This course will provide you with the knowledge and skills required to perform first, second and third-party audits of Information Security Management Systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO/IEC 17021, as applicable.
Are you already a CQI and IRCA Certificated Lead Auditor (or acceptable alternative) in a management system other than information security management?
Do you already have good knowledge of ISO/IEC 27001:2022 Information Security Management Systems (ISMS) requirements, and the key principles of an ISMS? If so, this course is for you.
Using a step-by-step approach, you’ll be guided through auditing an organization’s processes in relation to ISO/IEC 27001 and, over three days, you’ll gain the knowledge and skills required to undertake and lead a successful ISMS audit. You’ll acquire the knowledge and skills to plan, conduct, report and follow-up an ISMS audit that establishes conformity and enhances overall information security performance.
How will I benefit?
This course will help you:
- Identify the aims and benefits of an ISO/IEC 27001:2022 audit
- Interpret ISO/IEC 27001:2022 requirements for audit application
- Plan, conduct and follow-up auditing activities that add real value
- Grasp the application of risk-based thinking, leadership and process management
- Access the latest auditor techniques and identify appropriate use
- Build stakeholder confidence by managing audit processes in line with the latest requirements
- Meet training requirements for CQI and IRCA certification
Who should attend?
Anyone with the need to audit an organization’s processes in relation to ISO/IEC 27001:2022, and has met the prerequisites for attending.
What will I learn?
On successful completion, you’ll have the knowledge and skills to:
Knowledge:
Explain the purpose and benefits of an information security management system and of information security management systems standards
Skills:
Plan, conduct, report and follow-up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) and in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate)
What is included?
On completion, you’ll be awarded a CQI and IRCA certified training course certificate.
Prerequisites
You are expected to have the following prior knowledge:
a. Management systems
Understand the Plan, Do, Check, Act (PDCA) cycle
b. Information security management
Knowledge of the information security management principles:
- Awareness of the need for information security
- Assignment of responsibility for information security
- Incorporating management commitment and the interests of stakeholders
- Enhancing societal values
- Risk assessments determining appropriate controls to reach acceptable levels of risk
- Security incorporated as an essential element of information networks and systems
- Active prevention and detection of information security incidents
- Ensuring a comprehensive approach to information security management
- Continual reassessment of information security and making modifications as appropriate
c. ISO 27001
Knowledge of the requirements of ISO/IEC 27001:2022 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000. **The course examination can cover the requirements of ISO 27001, and these are not covered during this course.
d. Management system audit
Knowledge of management systems audit through satisfactory completion of a CQI and IRCA Certified (or the acceptable alternative) Lead Auditor Training course in another discipline. **Delegates will be asked to provide a copy of their Lead Auditor training course certificate as evidence of their qualification, prior to attending this course
If you have not successfully completed a CQI and IRCA Certified (or acceptable alternative) Lead Auditor Training Course in another discipline, you’re unlikely to complete this 24 hour course successfully and will find the 40 hours ISO/IEC 27001:2022 Lead Auditor (ISMS) Training Course more appropriate.