CQI & IRCA Certified
ISO/IEC 27001:2022 Information Security Management Systems Auditor - Lead Auditor Course
Delivery Method
-
This course will be conducted through an online platform training (ZOOM).
-
Our e-learning system will send email notification to your registered e-mail address. Make sure to provide the e-mail address that you can access the e-mails anytime. We recommend to use personal email address, instead of company email address.
-
Equipment configuration requirements: During the class, candidate is required to turn on the microphone (Microphone) and video camera (Webcam) to interact with the instructor and classmates.
Introduction
This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course is part of International recognized CQI/IRCA ISMS Auditor Certification programme.
The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.
Learning objectives
-
Learn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification
-
Learn how to explain the role of an auditor to plan, conduct, report, and follow-up an ISMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
-
Learn how to plan, conduct, report and follow-up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate)
Course benefits
-
Your organization will have an internal resource and process to be able to conduct its own audit of its ISMS to assessand improve conformance with ISO/IEC 27001
-
You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization
-
Successful auditing will improve the protection of an organization’s personal data and trade secret to meet market assurance and corporate governance needs
-
Understand how to identify gaps in an ISMS system
-
Accurately audit will be able to provide continuous improvement to a management system
-
Meet training requirements for CQI/IRCA auditor certification
Who should attend?
This is intended for those who will be involved in leading audits of an ISMS that conforms to the latest ISO/IEC 27001 in any organization. The suggested job functions and their teams including but not limited to the following:
-
Information security managers
-
IT and corporate security managers
-
Corporate governance managers
-
Risk and compliance managers
-
Information security consultants
Prerequisite
- You have successfully completed ISO/IEC 27001:2019 Information Security Management Systems - Understanding & application, Internal Auditor Training Course and/or equicalent to any working ecxperiences.
Course outline
Day 1 : Information security management systems knowledge (ISO 27001)
-
Management system structure (MSS) and process approach (PDCA)
-
Understand the organization's compliance risk
-
Understanding of organization, interested parties, and their requirements
-
Management system scoping
-
Leadership and commitment
-
Top management leadership, management system policy and objectives
-
Support the management system and a documented management system
-
Compliance risk management and objectives
-
Information asset management (asset register, asset owner)
-
Information security risk management requirements and process
-
Risk assessment (identify the risk, risk owner, risk analysis and risk evaluation)
-
Risk treatment (treatment options, Statement of Applicability(SoA), risk treatment plan
Day 2: Guidelines for auditing management systems (ISO 19011 and ISO 17021) - Auditor, audit types and certification process
-
Management system operation
-
Management system performance evaluation and improvement processes
-
Auditor's role, responsibility, and competence
-
Different types of audit and certification process
Day 3: Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit
-
Roles and responsibilities in an audit
-
Management system performance evaluation and continual improvement requirements
-
Different types of audit
-
Audit programme and purpose
-
Planning an audit (initiate the audit, feasibility analysis)
-
Conduct a Stage 1 audit (document review)
-
Preparation for Stage 2 (on-site) audit - audit plan
-
Preparation of audit work documents includes checklist and audit trails
Day 4: Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play
-
Opening meeting
-
Roleplay for audit scenarios
-
Practice audit skills of collecting audit evidence
-
Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI)
-
Prepare audit report
Day 5: Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up
-
Audit conclusion
-
Closing meeting
-
Audit follow-up
-
Evaluating correction, the corrective action including root cause analysis and audit finding closure
-
Management system certification
-
Course summary and examination
Should you have any questions, please free feel to contact Ms. Joanne Chan during office hour.
Tel: (852) 2202 9330 / (852) 6050 8153 Email: training@hkqaa.org
Office Hour: 9 a.m. to 6 p.m. (Monday to Friday)