Build credibility with a formal qualification

This five-day course is ideal to pursue a qualification or develop an advanced skill in information security management systems auditing. You will be provided with the knowledge and skills to carry out second party audits to address information security risks where key data is processed or handled by external organisations.

Successful completion of this course is accepted by IRCA from those intending to apply for certification as a management systems auditor and so hoping to upskill as a supplier (2nd party) auditor for their organisation or as a certifying (3rd party) auditor for a certification body.

The course is aimed towards participants who:

• wish to expand their knowledge about effective audit practices or
• may wish to build on their existing auditing experience especially in auditing Information Security Management Systems (ISMS) and its related processes and procedures
• may want to audit their existing ISMS processes for effectiveness and improvement
• are a consultant providing advice on ISO/IEC 27001:2022 and require formal training and recognition through IRCA
• are a security or quality professional who wishes to add ISO 27001:2022 to their skill set. 

• To critically review the typical documentation an organisation would prepare to meet the requirements of ISO 27001:2022
• How to plan, conduct and conclude an external audit of information security management
• How to manage and work with an audit team, with practical examples related to an ISMS audit 
• To report findings accurately and factually in terms that are valued by management
• To make accurate decisions about accepting the conformance of a management system in supplier evaluations or independent certification
• How to evaluate corrective actions effectively to eliminate causes of problems. 

• 5 days for the traditional face to face classroom course including the exam on the final day
• From September 2021, all in-house and public virtual lead auditor training courses will be run over six days. Five days to cover the course content and a two-hour exam held on the sixth day. During the course, your trainer will liaise with you to agree the timing of the exam.

Participants should have prior knowledge of ISO 27001:2022 as well as experience in auditing and Information security management systems.

• Instructor-led training featuring accelerated learning methods
• Pre-course reading, workbooks, case study
• A certificate of training attendance or training achievement.

• ISO 27001:2013 Implementation
• GDPR Data Protection Officer Workshop
• Data Protection Impact Assessment Workshop.