In-company training

Learn how to incorporate information security management system (ISMS) requirements within a quality management system (QMS) audit on this Integrated ISMS & QMS Auditor course.

Information Security has evolved to become an essential part of everyday business. Breaches of information security not only affect a business’s brand and reputation, but it can also impact on day to day operations (including meeting customer requirements) and carries legal implications that frequently lead to companies being fined for breaching data protection. This, in addition to GDPR, means there is a stronger need for stricter information security practices in companies than ever before.

As Internal auditing is one of the fundamental activities for maintaining and improving a Management System, the internal auditor plays a highly important role in determining the effectiveness of an organisation’s information security processes. This two-day Integrated  Information Security Management System (ISMS) & Quality Management System (QMS) Auditor training course is designed to provide students with an understanding of ISO 27001 and Information Security, both from an implementation and auditing perspective, so that they can incorporate information security criteria into their existing Quality Management System audits.

This Integrated ISMS & QMS Auditor Training Course is highly suitable for:

  • existing 1st, 2nd and 3rd party QMS auditors looking to expand their knowledge to be able to incorporate Information Security within their QMS audits
  • staff who will be involved in performing ISMS Internal Audits
  • managers responsible for Information Security within their department or organisation

  • Introduction to Information Security and Information Security Management Systems
  • Integrating Information Security criteria into Quality Management System audits
  • Integrating Information Security into an existing QMS
  • ISO 27001 Requirements
  • ISO 9001:2015 clauses that relate to the management of
    information security
  • The Integrated Management System Internal Audit Process
    • Planning the audit (including QMS/ISMS checklist)
    • Conducting an integrated QMS/ISMS audit
    • Reporting, including non-conformity statements
    • Follow-up

Encompassing study, workshops and case studies, the course agenda will be similar to the following format.

  • Day 1
    • WELCOME AND INTRODUCTION
    • Module 1 Introduction to Information Security
    • Module 2 Information Security Management Systems
    • Workshop 1 ISO/IEC 27001:2022 – Annex SL
    • Workshop 2 ISO/IEC 27001:2022 – Annex A
    • Module 3 ISO 9001 vs. ISO 27001
    • Module 4 Integrating Information Security into a QMS
    • Module 5 Incidents vs. Nonconformities
    • Module 6 Risks & Opportunities
    • Workshop 3 Risk Assessment
    • Module 7 The Audit Process
    • Workshop 4 Case Study: SBS
    • Workshop 4 (cont.) Preparing to Audit
    • CLOSE
  • Day 2
    • Day 1 Review
    • Workshop 5 ISMS Process Audits
    • Workshop 5 (cont.) Review of Checklists
    • Workshop 6 Case Study: SBS
    • Workshop 7 Audit Review
    • Workshop 8 Nonconformity and all Post-NC Action
    • Module 8 Horror Stories and Coping Strategies
    • Course Summary
    • CLOSE

By the end of this course, delegates will have gained:

  • knowledge of the principles of Information Security
  • an understanding of the key elements of ISO 27001:2022
  • an appreciation of how Information Security forms part of ISO 9001:2015
  • the skills to audit a process with Information Security requirements
  • the skills to audit a process in an integrated way with Quality Management and Information Security requirements.

Delegates will also receive an Integrated ISMS & QMS Auditor training course certificate, in recognition of their new knowledge and skills.

Integrated ISMS & QMS Auditor Certificate