Information Security

Series of courses: Information Security Auditor acc. to ISO 27001

| 3 days Events


The Series of Courses "Information Security Auditor" is the ideal supplement for trained IS Managers. As an auditor, you can conduct all internal audits yourself and optimally prepare a company for external audits by using the methods imparted in the course.

As an IS Auditor, you are the “top instance” for Information Security Management Systems (ISMS) within the company. You will review information security for its conformity to the standard and elaborate opportunities for improvement before the CIS Certificate acc. to ISO/IEC 27001 is granted or prolonged. Internal audits stand the test as powerful tools to sustainably increase profitability and efficiency of the ISMS.

This includes your personal copy of the official norm ISO 19011.


After attending this series of courses, you will be able to plan and conduct both internal and external audits and analyze their results. You will be able to identify any weaknesses and potential for improvement and evaluate them. Furthermore, you will be able to apply the basic rules of communication in theory and practice and to think in systemic contexts.


CIS is accredited for personnel certification by the Austrian Ministry for Economic Affairs. This means the Certificates for Individuals are documents recognized on a national and international scale.

Content & Sequence of the series of course

The training for IS Auditors lasts 3 days and is made up of two modules:

  • Technical entrance examination
  • Module 1: audit techniques
  • Module 2: psychological bases for IS Auditors
  • Examination IS Auditor

Day 1: Audit techniques: Internal audits as a powerful tool for system improvement (ISAT)
Day 2+ 3: Psychological basics: Between auditor and developer. Think systemically, communicate effectively. (ISAP)
Day 3 includes the Information Security Auditor (ISA-P) exam, duration approx. 1 hour.

In order to be allowed to participate, you need a valid Certificate as an IS Manager. Thus a high qualification level of the auditors is guaranteed. The training opens up any kind of job opportunities in a growing market. The technical entrance examination will take place after the examination for IS Managers.

Before the start of the training, a technical entrance examination as a guarantee of a high level of training (ISATE-P), duration approx. 2 hours, must be passed. These exams take place according to individual agreement.

Structure of series of courses Information Security Auditor acc. to ISO 27001

Single modules are offered after request

Technical entrance examination

Guarantee for a high level of education

The technical entry exam takes place after the Information Security Manager exam or by individual arrangement.

Appointments upon request. Please contact us at


2 hours

Module 1 – Audit techniques

Internal audits as a powerful tool for system improvement


The content of this Course module is the theory of conducting internal and external audits based on the audit process according to ISO/IEC 19011.

This includes

  • relevant terms and definitions as well as
  • the process steps from the Plan-Do-Check-Act cycle.

Based on examples from ISO 27007:2020 we will transition from theory to practice.

Goal of the seminar

Participants will be able to plan and conduct audits, document the results, and evaluate and improve the audit process. Moreover participants know every step of the audit process and can customize these steps according to an organization or ISMS. They know their way around relevant documented information as for example audit programme, audit plan, checklist, audit report. Audits may be conducted and necessary information may be gathered, processed and reported by means of qualified communication techniques.


1 day

Module 2 Psychological bases for IS Auditors:

Between examiner and developer; thinking systemically; communicating effectively


At an audit, auditors have a double challenge. On the one hand, they have to act as expert examiners. On the other hand, they have to act as foresighted development agents, who set important impulses for further development of the ISM System. Auditors are in contact with the top managerial level as well as operational management. Besides expert knowledge, auditors need a high social competence, the capability of thinking in an interlinked manner, identifying cross-departmental system interrelations as well as insights into the basic rules of communication. At this seminar, theory and practice supplement each other harmoniously: The second day of the training is particularly devoted to training using role playing with video feedback.

Goal of the seminar

The participants practice thinking in system interrelations, know an auditor’s competences and are in command of the basic rules of communication in theory and practice.


2 days

Examination IS Auditor

Contents of the examination:

The contents of the examination refer to the two CIS Course Modules

  • Audit techniques
  • Psychological bases for auditors

Admission to examination

The admission conditions for each examination are stated in the CIS - course content. Registration to an examination will have to be done in writing with CIS, compliance with the admission conditions having to be demonstrated by the person applying for the Certificate. If the person applying for the Certificate has attended the trainings within the qualification programs of CIS, the trainings will be recognized automatically if the applicant was present at least 80% of the period covered by the event. If a person applying for the Certificate wants to have other trainings credited, it is necessary to have the equivalence of these trainings with the certification program stated.

For stating this equivalence, a separate written application will have to be filed. A presentation of the trainings completed and a comparison with the requirements placed by the certification program will have to be enclosed to this application. The respective requirements can be requested from the Certification Body.

For reviewing conformity to the certification program and topicality of the references provided by the person applying for the Certificate, a qualification check will be made. This check is made up of oral technical discussions lasting 30 to 60 minutes and will be carried.

Further admission to examination

  • technical entrance examination
  • valid CIS Certificate “IS Manager”
  • evidencing 4 years’ job experience, with 2 years in the field of information security
  • 4 IS Audits that have been conducted/accompanied

Auditor Candidate

Even if no practical experience can be evidenced, participation in the examination is possible. In this case, you will get the status Auditor Candidate until adequate evidence is furnished within 3 years.

Conduct of the examination

The written examination (multiple choice) will take 1 hour.


Upon positive completion of the examination, the Certificate “IS Auditor acc. to ISO/IEC 27001” will be issued. If no audit experience is evidenced, “Candidate” will be added.

Period of validity of the Certificate

3 years

Prolongation criteria

  • evidencing 3 years’ job experience in information security management
  • evidencing 4 IS Audits with at least 20 audit days have been conducted
  • one CIS Further Training Event (Refresher course) within 3 years
Participation fee

The participation fee for the entire Information Security Auditor course series, including examination and certificate, is € 3.060,- (excl. 20 % VAT).

This includes your personal copy of the official norm ISO 19011.

Prices for individual modules on inquiry. Please contact us at


Prerequisite for exam:

  • Valid CIS certificate "Information Security Manager"
  • Completion of the CIS Information Security Auditor training or equivalent training
  • Proof of 4 years of professional experience, including 2 years in the field of information security
  • 4 completed/accompanied IS audits with a total of at least 20 audit days (incl. preparation and follow-up)


10.03.2025 to 12.03.2025
 3.490,00Regulärer Preis
exklusive 20% MwSt.
26.11.2024 to 28.11.2024
 3.290,00Regulärer Preis
exklusive 20% MwSt.
23.06.2025 to 25.06.2025
 3.490,00Regulärer Preis
exklusive 20% MwSt.
15.09.2025 to 17.09.2025
 3.490,00Regulärer Preis
exklusive 20% MwSt.
17.11.2025 to 19.11.2025
 3.490,00Regulärer Preis
exklusive 20% MwSt.

Please note that deviations from the new course program may arise in terms of content and participation fees.

Our experts for this area

Impartial. Competent. Trustworthy.


Ms. Stefanie Murguia

Head of Personnel Certification and Trainings

+43 1 532 98 90