IRCA ISO 27001 Lead Auditor

The aim of this course is to provide delegates with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO 17021, as applicable. Based on practical exercises, the participant will develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to the efficient conducting of an audit.

Quote a Price

About ISO/IEC 27001

Internationally recognized ISO/IEC 27001 is an excellent framework that helps organizations manage and protect their information assets so that they remain safe and secure. It helps you to continually review and refine the way you do this, not only for today but also for the future. That’s how ISO/IEC 27001 protects your business, your reputation and adds value.

During this training, the participant will acquire the skills and knowledge needed to proficiently plan and perform audits compliant with the certification process of the ISO/IEC 27001:2013 standard. Based on practical exercises, the participant will develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to the efficient conducting of an audit.

This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures, and techniques.

Course objectives

  • Understand the relationship between ISO27001, ISO 27000, ISO 27002, ISO 27003, ISO 17021, and ISO 19011
  • Understand the purpose of information security management systems, PDCA, and the 7 management principles
  • Understand the principles and methods of performing process-based audits against ISO 27001
  • Understand the roles and responsibilities of an auditor and a lead auditor
  • Have used ISO 19011 to prepare, perform and lead an audit
  • Have evaluated and reported audit findings and addressed effective follow-up activities

WHO SHOULD TAKE THE COURSE?

This course is specially designed for:

  • Members/supporting personnel of the Information Security Management Team who have a responsibility to audit/implement/improve an information security management system;
  • All ISMS auditors who wish to acquire an internationally recognized auditor status
  • Any other personnel who wish to advance their career in management systems, irrespective of discipline

Prerequisite:

Students are expected to have prior knowledge on the following subjects:

  • Management systems: Understand the Plan-Do-Check-Act (PDCA) cycle;
  • Information security management principles and concepts: awareness of the need for information security; the assignment of responsibility for information security; incorporating management commitment and the interests of stakeholders; enhancing societal values; using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk; incorporating security as an essential element of information networks and systems; the active prevention and detection of information security incidents; ensuring a comprehensive approach to information security management; continual reassessment of info. security and making of modifications as appropriate
  • Knowledge on ISO/IEC 27001 requirements (and ISO/IEC 27002) may be gained by completing a CQI IRCA Certified ISMS Foundation Training course or equivalent.

COURSE CONTENT

Day 1: Introduction to Information Security Management System (ISMS) concepts as required by

  • ISO 27001
  • Normative, regulatory, and legal framework related to information security
  • Fundamental principles of information security
  • ISO 27001 certification process
  • Information Security Management System (ISMS)
  • Detailed presentation of the clauses 4 to 8 of ISO27001

Day 2: Planning and Initiating an ISO 27001 audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO 27001 certification audit
  • ISMS documentation audit
  • Conducting an opening meeting

Day 3: Conducting an ISO 27001 audit

  • Communication during the audit
  • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Audit test plans
  • Formulation of audit findings
  • Documentation nonconformities

Day 4: Concluding and ensuring the follow-up of an ISO 27001 audit

  • Audit documentation
  • Quality review
  • Conducting a closing meeting and conclusion of an ISO 27001 audit
  • Evaluation of corrective action plans
  • ISO 27001 Surveillance audit
  • Internal audit management program

Day 5

  • Hand in homework: Audit report
  • Final questions/revision
  • Evaluation
  • Introduction to the exam
  • Exam
  • Reflection & feedback

Course Highlights

  • ISO 27001 certification process
  • Preparation of an ISO 27001 certification audit
  • Communication during the audit
  • Quality review
  • ISO 27001 Surveillance audit
  • Detailed presentation of the clauses 4 to 8 of ISO27001

Get Quote