CPDEquivalent to 24 hours
CERTIFICATESAll delegates will receive a certificate on completion.
A CQI and IRCA certified ISO 27001 ISMS Auditor Conversion training course – Course ID: 2397
The 3-day course includes a simulated audit of an organisation seeking ISO 27001 certification, enabling delegates to put ideas learned into action. Delegates will work as part of an audit team to practise undertaking a risk-based ISMS audit, including:
- planning an ISMS audit
- creating an audit checklist
- conducting a stage 2 ISMS audit
- writing a nonconformity report
Assessment is by continuous evaluation of performance during the course, together with a written examination on the final day.
- auditors who have achieved lead auditor certification in another discipline, for example ISO 9001, and now wish to expand their knowledge to audit an ISMS against ISO 27001:2022
- those with a responsibility for auditing the ISMS, including information security managers, information security consultants and IMS auditors
CQI and IRCA do expect delegates to have prior knowledge of the requirements (clauses) of ISO 27001 before attending this course. Some individuals may find it beneficial to attend our Introduction to ISO 27001 training course. We can offer £100 discount if you book this introductory course together with our ISO 27001 Auditor Conversion training course. To learn more about prior knowledge requirements click here.
Please note that if potential delegates have not previously attended a CQI & IRCA Lead Auditor training course in another discipline, they should view our ISO 27001 Lead Auditor training course rather than this conversion course.
- purpose and benefits of an ISMS
- requirements of ISMS documented information
- auditing a risk assessment
- Annex A – interpreting and auditing the controls
- role of the ISMS auditor
- preparation and conduct of a stage 1 audit
- planning, conducting, reporting and following up a stage 2 audit of an ISMS
- compliance – ISO 17021-1 requirements for certification bodies
- auditing an ISMS in terms of legal compliance
- reporting writing, including nonconformity and audit reports
- explain the purpose and benefits of an ISMS
- plan, conduct, report and follow up an audit of an information security management system
- establish conformity of a management system against ISO 27001 (with ISO/IEC 27002) and in accordance with ISO 19011 and ISO/IEC 17021, as applicable
- verify that the Statement of Applicability (SoA) contains the necessary controls (with reference to Annex A and ISO/IEC 27002)
- evaluate actions to address risks and opportunities
- verify that the risk assessment has criteria for performing information security risk assessments
Delegates who have already successfully completed a CQI and IRCA certified Lead Auditor training course in an alternative discipline will meet the training requirements for certification as an IRCA ISMS Auditor by completing this course.
For Scheduled Training course dates, please select from the Course Dates and Venues table below.
Course dates and venues
Yes, this course is certified by the professional body of CQI and IRCA. This means that we have met stringent requirements for both content and delivery.
Our commitment to employing highly experienced and knowledgeable tutors to help plan content and present classes is central to our approval as a training centre, and provides you with the assurance that you will receive a valuable return on your training investment.
If you are already a lead auditor in another discipline, such as ISO 9001 or ISO 45001, then this course is ideal for extending your auditing knowledge into the world of information security management systems.
If you are not already an auditor in another discipline, and wish to become an auditor of ISMS, there is more appropriate training available.
Our ISO 27001 Internal Auditor training course will teach you all you need to know about auditing your own organisation’s ISMS.
Alternatively, our ISO 27001 Lead Auditor training course will give you the knowledge and skills you are looking for to audit both internal and external ISMS.
You are expected to have some knowledge of the requirements of ISO 27001 to make the most of this training course.
If you have little or no knowledge in this field, you may like to attend our 1-day Introduction to ISO 27001 training course first. If you book the 2 courses together you will be eligible for a £100 discount.
Yes, from March 2023 there is an online exam which you will need to take within 30 days of the end of the course. The exam is set by the CQI and IRCA, and is available on an external portal. You will be sent full instructions on how to access the portal and the format of the exam. We will also provide information during the course to help you achieve success. That includes making use of the practice questions which are available on a separate portal.
This replaces the 2-hour written exam in use up to February 2023.
Regulus|27th Nov, 2023
Trusted Technology Partnership|21st Nov, 2023
Northrop Grumman UK Ltd|27th Sep, 2023
Huber+suhner Polatis Ltd|18th Sep, 2023
Royal Air Force|8th Sep, 2023
Vehicle Certification Agency (VCA)|3rd May, 2023
EDF Energy Ltd|21st Feb, 2023
Amps Ltd|15th Dec, 2022
RAF|30th Nov, 2022
RAF|30th Nov, 2022
Royal Air Force|5th Oct, 2022
Royal Air Force|5th Sep, 2022