Are you already a CQI and IRCA Certificated Lead Auditor (or acceptable alternative) in a management system other than information security management?
Do you already have good knowledge of ISO/IEC 27001:2022 Information Security Management Systems (ISMS) requirements, and the key principles of an ISMS? If so, this course is for you.
Using a step-by-step approach, you’ll be guided through auditing an organization’s processes in relation to ISO/IEC 27001 and, over three days, you’ll gain the knowledge and skills required to undertake and lead a successful ISMS audit. You’ll acquire the knowledge and skills to plan, conduct, report and follow-up an ISMS audit that establishes conformity and enhances overall information security performance.
How will I benefit?
This course will help you:
- Identify the aims and benefits of an ISO/IEC 27001:2022 audit
- Interpret ISO/IEC 27001:2022 requirements for audit application
- Plan, conduct and follow-up auditing activities that add real value
- Grasp the application of risk-based thinking, leadership and process management
- Access the latest auditor techniques and identify appropriate use
- Build stakeholder confidence by managing audit processes in line with the latest requirements
- Meet training requirements for CQI and IRCA certification
Who should attend?
Anyone with the need to audit an organization’s processes in relation to ISO/IEC 27001:2022, and has met the prerequisites for attending (see below).
Prerequisites:
You are expected to have the following prior knowledge:
Management systems
Understand the Plan, Do, Check, Act (PDCA) cycle
Information security management
Knowledge of the information security management principles:
- Awareness of the need for information security
- Assignment of responsibility for information security
- Incorporating management commitment and the interests of stakeholders
- Enhancing societal values
- Risk assessments determining appropriate controls to reach acceptable levels of risk
- Security incorporated as an essential element of information networks and systems
- Active prevention and detection of information security incidents
- Ensuring a comprehensive approach to information security management
- Continual reassessment of information security and making modifications as appropriate
ISO 27001
Knowledge of the requirements of ISO/IEC 27001:2022 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000. **The course examination can cover the requirements of ISO 27001, and these are not covered during this course.
Management system audit
Knowledge of management systems audit through satisfactory completion of a CQI and IRCA Certified (or the acceptable alternative) Lead Auditor Training course in another discipline. **Delegates will be asked to provide a copy of their Lead Auditor training course certificate as evidence of their qualification, prior to attending this course.
If you have not successfully completed a CQI and IRCA Certified (or acceptable alternative) Lead Auditor Training Course in another discipline, you’re unlikely to complete this 24 hour course successfully and will find the 40 hours ISO/IEC 27001:2022 Lead Auditor (ISMS) Training Course more appropriate.
What will I learn?
On successful completion, you’ll have the knowledge and skills to :
- Explain the purpose and benefits of an information security management system and of information security management systems standards
- Plan, conduct, report and follow-up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) and in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate)
What is included?
- Delegate workbook
- Lunch and refreshment (Applicable for classroom only)
- You’ll sit an exam to test your knowledge and understanding
- On completion, you'll be awarded an IRCA certified training course certificate
