What’s included

• Training included (format varies by course)
• Official course materials (page count varies by course)
• Online proctored exam included (taken remotely at your convenience)
• Exam and certification fees included
• Certificate/attestation of completion with CPD credits (credits vary by course)
• Free exam retake within 12 months if you don’t pass on the first attempt

See course details below for format, CPD credits, and page count.

Why

The ISO/IEC 27701 Lead Auditor training course is designed to support the development of skills needed to audit a privacy information management system (PIMS) based on ISO/IEC 27701:2025 by applying widely recognized audit principles, procedures, and techniques.

Why should you attend?

During this training course, participants will learn to plan and carry out audits in compliance with ISO 19011, ISO/IEC 17021-1, and ISO/IEC 27706. Additionally, participants will acquire knowledge on audit techniques and become competent to manage an audit program.

Most importantly, this training course provides guidance on auditing the clauses of ISO/IEC 27701:2025, as well as the privacy controls for PII controllers and PII processors. It explains how to evaluate their implementation and effectiveness, as well as how to assess the organization’s ability to maintain, monitor, and continually improve its PIMS.

After completing this training course, you can sit for the exam and, if you successfully pass the exam, you can apply for the “PECB Certified ISO/IEC 27701 Lead Auditor” credential. The internationally recognized PECB Lead Auditor certificate proves that you have the capabilities and competences to audit organizations based on best practices.

Who

Who should attend?

This training course is intended for:

• Auditors seeking to perform and lead PIMS certification audits
• Managers or consultants seeking to master a PIMS audit process
• Individuals responsible for maintaining conformance with PIMS requirements
• Technical experts seeking to prepare for a PIMS audit
• Expert advisors in the protection of PII

Objectives

By the end of this training course, participants will be able to:

• Explain the fundamental concepts and principles of a privacy information management system (PIMS) based on ISO/IEC 27701
• Interpret the ISO/IEC 27701 requirements for a PIMS from the perspective of an auditor
• Evaluate the PIMS conformity to ISO/IEC 27701 requirements, in accordance with the fundamental audit concepts and principles
• Plan, conduct, and close an ISO/IEC 27701 compliance audit, in accordance with ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other best practices of auditing
• Manage an ISO/IEC 27701 audit program

Approach

• This training course is based on both theory and best practices used in PIMS audits

• Participants are strongly encouraged to interact with one another, exchange ideas, and actively participate in discussions.
• The quiz structure within the course closely mirrors that of the certification exam, ensuring participants are well-prepared for the exam.

PECB offers various training course delivery formats, from traditional classroom settings to modern, technology-driven solutions. To learn more about these formats, please click here.

Prerequisites

A fundamental understanding of information security and privacy and a comprehensive knowledge of audit principles are required to attend this training course.

Agenda

Day 1: Introduction to Privacy Information Management System (PIMS) and ISO/IEC 27701

Day 2: Audit principles and the preparation for and initiation of an audit

Day 3: On-site audit activities

Day 4: Closing the audit

Day 5: Certification exam

Examination

The “PECB ISO/IEC 27701 Lead Auditor” exam fully meets the PECB Examination and Certification Program (ECP) requirements. It covers the following competency domains:

Domain 1: Fundamental principles and concepts of a Privacy Information Management System (PIMS)

Domain 2: Privacy Information Management System (PIMS) requirements

Domain 3: Fundamental audit concepts and principles

Domain 4: Preparing an ISO/IEC 27701 audit

Domain 5: Conducting an ISO/IEC 27701 audit

Domain 6: Closing an ISO/IEC 27701 audit

Domain 7: Managing an ISO/IEC 27701 audit program

For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification

After passing the exam, you can apply for one of the credentials in the table below. You will receive a certificate once you fulfill all the requirements of the selected credential.

The certification requirements for ISO/IEC 27701 Lead Auditor are:

Professional credential	Exam	Professional experience	PIMS audit/assesment experience	Other requirements
ISO/IEC 27701 Provisional Auditor	ISO/IEC 27701 Lead Auditor	None	None	Signing the PECB Code of Ethics
ISO/IEC 27701 Auditor		2 years (1 in privacy management)	200 hours
ISO/IEC 27701 Lead Auditor		5 years (2 in privacy management)	300 hours
ISO/IEC 27701 Senior Lead Auditor		10 years (7 years in privacy management)	1000 hours

 

The audit activities should follow best practices and include the following:

• Planning an audit
• Preparing audit working papers or test plans
• Reviewing documented information
• Conducting opening and closing meetings
• Conducting audit interviews
• Collecting and analyzing audit evidence
• Documenting nonconformities
• Preparing audit reports
• Following up on nonconformities
• Leading an audit team
• Managing an audit program

For more information about the PECB certification process, please refer to Certification Rules and Policies.

CPD Credits

• Certificate and examination fees are included in the price of the training course.
• Participants will receive more than 400 pages of comprehensive training materials, including practical examples, exercises, and quizzes.
• Participants who have attended the training course will receive an attestation of course completion worth 31 CPD (Continuing Professional Development) credits.
• Candidates who have completed the training course with one of our partners and failed the first exam attempt are eligible to retake the exam for free within a 12-month period from the course completion date, because the fee paid for the training course includes a first exam attempt and one retake. Otherwise, retake fees apply.