Show as: Mobile

ISO/IEC 27001:2013 and VDA ISA TISAX Lead Auditor Training for Information Security Management Systems

Training overview
Professional Course
Virtual Classroom
5 day(s)
From 1,795 USD

Start dates
1,795 USD
Inquire for more information

Course description

ISO/IEC 27001:2013 and VDA ISA TISAX Lead Auditor Training for Information Security Management Systems

Omnex is an Exemplar Global Certified TPECS provider for Exemplar Global AU and TL Competency Units. This five-day course has been developed to satisfy the Exemplar Global AU and TL Examination Profiles and, as such, all attendees who successfully pass the exams during this course will achieve a Certificate of Attainment for the following competency units:

  • Exemplar Global-AU
  • Exemplar Global-TL

This course was developed to cover all requirements of the ISO/IEC 27001:2013 standard, as well as provide awareness and understanding of the requirements of the TISAX information security assessment maturity model (ISA released by the VDA) and illustrate important linkages to the controls and requirements from ISO/IEC 27001:2013. The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems - Overview and Vocabulary), Guidance from ISO/IEC 27003:2017 (Information Security Management System Implementation and Guidance), and auditing requirements from both ISO 19011:2018 (Guidelines for Auditing Management Systems) and ISO/IEC 27007:2017 (Guidelines for Information Security Management Systems Auditing). Group exercises and case studies will be used to develop the required skills.

Other topics covered include the auditing process and methodologies, e. g., planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions following the requirements of ISO 19011 and ISO 27007. Auditing case studies to develop skills for identifying nonconformities will be used.

Who should attend?


An understanding of the ISO/IEC 27001:2013 requirements and/or work experience in applying ISO/IEC 27001:2013is recommended.

An understanding of Risk Management for Information Security Management - there is a whitepaper available on the VDA TISAX information portal - is also important.

Who Should Attend

This seminar is primarily designed for lead auditor candidates, but can also be valuable for Information Security Assurance Managers, ISO/IEC 27001:2013 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency in ISO/IEC 27001:2013 and the auditing process for third party auditing.

Training content

Day One

  • Fundamentals of Information Security Management Systems (ISMS)
  • Information Security
  • What is an Information Security Management System (ISMS)
  • The ISO/IEC 270000 Fundamentals and Vocabulary
  • The ISO/IEC 270001 ISMS Described ISO/IEC 27001:2013 Requirements Descriptions
  • ISO/IEC 27001:2013 Clauses
  • Annex A
  • The Process Approach
  • Risk-based Thinking
  • ISMS Risks
  • ISMS Risk Assessment
  • ISMS Risk Treatment
  • ISO/IEC 27001 Clause 4 - Context of the Organization
  • Group Exercise 1: Context of the Organization
  • ISO/IEC 27001 Clause 5 - Leadership
  • ISO/IEC 27001 Clause 6 - Planning
  • Group Exercise 2: Assessing and Evaluating Risk
  • ISO/IEC 27001 Clause 7 - Support
  • ISO/IEC 27001 Clause 8 - Operation
  • ISO/IEC 27001 Clause 9 - Performance Evaluation
  • ISO/IEC 27001 Clause 10 - Improvement
  • ISO/IEC 27001 Annex A
  • Group Exercise 3: Annex A - Required Elements and Risk Treatments

Day Two

  • Understanding ISMS and TISAX Final Exam
  • TISAX Measurement and Analysis
  • Group Exercise 4: TISAX Measurement and Analysis
  • TISAX Controls
  • Information Security Controls
  • Prototype Protection Controls
  • Data Protection Controls
  • VDA ISA TISAX and ISO/IEC 27001 Compared
  • ISO/IEC 27001:2013 Annex A
  • TISAX Overlap with ISO/IEC 27001:2013
  • TISAX Additional Controls not in ISO/IEC 27001
  • TISAX: Trusted Information Security Assessment Exchange
  • Roles Within TISAX
  • Assessment Model: Simplified Group Assessment
  • Assessment Methodology
  • Maturity Model
  • Process Approach to Auditing, Turtle Diagrams, and Audit Trails
  • Audit Guidance, Definitions, and Principles
  • The Audit Program
  • Audit Planning and Preparation including ISO 27007 Guidelines for Information Security
  • Management Systems Auditing
  • Breakout Exercise 1: Writing an Objective and Scope Statement
  • Breakout Exercise 2: Documentation Review
  • Breakout Exercise 3: Creating an Audit Plan

Day Three

  • Performing the Audit
  • Breakout Exercise 4: Performing an Audit
  • Writing Nonconformity Statements
  • Breakout Exercise 5: Writing Nonconformity Statements
  • Closing Meeting
  • Completing the Audit Report
  • Corrective Action and Close-Out
  • Management Systems Auditing Final Exam

Day Four

  • Leading Audit Teams
  • Management System Certification Scheme and Auditor Qualifications
  • Leading Management Systems Audit Teams Mock Audit Case Study

Day Five

  • Review of Audit Process and Audit Management Strategies
  • Leading Management Systems Audit Teams Final Exam
  • Practical Application of Audit Principles and Instructor Interviews

Course delivery details

Course Duration: 5 Days - 8 Hours/day

About Omnex

Omnex, International Consulting, Training and Software Development Organization

Omnex is an international consulting, training and software development organization specializing in management system solutions that elevate the performance of client organizations. Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems. Omnex also...

Read more and show all training delivered by this supplier

Contact this provider

Fill out your details to find out more about ISO/IEC 27001:2013 and VDA ISA TISAX Lead Auditor Training for Information Security Management Systems.

  Contact the provider

  Get more information

  Register your interest

Country *

Contact info

Contact provider

Have a question about this course? Fill out this form and the provider will get in touch with you shortly

Training reviews

No reviews available

Need help with your search? offers a free consultancy service to help compare training for you and your team

Request a free quote

Request a free training quote