Overview
Plan and prepare effectively for ISO/IEC 27001 surveillance audits with a structured, step-by-step framework., Build and maintain scope, evidence registers, risk assessments, and Statements of Applicability for audit readiness., Conduct risk-based internal audits, manage nonconformities, and implement corrective and preventive actions (CAPA)., Apply a practical Surveillance Playbook using the InfoSure Ltd. case study to sustain certification and prepare for recertification.
Information Security Managers, Internal Auditors, Compliance Officers, IT Governance Professionals, and ISMS practitioners preparing for ISO/IEC 27001 surveillance audits.
Understanding of ISO/IEC 27001 is recommended.
This course contains the use of artificial intelligence. Led by Dr. Amar Massoud, a seasoned expert with decades of academic and professional experience, it combines cutting-edge AI support with human insight to deliver content that is precise, practical, and easy to follow. You’ll gain the clarity of structured learning and the confidence of being guided by a recognized authority.
ISO/IEC 27001 certification is only the beginning of the journey. The true challenge lies in maintaining compliance and demonstrating continual improvement through surveillance audits. Many organizations underestimate these audits, treating them as less important than the initial certification. In reality, surveillance audits are rigorous checkpoints—if handled poorly, they can lead to major nonconformities, suspension of certification, or reputational damage.
This course provides a step-by-step roadmap to prepare for and succeed in surveillance audits with confidence. Using the model company InfoSure Ltd., you will learn how to manage scope changes, refresh risk assessments, update the Statement of Applicability (SoA), and build a structured evidence register. You will also master risk-based internal auditing, handling nonconformities with root cause analysis, and implementing corrective and preventive actions (CAPA) that satisfy auditors.
A strong focus is placed on practical deliverables. Each lesson is tied to templates such as audit calendars, evidence registers, KPI dashboards, and CAPA trackers. You will also explore how to run Management Reviews that demonstrate leadership engagement, prepare audit logistics for both on-site and hybrid models, and submit structured post-audit responses. The final part of the course builds a recertification roadmap, ensuring your ISMS matures over the three-year cycle and remains resilient.
By the end of this course, you will be able to:
Plan and execute surveillance audit preparation with structured checklists.
Provide auditors with clear, traceable, risk-based evidence.
Manage suppliers, customers, and third-party risks effectively.
Handle nonconformities and CAPA to demonstrate continual improvement.
Build a reusable Surveillance Playbook to sustain long-term ISO 27001 compliance.
Whether you are an Information Security Manager, Internal Auditor, Compliance Officer, or IT Governance Professional, this course will equip you with the tools and confidence to treat surveillance audits not as stressful events, but as opportunities to prove ISMS maturity and strengthen stakeholder trust.
Dr. Amar Massoud
PhD in computer science and IT manager with 35 years technical experience in various fields including IT Security, IT Governance, IT Service Management , Software Development, Project Management, Business Analysis and Software Architecture. I hold 80+ IT certifications such as :
ITIL 4 Master, ITIL 3 Expert
ISO 27001 Auditor, ComptIA Security+, GSEC, CEH, ECSA, CISM, CISSP, CISA
PGMP, MSP
PMP, PMI-ACP, Prince2 Practitioner, Praxis, Scrum Master
COBIT 2019 Implementor, COBIT 5 Assessor/Implementer
TOGAF certified
Lean Specialist, VSM Specialist
PMI RMP, ISO 31000 Risk Manager, ISO 22301 Lead Auditor
PMI-PBA, CBAP
Lean Six Sigma Black Belt, ISO 9001 Implementer
Azure Administrator, Azure DevOps Expert, AWS Practitioner
And many more.