Before and during the course FAQs

The Lead Auditor training course teaches delegates how to undertake 1st party (internal audits), 2nd party & 3rd party audits.

If you are undertaking a Lead Auditor training course you do not need to complete an internal auditor training as our certified Lead Auditor training courses equips delegates with the skills to undertake internal audits.

Please note, if you do not have prior knowledge of the standard we do recommend completing one of our introductory courses prior to completing a Lead Auditor course to gain an understanding of the clauses and terminology used in the standard.

A certification audit is an audit which is completed by an independent organisation. The audit certifies the client's management system. Certification audits include surveillance audits, re-certification audits and special audits.

The ISO/IEC 27001:2013 standard can be purchased from the ISO website here. The standard is available in hard copy or to download as a PDF. The standard is available in English, French and Arabic.

Additional standards from the ISO 27000 family, including ISO 27000 ISMS overview and vocabulary and ISO 27002 code of practice for information security controls, can be purchased here.

All delegates attending our certified ISO 27001 Lead Auditor course or ISO 27001 Auditor Conversion course require a copy of the standard.

To become a certified ISMS ISO 27001 Lead Auditor we recommend completing the 5 day CQI & IRCA ISO 27001 Lead Auditor training course to achieve an internationally recognised certificate. The course teaches delegates to undertake 1st, 2nd and 3rd party audits of an information security management system (ISMS).

The course is assessed through continuous assessment and a two hour written exam on the final day. The written exam includes questions about the ISO 27001 standard, writing an audit checklist and identifying nonconformities.

Upon successful completion of the course some delegates go on to register as a Lead Auditor under IRCA's ISMS Scheme. When registering with IRCA you will have access to an extensive range of online content and publications to support your professional development as an auditor. You will also be listed on IRCA's online register which employers often use to find Lead Auditors.

If you wish to register with IRCA, as well as completing the CQI & IRCA Lead Auditor training course you will need to gain auditing experience following the completion of the training course. The experience required includes conducting three full management system audits as a leader of an audit team.

If you have previously undertake a CQI & IRCA Lead Auditor training course in an alternative discipline, you can instead complete our three day CQI & IRCA ISO 27001 Auditor Conversion training course.

ISO 27001 Lead Auditor certification is beneficial, and often required, when applying for job roles including; Information Security Manager, Information Security Auditor, ISO 27001 Consultant, Information Security Analyst, Cyber Security Consultant, Risk Analyst, Information Assurance Consultant.

Copies of ISO/IEC 27001:2013 can be purchased from the ISO store here.

Yes, we will send you suggestions for setting up a training room with your booking confirmation. This includes equipment you will need, seating arrangements, catering, and selecting delegates for the course. If you have further questions you can contact our booking team to discuss.

Clause 5.2 of ISO 14001:2015 details the requirements for the environmental policy which shall be established, implemented and maintained by top management.

The environmental policy should be relevant to the organisation, for example considering the size of the organisation and its impacts on the environment. The policy should provide a framework for identifying environmental objectives and include a commitment to protect the environment. When writing the environmental policy the organisation should consider compliance obligations and be committed to the continual improvement of the environmental management system (EMS). The environmental policy should be documented, communicated within the organisation and be made available to interested parties.

To learn more about ISO 14001 please click here to view our ISO 14001 training courses.

A Lean Leader drives improvement activities, typically working with local management to identify and drive improvement. They also coach Lean Practitioners on process improvement methods and activities and deliver Lean training.

A dedicated training course is run specifically for your organisation, at a time and place of your choice. If you have a number of employees to train, this can be a convenient and cost-effective option for your business.

You may, for example, have several new staff members who need training in a specific skill set, or you would like all team members to receive a refresh of their knowledge. It may even be that a client has requested your whole team receives training to demonstrate your commitment to a standard.

Providing dedicated training gives Bywater the opportunity to tailor the content of the course to your particular business, enabling delegates to start applying their new skills quickly and effectively.

We can also work with you to design and deliver a programme of training across a range of skills that reflects the needs of your employees, such as lead and internal auditing together with business improvement techniques.

Organisations from many areas of industry and commerce have taken advantage of our dedicated training offering, including manufacturers, retailers, transport organisations, government agencies, police forces, local authorities, energy companies, healthcare providers, engineering organisations, pharmaceutical companies, construction companies, and research institutes.

Whilst preparing ISO 27001:2013 Information Security Management Systems - Requirements standard the ISO committee established a number of ‘Information Security Management Principles’ which were considered to be critical in establishing an effective information security management system, these were intended to be used in conjunction with ISO 27001. These principles are outlined in ISO 27000.

The nine information security principles are:

1. Awareness of need for Information Security
2. Assigned responsibility
3. management commitment and stakeholder interests
4.  Enhancing societal values
5. risk assessment to determine acceptable levels of risk from appropriate controls
6. Information networks and systems essential security elements incorporated
7. Incident prevention and detection
8. Comprehensive approach to ISMS management
9. Continual reassessment of ISMS and making appropriate modification

On this course you will learn about the key principles of a QMS and how implementing a system will benefit your business. Our expert tutors will explain the techniques, such as gap analysis and process maps, that you can use to maximise success and minimise risk, and how to support a QMS based on ISO 9001 after implementation. Because we take a very practical approach to training, you will leave the course ready to apply your learning to implementing a QMS in a real-life situation.

The content and approach of the course means that it is of value to managers and other interested parties, as well as those who will actually be carrying out the implementation.