CQI-IRCA Certified ISO 27001:2013 Information Security Management System Lead Auditor

CQI and IRCA Certified ISMS Auditor Training courses will equip the delegates with the knowledge and skills to assess an organization’s information security management systems to ISO 27001.

You will acquire the competence to audit an organization's ISMS to meet the requirements of ISO 27001, either as a third or second-party auditor. Successful completion of this course meets the requirement for certification as an Auditor on IRCA's ISMS Scheme.

Learning Outcomes

• Understand the application of the information security Management System in the context of ISO 27001
• Understand the relationship between an Information Security Management System, including Risk Management, controls and compliance with the requirements of different stakeholders of the organization.
• Improve the ability to analyze the internal and external environment of an organization, risk assessment and audit decision making in the context of an ISMS.

Agenda:

Day 1: Introduction to the management of an Information Security Management System based on ISO 27001

• Normative and regulatory and legal Framework related to information security
• Fundamental Principles in Information Security
• ISO 27001 Certification Process
• Information Security Management System (ISMS)
• Detailed presentation of the clauses 4 to 8 of the ISO 27001 Standard

Day 2: Launching an ISO 27001 audit

• Fundamental Audit concepts and principles
• Audit approach based on evidence and on risk
• Preparation of an ISO 27001 Certification audit
• Documenting of an ISMS Audit
• Conducting an opening meeting

Day 3: Conducting an ISO 27001 audit

• Communication during the audit
• Audit procedures
• Observation
• Document Review
• Interview
• Sampling Techniques
• Technical Verification
• Corroboration and evaluation
• Drafting test plans
• Formulation of Audit Findings
• Drafting of nonconformity reports

Day 4: Closing an ISO 27001 audit

• Audit documentation
• Quality review
• Review of audit notes
• Conducting a closing meeting and conclusion of an ISO 27001 audit
• Evaluation of corrective action plans

Day 5: Surveillance Audit

• Surveillance audit
• Audit management program
• Completion of training
• Course review
• Exam preparation
• CQI-IRCA Certificate exam