A CQI and IRCA certified ISO 27001 ISMS Auditor Conversion training course – ID: 2397

Existing lead auditors can learn about the purpose and benefits of information security management systems (ISMS), and gain the skills to undertake 1st, 2nd and 3rd-party audits against ISO 27001, by attending our CQI and IRCA certified ISO 27001 Auditor Conversion training course.

The 3-day course includes a simulated audit of an organisation seeking ISO 27001 certification, enabling delegates to put ideas learned into action. Delegates will work as part of an audit team to practise undertaking a risk-based ISMS audit, including:

  • planning an ISMS audit
  • creating an audit checklist
  • conducting a stage 2 ISMS audit
  • writing a nonconformity report

Assessment is by continuous evaluation of performance during the course, together with a written examination on the final day.

This ISO 27001 Auditor Conversion course is suitable for:

  • auditors who have achieved lead auditor certification in another discipline, for example ISO 9001, and now wish to expand their knowledge to audit an ISMS against ISO 27001:2022
  • those with a responsibility for auditing the ISMS, including information security managers, information security consultants and IMS auditors

CQI and IRCA do expect delegates to have prior knowledge of the requirements (clauses) of ISO 27001 before attending this course. Some individuals may find it beneficial to attend our Introduction to ISO 27001 training course. We can offer £100 discount if you book this introductory course together with our ISO 27001 Auditor Conversion training course. To learn more about prior knowledge requirements click here.

Please note that if potential delegates have not previously attended a CQI & IRCA Lead Auditor training course in another discipline, they should view our ISO 27001 Lead Auditor training course rather than this conversion course.

Topics covered in this course include:

  • purpose and benefits of an ISMS
  • requirements of ISMS documented information
  • auditing a risk assessment
  • Annex A – interpreting and auditing the controls
  • role of the ISMS auditor
  • preparation and conduct of a stage 1 audit
  • planning, conducting, reporting and following up a stage 2 audit of an ISMS
  • compliance – ISO 17021-1 requirements for certification bodies
  • auditing an ISMS in terms of legal compliance
  • reporting writing, including nonconformity and audit reports

Working closely with CQI and IRCA, tutors have created a practical course that covers the following modules:

  • Day 1
    • WELCOME AND INTRODUCTION
    • Module 1 ISMS and ISO 27001
    • Exercise A ISMS Purpose and Benefits
    • Group Discussion: Key Aspects of an ISMS
    • Group Discussion: Key Elements of Any (ISO) Management System
    • Exercise B Auditing a Risk Assessment
    • Group Discussion: How to Audit an ISMS in Terms of Legal Compliance
    • Workshop A The Controls in Annex A
    • Module 2 Preparing to Audit an ISMS
    • Workshop B Documented Information
    • Workshop C Case Study – Review/Audit
    • Pre-course Work
    • CLOSE
  • Day 2
    • Review of Day 1 & Evening Work
    • Module 3 Planning a Stage 2 ISMS Audit
    • Workshop D Case Study
    • Module 4 Conducting a Stage 2 ISMS Audit
    • Workshop E Case Study – Live Audit
    • Workshop F Case Study – Audit
    • Exercise C Writing up a Nonconformity
    • Exercise D Writing the Full Audit Report
    • Discussion: Specimen Paper – Brief and Discuss
    • CLOSE
  • Day 3
    • Review of Day 2 & Evening Work
    • Module 5 Technical Knowledge
    • Workshop G Annex A – Technical Aspects
    • Exercise E Quick Knowledge Test
    • Module 5 Technical Knowledge continued
    • Preparation: Specimen and Live Examination Papers
    • Questions and Feedback
    • CLOSE

Evening work will be provided to delegates on Day 1 and Day 2.

On completion of this ISO 27001 Auditor Conversion training course delegates will be able to:

  • explain the purpose and benefits of an ISMS
  • plan, conduct, report and follow up an audit of an information security management system
  • establish conformity of a management system against ISO 27001 (with ISO/IEC 27002) and in accordance with ISO 19011 and ISO/IEC 17021, as applicable
  • verify that the Statement of Applicability (SoA) contains the necessary controls (with reference to Annex A and ISO/IEC 27002)
  • evaluate actions to address risks and opportunities
  • verify that the risk assessment has criteria for performing information security risk assessments

Delegates who have already successfully completed a CQI and IRCA certified Lead Auditor training course in an alternative discipline will meet the training requirements for certification as an IRCA ISMS Auditor by completing this course.

ISO 27001 Auditor Conversion Certificate