CPDEquivalent to 40 hours
CERTIFICATESAll delegates will receive a certificate on completion.
A CQI and IRCA certified ISO/IEC 27001:2022 Lead Auditor training course (ref: 17293).
This CQI and IRCA certified ISO 27001 Lead Auditor training course explores how auditing an organisation’s information security management system (ISMS) helps to ensure that the system:
- conforms to the organisation’s specification
- meets the requirements of the ISO 27001 information security standard, with reference to ISO 19011 and ISO 17021
- is effectively implemented and maintained.
Created and delivered by information security experts, the ISO 27001 Lead Auditor course equips delegates with the skills and confidence to undertake a full audit, from planning through preparing and reporting to follow up. The interactive course includes workshops and follows a central case study to help reinforce learning.
Students are assessed through continuous evaluation and an exam on the final day of the course. Successful completion will satisfy the training requirements for certification as an IRCA ISMS auditor.
- anyone who wishes to complete first, second and/or third-party ISO 27001 audits onsite and/or remotely
- audit team leaders
- those responsible for implementing and ensuring compliance with ISO 27001, including IT security managers, compliance consultants, cyber security consultants, information assurance professionals, QHSE managers, management systems professionals and existing auditors
- those wishing to gain a recognised ISO 27001 lead auditor certificate
- those seeking to apply to the CQI as an IRCA ISMS auditor
Please note that CQI and IRCA expect delegates attending this ISO 27001 Lead Auditor training course to have prior knowledge of the requirements (clauses) of ISO 27001. Some individuals may find it beneficial to attend our Introduction to ISO 27001 training course.
Click here to learn more about prior knowledge requirements.
- background and overview of ISO 27001 and other information security standards (ISO 27000 Family)
- ISO 27001 Annex A controls
- an introduction to auditing against ISO 27001 and the auditor’s role
- the role of management in reviewing risk and the effectiveness of the ISMS
- planning and managing an ISMS audit:
- resources and timing
- determining the audit scope and objectives
- undertaking a risk-based approach
- ISMS documentation (risk treatment plan, SoC, SoA, information security asset record)
- use of checklists
- selection of audit teams
- risk assessment and risk treatment
- conducting the ISMS audit – skills, techniques and auditor competence:
- evaluating the significance of audit findings
- communicating and presenting audit reports
- nonconformities and improved security as a result of corrective actions
- correction and corrective action
- management of the third-party assessment and certification process
- understand the role of internal and external audits in ensuring compliance of an ISMS to organisational and ISO 27001 requirements
- lead an ISMS audit including:
- planning the audit using a risk-based approach to scheduling and selecting audit criteria
- conducting an ISO 27001 audit using appropriate sampling and interviewing techniques
- writing objective and factual audit reports and presenting findings
- following up and closing out an ISMS audit
- contribute to the effectiveness and continual improvement of an organisation’s information security management system
Delegates must participate fully throughout the course and will be assessed by ‘continual assessment’ and by completing an exam on the final day. Students passing both aspects will receive a CQI and IRCA approved ‘Certificate of Achievement’, and will meet the training requirements for registration with IRCA as an ISMS auditor.
For Scheduled Training courses, please select from the Course Dates and Venues table below.
Course dates and venues
Yes. To pass this course you will first be assessed during training by your course tutor for participation and understanding. You will then have 30 days after the end of the course to take an online exam set by the CQI and IRCA.
The exam will present you with a mix of multiple choice, short response and other forms of question. Practice questions will be available to you to help you understand how the exam works and to check your knowledge. You will find both the exam and the practice questions on external portals, and you will be given full instructions about how to use these. Bywater will also work with you during the course to clarify what is expected of you.
This new online exam, available from March 2023, replaces the previous format of a 2-hour essay-type exam, in use until February 2023.
Yes, this Bywater ISO 27001 Lead Auditor training course is certified by the CQI and IRCA. That means our training course meets the required high standards for content and course delivery. Not only can you be confident of an excellent learning experience, but the certificate you receive on successful completion will reflect the quality of the expertise you have acquired.
As the professional body that certifies this course, the CQI and IRCA has stated that it expects delegates to already have some knowledge of the requirements of ISO 27001. This includes requirements of the standard; the Plan, Do, Check, Act (PDCA) cycle; and core elements of a management system.
We do have a short quiz that you can take to check your knowledge.
If you do not feel confident that you have sufficient knowledge, but do want to train as a lead auditor, you could first attend our Introduction to ISO 27001 training course. This course is designed to give you the knowledge you need to then attend this lead auditor course. Book both courses together and you can receive a £100 discount.
If for any reason you do not pass the exam, then you do have the opportunity to re-sit within a certain timeframe. We aim to provide you with time with the course tutor to discuss how you can improve your performance. If you find yourself needing to re-sit do contact our training team to discuss the way forward.
Regulus|27th Nov, 2023
Trusted Technology Partnership|21st Nov, 2023
Northrop Grumman UK Ltd|27th Sep, 2023
Huber+suhner Polatis Ltd|18th Sep, 2023
Royal Air Force|8th Sep, 2023
Vehicle Certification Agency (VCA)|3rd May, 2023
EDF Energy Ltd|21st Feb, 2023
Amps Ltd|15th Dec, 2022
RAF|30th Nov, 2022
RAF|30th Nov, 2022
Royal Air Force|5th Oct, 2022
Royal Air Force|5th Sep, 2022