About the course

Why should you take this training course?

The ISO 18788 Lead Auditor training enables you to develop the necessary expertise to perform a Security Operations Management System (SOMS) audit by applying widely recognized audit principles, procedures, and techniques. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and the ISO/IEC 17021-1 certification process.

Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

Training done in collaboration with


Course Outlines

Course Agenda

Day 1: Introduction to a Security Operations Management System (SOMS) and ISO 18788

  • Course objectives and structure
  • Standards and regulatory frameworks
  • Certification process
  • Fundamental concepts of Security Operations Management
  • Security Operations Management System (SOMS)

Day 2: Audit principles, preparation and initiation of an audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and risk
  • Initiating the audit
  • Stage 1 audit
  • Preparing the stage 2 audit (on-site audit)

Day 3: On-site audit activities

  • Stage 2 audit (Part 2)
  • Communication during the audit
  • Audit procedures
  • Creating audit test plans
  • Drafting audit findings and non-conformity reports

Day 4: Closing of the audit

  • Audit documentation and quality review
  • Closing the audit
  • Evaluation of actions plans by the auditor
  • Beyond the initial audit
  • Managing an internal audit programme
  • Competence, evaluation and closing the training

Day 5: Certification Exam (3-hours)

The exam complies with the PECB Examination and Certification Program (ECP) requirements. The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of a Security Operations Management System (SOMS)

Domain 2: Security Operations Management Systems (SOMS)

Domain 3: Fundamental audit concepts and principles

Domain 4: Preparation of an ISO 18788 audit

Domain 5: Conducting an ISO 18788 audit

Domain 6: Closing an ISO 18788 audit

Domain 7: Managing an ISO 18788 audit program

Course Details

Duration: Up to 6 months

Starts: Upon Registration

Ends: After Examination

You'll be signed up to our PECB platform KATE where you will have access to all training procedures.

  • Certification fees are included on the exam price
  • Training material containing over 450 pages of information and practical examples will be distributed
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
  • In case of exam failure, you can retake the exam within 12 months for free

Learning Objectives

  • Understand the operations of Security Operations Management Systems (SOMS) based on ISO 18788.
  • Acknowledge the correlation between ISO 18788 and other standards and regulatory frameworks.
  • Understand an auditor’s role in planning, leading and following-up on a management system audit in accordance with ISO 19011.
  • Learn how to interpret the requirements of ISO 18788 in the context of a SOMS audit.

Frequently Asked Questions

What are the prerequisites?

A fundamental understanding of ISO 18788 and comprehensive knowledge of audit principles.

Can I retake an exam?

In case of exam failure, the candidate can retake the exam once for free within 12 months following the initial exam date.

Which Audit Activities are Considered Valid Experience?

  1. Audit planning
  2. Audit interview
  3. Managing an audit program
  4. Drafting audit reports
  5. Drafting non-conformity reports
  6. Drafting audit working documents
  7. Documentation review
  8. On-Site Audit
  9. Follow-up on non-conformities
  10. Leading an audit team

ISO 18788 Lead Auditor – Self-Study


Master the Audit of Security Operations Management System (SOMS) based on ISO 18788

Self-Study Course: €1,000 + VAT