ISO 27001 Lead Auditor Training Course

Auditing is an essential tool in the battle to identify, assess and address information security risks posed by challenges such as employee error and data breaches.

This CQI and IRCA certified ISO 27001 Lead Auditor training course explores how auditing an organisation’s information security management system (ISMS) helps to ensure that the system:

• conforms to the organisation’s specification
• meets the requirements of the ISO 27001 information security standard, with reference to ISO 19011 and ISO 17021
• is effectively implemented and maintained.

Created and delivered by information security experts, the ISO 27001 Lead Auditor course equips delegates with the skills and confidence to undertake a full audit, from planning through preparing and reporting to follow up. The interactive course includes workshops and follows a central case study to help reinforce learning.

Students are assessed through continuous evaluation and a two-hour written exam on the final day of the course. Successful completion will satisfy the training requirements for certification as an IRCA ISMS auditor.

This 5-day course is suitable for delegates from all industries, including:

• anyone who wishes to complete first, second and/or third-party ISO 27001 audits onsite and/or remotely
• audit team leaders
• those responsible for implementing and ensuring compliance with ISO 27001, including IT security managers, compliance consultants, cyber security consultants, information assurance professionals, QHSE managers, management systems professionals and existing auditors
• those wishing to gain a recognised ISO 27001 lead auditor certificate
• those seeking to apply to the CQI as an IRCA ISMS auditor

Please note that CQI and IRCA expect delegates attending this ISO 27001 Lead Auditor training course to have prior knowledge of the requirements (clauses) of ISO 27001. Some individuals may find it beneficial to attend our Introduction to ISO 27001 Training course.

Click here to learn more about prior knowledge requirements.

The topics covered in the course include:

• background and overview of ISO 27001 and other information security standards (ISO 27000 Family)
• ISO 27001 Annex A controls
• an introduction to auditing against ISO 27001 and the auditor’s role
• the role of management in reviewing risk and the effectiveness of the ISMS
• planning and managing an ISMS audit:
  • resources and timing
  • determining the audit scope and objectives
  • undertaking a risk-based approach
  • ISMS documentation (risk treatment plan, SoC, SoA, information security asset record)
  • use of checklists
  • selection of audit teams
• risk assessment and risk treatment
• conducting the ISMS audit – skills, techniques and auditor competence:
  • evaluating the significance of audit findings
  • communicating and presenting audit reports
• nonconformities and improved security as a result of corrective actions
• correction and corrective action

management of the third-party assessment and certification process

On successful completion of this certified ISMS ISO 27001 Lead Auditor training course delegates will be able to:

• understand the role of internal and external audits and auditors in ensuring compliance of the ISMS to organisational and standards requirements
• lead ISO 27001 audits, including initiation, planning, conducting the audit, reporting and follow up/close out
• contribute to the continual improvement of an ISMS

Successful delegates will receive a CQI and IRCA approved ‘Certificate of Achievement’ and will meet the training requirements for certification with IRCA as a registered IRCA ISMS auditor.

If you have several staff members to train, you may like to consider dedicated training. Often more cost-effective than scheduled training for multiple delegates, dedicated training also gives you the convenience of choosing your location and dates.

Request Quote

For Scheduled Training courses, please select from the Course Dates and Venues table below.