ISO 27001 Auditor Conversion Training Course
DURATION
3 daysCPD
Equivalent to 24 hoursCERTIFICATES
All delegates will receive a certificate on completion.DELIVERY OPTIONS
Course certification
A CQI and IRCA certified ISO 27001 ISMS Auditor Conversion training course – ID: 2397
The 3-day course includes a simulated audit of an organisation seeking ISO 27001 certification, enabling delegates to put ideas learned into action. Delegates will work as part of an audit team to practise undertaking a risk-based ISMS audit, including:
- planning an ISMS audit
- creating an audit checklist
- conducting a stage 2 ISMS audit
- writing a nonconformity report
Assessment is by continuous evaluation of performance during the course, together with a written examination on the final day.
- auditors who have achieved lead auditor certification in another discipline, for example ISO 9001, and now wish to expand their knowledge to audit an ISMS against ISO 27001:2022
- those with a responsibility for auditing the ISMS, including information security managers, information security consultants and IMS auditors
CQI and IRCA do expect delegates to have prior knowledge of the requirements (clauses) of ISO 27001 before attending this course. Some individuals may find it beneficial to attend our Introduction to ISO 27001 training course. We can offer £100 discount if you book this introductory course together with our ISO 27001 Auditor Conversion training course. To learn more about prior knowledge requirements click here.
Please note that if potential delegates have not previously attended a CQI & IRCA Lead Auditor training course in another discipline, they should view our ISO 27001 Lead Auditor training course rather than this conversion course.
- purpose and benefits of an ISMS
- requirements of ISMS documented information
- auditing a risk assessment
- Annex A – interpreting and auditing the controls
- role of the ISMS auditor
- preparation and conduct of a stage 1 audit
- planning, conducting, reporting and following up a stage 2 audit of an ISMS
- compliance – ISO 17021-1 requirements for certification bodies
- auditing an ISMS in terms of legal compliance
- reporting writing, including nonconformity and audit reports
- Day 1
- WELCOME AND INTRODUCTION
- Module 1 ISMS and ISO 27001
- Exercise A ISMS Purpose and Benefits
- Group Discussion: Key Aspects of an ISMS
- Group Discussion: Key Elements of Any (ISO) Management System
- Exercise B Auditing a Risk Assessment
- Group Discussion: How to Audit an ISMS in Terms of Legal Compliance
- Workshop A The Controls in Annex A
- Module 2 Preparing to Audit an ISMS
- Workshop B Documented Information
- Workshop C Case Study – Review/Audit
- Pre-course Work
- CLOSE
- Day 2
- Review of Day 1 & Evening Work
- Module 3 Planning a Stage 2 ISMS Audit
- Workshop D Case Study
- Module 4 Conducting a Stage 2 ISMS Audit
- Workshop E Case Study – Live Audit
- Workshop F Case Study – Audit
- Exercise C Writing up a Nonconformity
- Exercise D Writing the Full Audit Report
- Discussion: Specimen Paper – Brief and Discuss
- CLOSE
- Day 3
- Review of Day 2 & Evening Work
- Module 5 Technical Knowledge
- Workshop G Annex A – Technical Aspects
- Exercise E Quick Knowledge Test
- Module 5 Technical Knowledge continued
- Preparation: Specimen and Live Examination Papers
- Questions and Feedback
- CLOSE
Evening work will be provided to delegates on Day 1 and Day 2.
- explain the purpose and benefits of an ISMS
- plan, conduct, report and follow up an audit of an information security management system
- establish conformity of a management system against ISO 27001 (with ISO/IEC 27002) and in accordance with ISO 19011 and ISO/IEC 17021, as applicable
- verify that the Statement of Applicability (SoA) contains the necessary controls (with reference to Annex A and ISO/IEC 27002)
- evaluate actions to address risks and opportunities
- verify that the risk assessment has criteria for performing information security risk assessments
Delegates who have already successfully completed a CQI and IRCA certified Lead Auditor training course in an alternative discipline will meet the training requirements for certification as an IRCA ISMS Auditor by completing this course.
Upcoming course dates
Yes, this course is certified by the professional body of CQI and IRCA. This means that we have met stringent requirements for both content and delivery.
Our commitment to employing highly experienced and knowledgeable tutors to help plan content and present classes is central to our approval as a training centre, and provides you with the assurance that you will receive a valuable return on your training investment.
If you are already a lead auditor in another discipline, such as ISO 9001 or ISO 45001, then this course is ideal for extending your auditing knowledge into the world of information security management systems.
If you are not already an auditor in another discipline, and wish to become an auditor of ISMS, there is more appropriate training available.
Our ISO 27001 Internal Auditor training course will teach you all you need to know about auditing your own organisation’s ISMS.
Alternatively, our ISO 27001 Lead Auditor training course will give you the knowledge and skills you are looking for to audit both internal and external ISMS.
You are expected to have some knowledge of the requirements of ISO 27001 to make the most of this training course.
If you have little or no knowledge in this field, you may like to attend our 1-day Introduction to ISO 27001 training course first. If you book the 2 courses together you will be eligible for a £100 discount.
Yes, from March 2023 there is an online exam which you will need to take within 30 days of the end of the course. The exam is set by the CQI and IRCA, and is available on an external portal. You will be sent full instructions on how to access the portal and the format of the exam. We will also provide information during the course to help you achieve success. That includes making use of the practice questions which are available on a separate portal.
This replaces the 2-hour written exam in use up to February 2023.
Customer reviews
LRQA|18th Dec, 2024
Achilles Information Limited|27th Nov, 2024
G4S Fm|21st Nov, 2024
Marlowe Fire & Security Ltd|25th Oct, 2024
Ultra Maritime Smap|23rd Oct, 2024
UK Biocentre Limited|25th Sep, 2024
Global View Systems|5th Sep, 2024
Netnodes Limited|31st Jul, 2024
Tribeca Technology Group|20th May, 2024
Enoda Ltd|3rd Apr, 2024
Rolls Royce|11th Mar, 2024
Derivco Sports|15th Dec, 2023