A CQI and IRCA Certified ISO/IEC 27001:2013 Information Security Management Systems Auditor/Lead Auditor Training Course – ref: A17293.
The objective of an audit is not fault finding, but to identify opportunities for improvement. You will learn to build on the skills of how to plan, structure and conduct an effective audit and to evaluate and communicate the findings. The course is designed to follow the stages in a live audit, including simulated audit interviews and role play closing meetings. This ISO 27001 Lead Auditor training course is highly participative and is a practically based series of sessions using tutorials, case studies, interactive workshops and open forum discussions, the practical emphasis of which provides a unique opportunity for a substantial degree of individual guidance and training.
This is a CQI and IRCA Certified Course (ref: A17293) and meets the training requirements for individuals seeking registration as a Lead Auditor under the CQI and IRCA Auditor Registration Scheme. The requirements include an examination and a certificate is issued on completion of the course.
Read our blog on managing your cyber security threats including the recommended steps for achieving an effective cyber security framework.
- Background and overview of the ISO/IEC 27001 and other Information Security Standards
- An introduction to auditing and implementing an audit system and the auditor’s role in the process
- Management’s role in reviewing risk and the effectiveness of the overall ISMS
- Planning and managing a process based audit:
- resources and timing
- use of checklists
- selection of audit teams
- Conducting the audit – skills, techniques and auditor competence:
- evaluating the significance of audit findings
- communicating and presenting audit reports
- Nonconformities and improved security as a result of corrective actions
- Management of the third party assessment and certification process
- Individuals who want to become ISMS Registered Lead Auditors
- Individuals leading their companies to ISO/IEC 27001:2013 registration
Familiarity with ISO/IEC 27001:2013 is necessary for a full understanding of the principles developed in this course.
- competence in assessing the organisation’s ability to manage risk and provide essential ISMS controls.
- an understanding of the role of audits within the ISMS and the role of auditors in effecting continual improvement.
- the skill set to enable a full understanding of how third parties view the ISMS and its compliance for certification and of how first party auditors can help create the environment to drive excellence
