CQI-IRCA ISO/IEC 27001:2022 ISMS Lead Auditor

Course details

CQI-IRCA Certified ISO 27001:2013 Information Security Management System Lead Auditor Course

An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization’s ISMS.
CQI and IRCA Certified ISMS Auditor Training courses will equip the delegates with the knowledge and skills to assess organization’s information security management systems to
ISO 27001.
 
Learning Outcomes

• Understand the application of the information security Management System in the context of ISO 27001
• Understand the relationship between an Information Security Management System, including Risk Management, controls and compliance with the requirements of different stakeholders of the organization.
• Improve the ability to analyze the internal and external environment of an organization, risk assessment and audit decision making in the context of an ISMS.

Who should attend?
This course is for those intending to acquire the competence to audit an organisation's ISMS to meet the requirements of ISO 27001, either as a third or second-party auditor. Successful completion of this course meets the requirement for certification as an Auditor on IRCA's ISMS Scheme. 
 
Course Agenda
Day 1: Introduction to the management of an Information Security Management System based on ISO 27001

• Normative and regulatory and legal framework related to information security
• Fundamental principles in Information Security
• ISO 27001 certification process
• Information Security Management System (ISMS)
• Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard

Day 2: Launching an ISO 27001 audit

• Fundamental audit concepts and principles
• Audit approach based on evidence and on risk
• Preparation of an ISO 27001 certification audit
• Documenting of an ISMS audit
• Conducting an opening meeting

Day 3: Conducting an ISO 27001 audit

• Communication during the audit
• Audit procedures:
• Observation,
• Document review
• Interview
• Sampling techniques
• Technical verification
• Corroboration and evaluation
• Drafting test plans
• Formulation of audit findings
• Drafting of nonconformity reports

Day 4: Closing an ISO 27001 audit

• Audit documentation
• Quality review
• Review of audit notes
• Conducting a closing meeting and conclusion of an ISO 27001 audit
• Evaluation of corrective action plans

Day 5: Surveillance Audit

• Surveillance audit
• Audit management program
• Completion of training
• Course review
• Exam preparation
• IRCA Certificate exam