews and gathering objective evidence
• Observing operational activities and privacy management practices
• Auditing privacy controls and implementation effectiveness
• Evaluating compliance with ISO/IEC 27701 requirements
• Identifying conformity, nonconformity, and opportunities for improvement
• Applying audit techniques to assess operational effectiveness
• Recording audit findings and maintaining audit evidence
• Managing communication throughout audit activities

Closing the audit and follow-up activities

• Preparing audit conclusions and audit reports
• Conducting closing meetings and presenting findings
• Supporting corrective action and follow-up activities
• Evaluating the effectiveness of corrective actions
• Maintaining audit records and documentation
• Supporting continual improvement within the organisation
• Reviewing auditor performance and audit programme effectiveness
• Preparing organisations for certification and surveillance audits

Preparing for the PECB certification exam

• Overview of the PECB Certified ISO/IEC 27701 Lead Auditor examination
• Review of audit principles, methodologies, and ISO/IEC 27701 requirements
• Practice quizzes and scenario-based audit discussions
• Guidance on audit reporting, evidence gathering, and exam preparation
• Review of competency domains and certification expectations

Exams and assessments

Participants will complete practical audit exercises, scenario-based discussions, quizzes, and knowledge checks throughout the course to reinforce learning outcomes and support certification readiness.

The course includes the PECB Certified ISO/IEC 27701 Lead Auditor examination, which is completed after the course directly through PECB. Certification and examination fees are included within the course price. Learners who do not pass the first exam attempt are eligible for one free retake within 12 months of course completion, in line with PECB policies.

Hands-on learning

This course includes:

• Practical audit planning and reporting exercises aligned to real-world scenarios
• Instructor-led audit simulations and evidence gathering activities
• Scenario-based workshops focused on privacy controls and audit effectiveness
• Guided exercises covering audit preparation, execution, reporting, and follow-up
• Collaborative discussions exploring risk-based auditing and continual improvement
• A digital copy of the latest ISO/IEC 27701 standard