ISO 27001:2013 Information Security Management System Internal Auditor Course

My Offerings


Information security management systems (ISMS) are intended to provide organisations with the elements of an effective information security system in order to achieve the best practice in information security and to maintain economic goals. ISO 27001 also provides requirements for ISMS to enable an organisation to establish, implement, operate, monitor, review, maintain and improve a documented ISMS within the context of the organisation’s overall business risks. This course will equip delegates with knowledge and skills required to perform audits of information security management systems against the national and international specifications, standards, statutory requirements and regulations

  1.  Introduction to information security management systems
  2.  Process-based ISMS
  3.  Audit definition and principles
  4.  Planning and preparing for the internal audit
  5.  On-site audit activities
  6.  Audit reporting and follow-up
  7.  Auditor competence and certification


Mr. Chris YAU 

Senior Manager, Products and Services Development, SGS Approved Tutor

He is an EuroCloud-Star Auditor and Trainer, Certified CSA STAR Auditor, 

RABQSA registered ISO/IEC 27001 Lead Auditor, Certified Information Security Auditor (CISA) and Certified Information Security Manager (CISM) with over 15 years of security-related audit and teaching experience including information security in both manufacturing and IT sectors, cargo and freight security. He is also a lead auditor in ISO 9001, ISO 14001, ISO 28000, and ISO 20000. 

Ms. Rani LUI 

IT Product Manager, HK and Macao Area

She is an ISO/IEC 27001 and ISO 9001 Lead Auditor, a Certified Information Security  Auditor (CISA) and a Certified Data Centre Professional (CDCP). She has been managing and auditing data centres since 2008. 
(SGS Hong Kong Ltd. reserves the right of final tutor arrangement)


CERTIFICATION (Attendance: 80%):
Delegates who successfully completed the course will be issued a certificate by SGS Hong Kong Limited.

Venue: T.S.T. / Wan Chai / Sheung Wan Training Centre / TBC 
Medium: Cantonese supplemented with English material

*Early Bird Price will be offered to participant whose enrolment is made one month prior to the course or online booking

REMARK: This course does not cover interpretation of ISO 27001:2013 requirements. Delegates who are not familiar with the requirements should attend (ITFTC) Information Security Management System Series: ISO 27001:2013 – Standard Interpretation and Requirement Training Course first.


  • How to plan an ISMS audit
  • How to audit aspects of an information security management system
  • How to report a ISMS audit accordance with ISO 19011


Those who audit an organization's processes as part of the internal audit program

View Details


2 days

System is currently experiencing issues and we are working on a solution. If you encounter an error, please come back shortly and try again.