Information Security

Series of courses: Information Security Auditor acc. to ISO 27001


The Series of Courses "Information Security Auditor" is the ideal supplement for trained IS Managers. As an auditor, you can conduct all internal audits yourself and optimally prepare a company for external audits by using the methods imparted in the course.

As an IS Auditor, you are the “top instance” for Information Security Management Systems (ISMS) within the company. You will review information security for its conformity to the standard and elaborate opportunities for improvement before the CIS Certificate acc. to ISO/IEC 27001 is granted or prolonged. Internal audits stand the test as powerful tools to sustainably increase profitability and efficiency of the ISMS.

CIS is accredited for personnel certification by the Austrian Ministry for Economic Affairs. This means the Certificates for Individuals are documents recognized on a national and international scale.


The training for IS Auditors is made up of two modules:

  • Technical entrance examination
  • Module 1: audit techniques
  • Module 2: psychological bases for IS Auditors
  • Examination IS Auditor

In order to be allowed to participate, you need a valid Certificate as an IS Manager. Thus a high qualification level of the auditors is guaranteed. The training opens up any kind of job opportunities in a growing market. The technical entrance examination will take place after the examination for IS Managers.

Technical entrance examination

Guarantee for a high level of education

The technical entry exam takes place after the Information Security Manager exam or by individual arrangement.

Appointments upon request. Please contact us at


2 hours

Module 1 – Audit techniques

Internal audits as a powerful tool for system improvement


The content of this Course module is the theory of conducting internal and external audits based on the audit process according to ISO/IEC 19011.

This includes

  • relevant terms and definitions as well as
  • the process steps from the Plan-Do-Check-Act cycle.

Based on examples from ISO 27007:2020 we will transition from theory to practice.

Goal of the seminar

Participants will be able to plan and conduct audits, document the results, and evaluate and improve the audit process. Zudem kennen die Teilnehmer die einzelnen Schritte des Auditprozesses und können diese an die Organisation und das ISMS anpassen. Die relevanten dokumentierten Informationen wie Auditprogramm, Auditplan, Checkliste, Auditbericht sind bekannt und können erstellt werden. Die Audits können durchgeführt werden und durch entsprechend qualifizierte Kommunikationstechniken werden die notwendigen Informationen gesammelt, bewertet und an die Auftraggeber berichtet.


1 day

Module 2 Psychological bases for IS Auditors:

Between examiner and developer; thinking systemically; communicating effectively


At an audit, auditors have a double challenge. On the one hand, they have to act as expert examiners. On the other hand, they have to act as foresighted development agents, who set important impulses for further development of the ISM System. Auditors are in contact with the top managerial level as well as operational management. Besides expert knowledge, auditors need a high social competence, the capability of thinking in an interlinked manner, identifying cross-departmental system interrelations as well as insights into the basic rules of communication. At this seminar, theory and practice supplement each other harmoniously: The second day of the training is particularly devoted to training using role playing with video feedback.

Goal of the seminar

The participants practice thinking in system interrelations, know an auditor’s competences and are in command of the basic rules of communication in theory and practice.


2 days

Examination IS Auditor

Contents of the examination:

The contents of the examination refer to the two CIS Course Modules

  • Audit techniques
  • Psychological bases for auditors

Admission to examination

The admission conditions for each examination are stated in the CIS - course content. Registration to an examination will have to be done in writing with CIS, compliance with the admission conditions having to be demonstrated by the person applying for the Certificate. If the person applying for the Certificate has attended the trainings within the qualification programs of CIS, the trainings will be recognized automatically if the applicant was present at least 80% of the period covered by the event. If a person applying for the Certificate wants to have other trainings credited, it is necessary to have the equivalence of these trainings with the certification program stated.

For stating this equivalence, a separate written application will have to be filed. A presentation of the trainings completed and a comparison with the requirements placed by the certification program will have to be enclosed to this application. The respective requirements can be requested from the Certification Body.

For reviewing conformity to the certification program and topicality of the references provided by the person applying for the Certificate, a qualification check will be made. This check is made up of oral technical discussions lasting 30 to 60 minutes and will be carried.

Further admission to examination

  • technical entrance examination
  • valid CIS Certificate “IS Manager”
  • evidencing 4 years’ job experience, with 2 years in the field of information security
  • 4 IS Audits that have been conducted/accompanied

Auditor Candidate

Even if no practical experience can be evidenced, participation in the examination is possible. In this case, you will get the status Auditor Candidate until adequate evidence is furnished within 3 years.

Conduct of the examination

The written examination (multiple choice) will take 1 hour.


Upon positive completion of the examination, the Certificate “IS Auditor acc. to ISO/IEC 27001” will be issued. If no audit experience is evidenced, “Candidate” will be added.

Period of validity of the Certificate

3 years

Prolongation criteria

  • evidencing 3 years’ job experience in information security management
  • evidencing 4 IS Audits with at least 20 audit days have been conducted
  • one CIS Further Training Event (Refresher course) within 3 years
Dates of the series of courses

07. - 09. June 2022, Vienna

21. - 23. November 2022, Vienna

Participation fee

The participation fee for the entire Information Security Auditor course series, including examination and certificate, is € 3.060,- (excl. 20 % VAT).

Prices for individual modules on inquiry. Please contact us at

Structure of series of courses Information Security Auditor acc. to ISO 27001

Single modules are offered after request

We look
forward to
hearing from

Write to us!

Do you have specific inquiries about the CIS service portfolio? Our experts will be happy to provide you with advice and support at any time!

Our expert

Impartial. Competent. Trustworthy.


Mr. Herfried Geyer

Network partner for ISO 20000 and ISO 27001

+43 732 34 23 22