Professional Track
Professional Track
ISO/IEC 27001 Auditor
Develop the skills to plan, conduct and evaluate audits against ISO/IEC 27001 in real organisational contexts.
Auditor
Information Security
ISO/IEC 27001
Auditing information security beyond control checklists
Auditing information security beyond control checklists
A modular training programme for information security auditors. Learn to audit ISO/IEC 27001 Information Security Management Systems based on risk, controls and evidence—not checklists alone.
A modular training programme for information security auditors. Learn to audit ISO/IEC 27001 Information Security Management Systems based on risk, controls and evidence—not checklists alone.
A modular training programme for information security auditors. Learn to audit ISO/IEC 27001 Information Security Management Systems based on risk, controls and evidence—not checklists alone.
Overview
The ISO/IEC 27001 Internal Auditor Track is designed for professionals responsible for auditing Information Security Management Systems. The programme goes beyond clause-by-clause interpretation and teaches how to audit an ISMS holistically, using evidence-based and risk-focused methods.
Participants learn how to:
plan ISMS audits using a risk-based and process-oriented approach,
evaluate the effectiveness of administrative and technical controls,
gather and validate audit evidence in IT and business environments,
assess the implementation of Annex A controls,
use interviewing, sampling and traceability methods to verify conformity,
write clear and actionable findings,
and verify the closure of corrective actions.
Because most modules are shared with other auditor tracks, participants can expand easily into Quality, Environmental or AI audit specialisations by completing only a few domain-specific modules.
The ISO/IEC 27001 Internal Auditor Track is designed for professionals responsible for auditing Information Security Management Systems. The programme goes beyond clause-by-clause interpretation and teaches how to audit an ISMS holistically, using evidence-based and risk-focused methods.
Participants learn how to:
plan ISMS audits using a risk-based and process-oriented approach,
evaluate the effectiveness of administrative and technical controls,
gather and validate audit evidence in IT and business environments,
assess the implementation of Annex A controls,
use interviewing, sampling and traceability methods to verify conformity,
write clear and actionable findings,
and verify the closure of corrective actions.
Because most modules are shared with other auditor tracks, participants can expand easily into Quality, Environmental or AI audit specialisations by completing only a few domain-specific modules.
Learning outcomes
After completing this track, participants will be able to:
Explain the purpose, principles and value of internal auditing under ISO/IEC 27001.
Plan ISMS audits based on risks, controls, processes and previous performance.
Evaluate the design and operating effectiveness of ISMS controls.
Audit Annex A controls in a practical, evidence-focused manner.
Apply interviewing, observation and sampling techniques in IT and organisational settings.
Identify nonconformities and opportunities for improvement.
Write audit findings that are factual, clear and actionable.
Handle difficult audit situations and communicate with confidence.
Conduct follow-up activities to ensure effective corrective action.
After completing this track, participants will be able to:
Explain the purpose, principles and value of internal auditing under ISO/IEC 27001.
Plan ISMS audits based on risks, controls, processes and previous performance.
Evaluate the design and operating effectiveness of ISMS controls.
Audit Annex A controls in a practical, evidence-focused manner.
Apply interviewing, observation and sampling techniques in IT and organisational settings.
Identify nonconformities and opportunities for improvement.
Write audit findings that are factual, clear and actionable.
Handle difficult audit situations and communicate with confidence.
Conduct follow-up activities to ensure effective corrective action.
Modular architecture
Two credentials with one track
Halderstone Professional Certificate in Management System Auditing
The Halderstone Professional Diploma in Management Systems Auditing certifies a strong, cross-standard foundation in management system auditing. It focuses on audit principles, methods and judgement that apply consistently across standards such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 22301 and ISO/IEC 42001.
The diploma demonstrates that you can plan and conduct audits, gather and evaluate objective evidence, assess system effectiveness and formulate clear, defensible audit conclusions. It confirms your ability to audit management systems beyond checklists, with a focus on risk, performance and continual improvement.
This core diploma is shared across all Halderstone Auditor tracks and provides the foundation for adding additional audit specialisations with minimal additional effort.
The Halderstone Professional Diploma in Management Systems Auditing certifies a strong, cross-standard foundation in management system auditing. It focuses on audit principles, methods and judgement that apply consistently across standards such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 22301 and ISO/IEC 42001.
The diploma demonstrates that you can plan and conduct audits, gather and evaluate objective evidence, assess system effectiveness and formulate clear, defensible audit conclusions. It confirms your ability to audit management systems beyond checklists, with a focus on risk, performance and continual improvement.
This core diploma is shared across all Halderstone Auditor tracks and provides the foundation for adding additional audit specialisations with minimal additional effort.
Halderstone Specialist Certificate in ISO/IEC 27001 Internal Auditing
This specialisation applies internal audit principles specifically to ISO/IEC 27001. Participants learn how to evaluate ISMS governance, risk management, control implementation and operational practices.
