Information Security Representative and Internal Auditor ISO 27001:2023 Training

Knowing the standard alone
is not enough.
You need to know how to manage it and audit it.

This training prepares participants to perform the Information Security Representative role in practice and to conduct internal audits based on ISO 27001:2023 and ISO 19011:2018. We combine standard requirements, organisational practice and audit methodology so that participants not only understand the standard, but can also translate it into decisions, oversight and effective action within the business.

Ask about the training
ISO 27001:2023 and ISO 19011:2018 in practice
Preparation for the Information Security Representative role
Internal Auditor competence
Training completed with a certificate
Identifying the need

Why do organisations
need stronger information security competence?

The standard is known, but implementation is the harder part

In many organisations, the issue is not access to ISO 27001 requirements. The real challenge is that no one can translate them into actual responsibilities, security controls, risk oversight and day-to-day accountability for the information security management system.

The representative role is often formal rather than effective

Organisations appoint a person responsible for information security, but without proper preparation it is difficult for that person to coordinate activities, support management and maintain the real effectiveness and development of the system.

Internal audits do not deliver their full value

An audit should not be limited to ticking off requirements. Without audit techniques, knowledge of ISO 19011 and the ability to properly assess the information security system, the organisation loses an important tool for improvement and control.

Difficult audit situations require maturity, not improvisation

Speaking with auditees, responding to resistance, asking the right questions and formulating findings require not only knowledge of the standard, but also communication skills and practical preparation.

Audit competence is not built deliberately

Without understanding roles, competence levels, auditor evaluation principles and the logic of building an audit team, it is difficult to create an audit system that genuinely supports information security, cybersecurity and privacy protection.

Weak information security competence costs more than it first appears

Incorrect interpretation of requirements, weak auditing, poor risk control, unclear accountability and weak oversight of legal requirements reduce system effectiveness and increase organisational and reputational risk.

Training approach

We train in a way
that enables participants to take action

This is not training focused on ISO 27001 theory alone. We design the programme so that participants understand the standard requirements, can operate effectively in the representative role, prepare an audit, conduct audit discussions and respond appropriately in real organisational situations. As a result, the training strengthens not only knowledge, but also independence and practical effectiveness.

Training scope

  • ISO 27001:2023 requirements in the context of manufacturing and service organisations
  • The role, responsibilities and practical challenges of the Information Security Representative
  • ISO 19011:2018 requirements for auditing management systems
  • Competence and responsibilities of the Internal Auditor, Lead Auditor and Supplier Auditor
  • Building the audit team, competence development, auditor evaluation and oversight of auditor performance
  • Audit techniques, audit communication and responding in difficult situations
  • The most common audit mistakes and management of legal requirements, e.g. GDPR

What you gain

  • Readiness for the role: participants gain a clearer understanding of the responsibilities of the Information Security Representative and are better prepared to perform this role in a real organisational environment.
  • Audit competence and authority: the training prepares participants to conduct internal audits and supplier audits in a more structured and informed way.
  • Practical understanding of the standards: participants learn how to interpret ISO 27001 and ISO 19011 requirements in relation to specific situations involving information security, cybersecurity and privacy protection.
  • Stronger audit communication: the team gains greater confidence in conducting discussions, formulating findings and responding in difficult moments during the audit.
  • Greater system effectiveness: the organisation gains people who can support the information security management system not only formally, but also operationally and developmentally.
  • Confirmation of participation: after completing the training, each participant receives a personal certificate and training materials.
Start the conversation

Ask about training
for your organisation

Leave your contact details. Our process engineer will call you back within 24 hours, conduct a short needs review and prepare a training proposal tailored to the size and needs of your company.

Direct contact +48 664 971 992

BBQuality Sp. z o.o. is the data controller. We guarantee 100% confidentiality.