A CQI and IRCA certified ISO/IEC 27001:2022 Lead Auditor training course (ref: 17293).

Auditing is an essential tool in the battle to identify, assess and address information security risks posed by challenges such as employee error and data breaches.

This CQI and IRCA certified ISO 27001 Lead Auditor training course explores how auditing an organisation’s information security management system (ISMS) helps to ensure that the system:

  • conforms to the organisation’s specification
  • meets the requirements of the ISO 27001 information security standard, with reference to ISO 19011 and ISO 17021
  • is effectively implemented and maintained.

Created and delivered by information security experts, the ISO 27001 Lead Auditor course equips delegates with the skills and confidence to undertake a full audit, from planning through preparing and reporting to follow up. The interactive course includes workshops and follows a central case study to help reinforce learning.

Students are assessed through continuous evaluation and an exam on the final day of the course. Successful completion will satisfy the training requirements for certification as an IRCA ISMS auditor.

This 5-day course is suitable for delegates from all industries, including:

  • anyone who wishes to complete first, second and/or third-party ISO 27001 audits onsite and/or remotely
  • audit team leaders
  • those responsible for implementing and ensuring compliance with ISO 27001, including IT security managers, compliance consultants, cyber security consultants, information assurance professionals, QHSE managers, management systems professionals and existing auditors
  • those wishing to gain a recognised ISO 27001 lead auditor certificate
  • those seeking to apply to the CQI as an IRCA ISMS auditor

Please note that CQI and IRCA expect delegates attending this ISO 27001 Lead Auditor training course to have prior knowledge of the requirements (clauses) of ISO 27001. Some individuals may find it beneficial to attend our Introduction to ISO 27001 training course.

Click here to learn more about prior knowledge requirements.

The topics covered in the course include:

  • background and overview of ISO 27001 and other information security standards (ISO 27000 Family)
  • ISO 27001 Annex A controls
  • an introduction to auditing against ISO 27001 and the auditor’s role
  • the role of management in reviewing risk and the effectiveness of the ISMS
  • planning and managing an ISMS audit:
    • resources and timing
    • determining the audit scope and objectives
    • undertaking a risk-based approach
    • ISMS documentation (risk treatment plan, SoC, SoA, information security asset record)
    • use of checklists
    • selection of audit teams
  • risk assessment and risk treatment
  • conducting the ISMS audit – skills, techniques and auditor competence:
    • evaluating the significance of audit findings
    • communicating and presenting audit reports
  • nonconformities and improved security as a result of corrective actions
  • correction and corrective action
  • management of the third-party assessment and certification process

With a focus on practical application, this course is based around the following structure:

  • Day 1
    • WELCOME AND INTRODUCTION
    • Module 1 ISMS and ISO 27001:2022
    • Exercise A ISMS Purpose and Benefits
    • Workshop 1 ISMS Issues and Threats
    • Module 2 ISMS Audit Overview
    • LUNCH
    • Workshop 2 ISMS Auditor Qualities and Attributes
    • Workshop 3 Annex A – Interpreting and Auditing Controls
    • Exam Briefing Section 1
    • CLOSE
  • Day 2
    • Review of Day 1 & Specimen Paper Section 1
    • Module 3 Stage One Audits
    • Workshop 4 Preparing for a Stage One Audit
    • LUNCH
    • Exercise B Auditing a Risk Assessment
    • Module 4 Stage Two Audits – Case Study Briefing
    • Workshop 5 Preparing for a Stage Two Audit
    • Module 5 Performing an Audit
    • Exam Briefing Section 2
    • CLOSE
  • Day 3
    • Review of Day 2 & Specimen Paper Section 2
    • Workshop 6 The Live Audit
    • LUNCH
    • Workshop 6 (cont.)
    • Exam Briefing Section 3
    • CLOSE
  • Day 4
    • Review of Day 3 & Specimen Paper Section 3
    • Module 6 Audit Reporting – Nonconformities
    • Exercise C Nonconformity Writing
    • Module 6 (cont.) Audit Reporting – Content Guidance
    • Exam Briefing Section 4
    • Module 6 (cont.) Audit Reporting – Nonconformity of Further Investigation?
    • LUNCH
    • Module 7 Audit Follow-up, Major & Minor Nonconformities
    • Module 8 Physical and Technical Controls in Annex A
    • Workshop 7 Auditing the Technical Aspects of Annex A
    • Module 9 The ISMS Auditor
    • Exercise D Knowledge Test & Discussion
    • Exam Briefing, Revision Guidelines & Q&A
    • CLOSE
  • Day 5
    • Review of Day 4 & Specimen Paper
    • Workshop 8 Audit Reports – Words Matter
    • End of Course Quiz
    • Exam briefing
    • CLOSE

On completion of this ISO 27001 Lead Auditor training course, delegates will be able to:

  • understand the role of internal and external audits in ensuring compliance of an ISMS to organisational and ISO 27001 requirements
  • lead an ISMS audit including:
    • planning the audit using a risk-based approach to scheduling and selecting audit criteria
    • conducting an ISO 27001 audit using appropriate sampling and interviewing techniques
    • writing objective and factual audit reports and presenting findings
    • following up and closing out an ISMS audit
  • contribute to the effectiveness and continual improvement of an organisation’s information security management system

Delegates must participate fully throughout the course and will be assessed by ‘continual assessment’ and by completing an exam on the final day. Students passing both aspects will receive a CQI and IRCA approved ‘Certificate of Achievement’, and will meet the training requirements for registration with IRCA as an ISMS auditor.

ISO 27001 Lead Auditor Certificate