40 hours (minimum)
This course aims to provide learners with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO/IEC 17021, as applicable.
Learners who successfully complete this CQI and IRCA Certified ISO/IEC 27001:2022 Lead Auditor (ISMS) Training course successfully (within the five years prior to making an application to become a certificated auditor) will satisfy the training requirements for initial certification as an IRCA ISMS auditor.
Who is it for?
This course is for those intending to acquire the competence to audit an organisation's entire ISMS to meet the requirements of ISO/IEC 27001, either as a third or second-party auditor.
1. Explain the purpose and business benefits of an information security management system, of information security management systems standards, of management system audit and of third-party certification.
2. Explain the role of an auditor to plan, conduct, report and follow up an information security management system audit in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate).
3. Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate).
Recommended Prior Knowledge:
Understand the Plan-Do-Check-Act (PDCA) cycle
Information security management
Knowledge of the following information security management principles and concepts:
- awareness of the need for information security;
- assignment of responsibility for information security;
- incorporating management commitment and the interests of stakeholders;
- enhancing societal values;
- risk assessments determining appropriate controls to reach acceptable levels of risk;
- security incorporated as an essential element of information networks and systems;
- active prevention and detection of information security incidents;
- ensuring a comprehensive approach to information security management;
- continual reassessment of information security and making of modifications as appropriate.
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing CQI and IRCA Certified ISO/IEC 27001:2022 Foundation (ISMS) (FD134) Training course or equivalent.
Learners must demonstrate acceptable levels of performance in the three learning objectives to complete the course successfully. Learners will be assessed through practical tasks and activities. Learners must also pass a 2-hour written examination.
Assessment questions may relate to prior knowledge that will not be covered in this course. Learners who lack the prior knowledge are strongly recommend acquiring it before booking on to a course.
Find this course
Search our database of global Approved Training Partners to find this course in a location near you.
Find this course
Search our database of global Approved Training Partners for this course in a location near you.
Take the training quiz
If you're not sure which course or level is right for you, take the training quiz and find out.