ISO 27001:2022 Lead Auditor

This course is an ideal course for those wishing to pursue a qualification in information
security management systems auditing, or to develop an advanced skill in auditing
information security management systems.

• You wish to expand your knowledge about effective audit practices or

• You may wish to build on your existing auditing experience especially in auditing
information security management systems and its related processes and procedures

• You may want to audit your existing ISMS processes for effectiveness and
improvement

• You are a consultant providing advice on ISO/IEC 27001:2013 and require formal
training and recognition through IRCA

• You are a security or quality professional who wishes to add ISO/IEC 27001:2013 to
their skills set

Through a highly interactive approved International Register Certificated Auditors (IRCA)
course, containing many practical examples, with the ability to learn through practice built into the course.

The course covers -

• The importance of information security for the organisation and its customers

• How to review the typical documentation an organisation would prepare to meet the
requirements of ISO/IEC 27001:2013 and how to produce a practical value added documentation audit report

• How to audit selected security controls

• How to plan, conduct and conclude a practical audit of security related organization

• How to control and work with an audit team with practical examples related to an
ISMS audit

• To gain the skill to audit processes and their interaction with other processes

• To report findings accurately and factually in terms that are valued by management

• To evaluate corrective actions effectively to eliminate causes of problems

Knowledge of ISO/IEC 27001:2013 prior to attending this course; in particular, you must have prior knowledge of:

a. Management systems

• Understand the Plan-Do-Check-Act (PDCA) cycle

b. Information security management

• Knowledge of the following information security management principles and concepts:

i. Awareness of the need for information security;

ii. The assignment of responsibility for information security;

iii. Incorporating leadership and commitment and the interests of
stakeholders;

iv. Enhancing societal values;

v. Using the results of risk assessments to determine appropriate controls to
reach acceptable levels of risk;

vi. Incorporating security as an essential element of information networks and
systems;

vii. The active prevention and detection of information security incidents;

viii. Ensuring a comprehensive approach to information security management;

ix. Continual reassessment of information security and making modifications as
appropriate.

c. ISO 27001

• Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the
commonly used information security management terms and definitions, as
given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.

• To understand the Plan-Do-Check-Act cycle, possess knowledge of information
security management principles and concepts, including: the need for
information security (i.e. within your organisation/sector); the assignment of
responsibility for information security (i.e. organisational structure and
determination of responsibilities); leadership and commitment and the
interests of stakeholders (i.e. within your organisation/sector); enhancing
societal values (i.e. data security, privacy, personal security and governance);
using the results of risk assessments to determine appropriate controls to
reach acceptable levels of risk; incorporating security as an essential element
of information networks and systems; the active prevention and detection of
information security incidents; ensuring a comprehensive approach to
information security management; continual reassessment of information
security and making modifications as appropriate.

• Complete approximately 2 hours of pre course work prior to attending the
course.

• To gain IRCA auditor status

• This course meets the training requirements for certification as an IRCA ISMS auditor

• LRQA business improvement courses

Five days

This course can be delivered as an In-company event for those organisations implementing and auditing information security with more than five auditors wanting to develop knowledge of information security management systems, ISO/IEC 27001:2013 and develop their auditing skills.