Overview
Audit all 37 Annex A Clause 5 controls with precision, Assess ISMS organizational policies, governance, and risk alignment, Apply audit techniques using real-world scenarios and checklists, Evaluate supplier, compliance, and incident readiness controls effectively
Information Security Auditors and ISO 27001 Internal Audit Teams, Compliance Officers and GRC Professionals seeking audit expertise, ISMS Managers and Risk Management Consultants, Anyone preparing for ISO 27001 Lead Auditor or Implementer certification
Basic understanding of ISO/IEC 27001:2022 structure and principles, Familiarity with management systems and information security terminology, No prior auditing experience required, but useful for practical application, Optional: access to ISO/IEC 27001:2022 standard for deeper engagement
Are you a cybersecurity auditor, ISO 27001 professional, or compliance officer looking to master the audit of ISO/IEC 27001:2022 organizational controls? This course gives you a step-by-step, practical approach to auditing all 37 controls in Annex A Clause 5, which focuses on the organizational domain of information security.
“Auditing ISO 27001:2022 – Organizational Controls” is the first course in a four-part series that fully covers ISO 27001:2022 Annex A. You will learn how to plan, perform, and document audits for controls related to governance, information security policies, risk management, compliance, supplier relationships, and more.
Through professionally structured content, this course includes:
Clear explanations of all 37 Clause 5 controls grouped into logical audit domains
Detailed audit checklists for each control, ready for real use
Scenario-based walkthroughs using our model company, InfoSure Ltd.
Assignments and case studies that strengthen practical auditing skills
Slide notes with 300–350 word auditor-centric narratives for advanced learning
Each control is presented using a consistent structure:
Control explanation
Auditor checklist
Application to InfoSure Ltd.
Hands-on assignment
Whether you're an internal auditor, lead auditor, or ISO consultant, this course provides the methodology, tools, and documentation techniques required to conduct thorough, effective ISO 27001 audits. You’ll learn to spot compliance gaps, interview stakeholders, request evidence, and report findings with confidence.
By the end of this course, you’ll be able to plan and perform audits of ISO 27001 Clause 5 organizational controls with a high level of assurance and accuracy. You’ll also be better prepared to integrate Clause 5 audits into your larger ISMS internal audit program.
Dr. Amar Massoud
PhD in computer science and IT manager with 35 years technical experience in various fields including IT Security, IT Governance, IT Service Management , Software Development, Project Management, Business Analysis and Software Architecture. I hold 80+ IT certifications such as :
ITIL 4 Master, ITIL 3 Expert
ISO 27001 Auditor, ComptIA Security+, GSEC, CEH, ECSA, CISM, CISSP, CISA
PGMP, MSP
PMP, PMI-ACP, Prince2 Practitioner, Praxis, Scrum Master
COBIT 2019 Implementor, COBIT 5 Assessor/Implementer
TOGAF certified
Lean Specialist, VSM Specialist
PMI RMP, ISO 31000 Risk Manager, ISO 22301 Lead Auditor
PMI-PBA, CBAP
Lean Six Sigma Black Belt, ISO 9001 Implementer
Azure Administrator, Azure DevOps Expert, AWS Practitioner
And many more.