Skip to main content

ISO/IEC 27001:2022 Auditor Conversion (Information Security Management Systems)

Course code
PR374
Duration

24 hours (minimum)

Category
Type
Level
Scheme(s)

This course aims to provide learners with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO/IEC 17021, as applicable.

Who is it for?

This course is for auditors with competence in another process-based management system (e.g., QMS or EMS) who want to acquire the skills and knowledge to audit against ISO/IEC 27001. For those who have already completed Lead Auditor training in another discipline, successful completion of this course meets the requirement for certification as an Auditor on IRCA's ISMS Auditor Certification scheme.

Learning outcomes

Knowledge

1. Explain the purpose and business benefits of an information security management system, of information security management systems standards, of management system audit and of third-party certification.

Skills

2. Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate).

Recommended Prior Knowledge: 

Management systems
Understand the Plan-Do-Check-Act (PDCA) cycle

Information security management
Knowledge of the information security management principles: 

  • awareness of the need for information security;
  • assignment of responsibility for information security;
  • incorporating management commitment and the interests of stakeholders;
  • enhancing societal values;
  • risk assessments determining appropriate controls to reach acceptable levels of risk;
  • security incorporated as an essential element of information networks and systems;
  • active prevention and detection of information security incidents;
  • ensuring a comprehensive approach to information security management;
  • continual reassessment of information security and making of modifications as appropriate.

ISO/IEC 27001
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing a CQI and IRCA Certified ISO/IEC 27001:2022 Foundation (ISMS) (FD134) Training course or equivalent.

Management systems audit 
Knowledge of management systems audit through satisfactory completion of a CQI and IRCA Certificated (or acceptable alternative) Lead Auditor Training course in another discipline.

Learners who have not successfully completed a CQI and IRCA Certified (or acceptable alternative) Lead Auditor Training course in another discipline that they are unlikely to successfully complete this 24-hour course and will find the 40-hour ISO/IEC 27001:2022 Lead Auditor (ISMS) Training course more appropriate.

Assessment

Learners must demonstrate acceptable levels of performance in the two learning objectives to complete the course successfully. Learners will be assessed through practical tasks and activities. Learners must also pass a 1hr 40min written examination. 

Assessment questions may relate to prior knowledge that will not be covered in this course. Learners who lack the prior knowledge are strongly recommend acquiring it before booking on to a course. 
 

Find this course

Search our database of global Approved Training Partners to find this course in a location near you.

Find this course

Search our database of global Approved Training Partners for this course in a location near you.

Take the training quiz

If your not sure which course or level is right for you, take the training quiz and find out.