The domain module covers:
ISMS scope and boundaries
information security risk assessment & risk treatment
Annex A control areas (identity & access, operations, cryptography, supplier security, monitoring, etc.)
conformity determination
assessment of control effectiveness
evidence types and audit trails specific to security
The focus is on auditing systems as they truly operate—not as they appear in documentation.
This specialisation applies internal audit principles specifically to ISO/IEC 27001. Participants learn how to evaluate ISMS governance, risk management, control implementation and operational practices.
The domain module covers:
ISMS scope and boundaries
information security risk assessment & risk treatment
Annex A control areas (identity & access, operations, cryptography, supplier security, monitoring, etc.)
conformity determination
assessment of control effectiveness
evidence types and audit trails specific to security
The focus is on auditing systems as they truly operate—not as they appear in documentation.
Modular architecture
Module recognition across tracks
Previously completed modules are recognized, avoiding duplication when pursuing additional Halderstone tracks.
Core Modules
Specialization Modules
Capstone Project
Final Exam
Core Modules
Specialization Modules
Capstone Project
Final Exam
Core Modules
Specialization Modules
Capstone Project
Final Exam
Most auditing modules in this track are shared with Halderstone’s Quality and Environmental auditor programmes. By completing only the relevant domain-specific modules, participants can earn additional internal auditor specialisations without repeating core audit training. This modular approach is particularly suitable for auditors in integrated management systems.
Track composition
Track composition
Track composition
Full curriculum
Core modules
Shared foundations common to all tracks
System Foundations
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations
Understand organisational context, stakeholders, and system boundaries
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Objectives & Performance Foundations
Learn the fundamentals of objective setting, KPI definition, and KPI governance for management systems
7 h
Objectives & Performance Foundations
Learn the fundamentals of objective setting, KPI definition, and KPI governance for management systems
7 h
Objectives & Performance Foundations
Learn the fundamentals of objective setting, KPI definition, and KPI governance for management systems
7 h
Management Review Foundations
Learn the fundamentals of planning, conducting, and documenting management reviews using integrated inputs and decision-focused outputs
7 h
Management Review Foundations
Learn the fundamentals of planning, conducting, and documenting management reviews using integrated inputs and decision-focused outputs
7 h
Management Review Foundations
Learn the fundamentals of planning, conducting, and documenting management reviews using integrated inputs and decision-focused outputs
7 h
Improvement Management
Understand corrective actions, root cause analysis, action tracking, and effectiveness verification in management systems
7 h
Improvement Management
Understand corrective actions, root cause analysis, action tracking, and effectiveness verification in management systems
7 h
Improvement Management
Understand corrective actions, root cause analysis, action tracking, and effectiveness verification in management systems
7 h
Audit Foundations
Core audit mindset, evidence logic, materiality-based focus, and audit test plan design.
7 h
Audit Foundations
Core audit mindset, evidence logic, materiality-based focus, and audit test plan design.
7 h
Audit Foundations
Core audit mindset, evidence logic, materiality-based focus, and audit test plan design.
7 h
Audit Execution: Communication & Interviewing
Interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure.
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure.
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure.
7 h
Audit Programme Management
Understand audit programme governance, risk-informed audit portfolios, supplier audit integration, resourcing, and programme-level reporting
7 h
Audit Programme Management
Understand audit programme governance, risk-informed audit portfolios, supplier audit integration, resourcing, and programme-level reporting
7 h
Audit Programme Management
Understand audit programme governance, risk-informed audit portfolios, supplier audit integration, resourcing, and programme-level reporting
7 h
Supplier Audit Execution
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
7 h
Supplier Audit Execution
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
7 h
Supplier Audit Execution
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
7 h
Third-party Auditing Context
Understand the accreditation–certification ecosystem, certification audit lifecycle, impartiality boundaries, and decision interfaces.
7 h
Third-party Auditing Context
Understand the accreditation–certification ecosystem, certification audit lifecycle, impartiality boundaries, and decision interfaces.
7 h
Third-party Auditing Context
Understand the accreditation–certification ecosystem, certification audit lifecycle, impartiality boundaries, and decision interfaces.
7 h
Specialization modules
Role-specific modules that deepen your expertise in ISO/IEC 27001 Internal Auditing
Information Security Foundations I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
7 h
Information Security Foundations I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
7 h
Information Security Foundations I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
7 h
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
7 h
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
7 h
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
7 h
Capstone project and final exam
Practical and theoretical demonstration of your acquired competence in ISO/IEC 27001 Internal Auditing
The track concludes with:
a written examination covering ISO/IEC 27001 requirements, audit principles and evidence evaluation, and
a practical audit assignment in which participants audit selected ISMS processes or Annex A control areas, gather evidence, classify findings and present recommendations.
Successful participants receive the Halderstone Professional Certificate in Internal Auditing and the Halderstone Specialist Certificate in ISO/IEC 27001 Internal Auditing.
Continuous learning
Other tracks
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.