Certified ISO 2701 Lead Auditor (ISO 27001:2022)

Auditing is crucial to the success of any management system. As a result, it carries with it heavy responsibilities, tough challenges and complex problems. This five day intensive course prepares the participants for the qualification process for ISO 27001. It also allows them to give practical help and information to those who are working towards compliance and certification.

This course aims to provide learners with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO/IEC 17021, as applicable.

Learners who successfully complete this CQI and IRCA Certified ISO/IEC 27001:2022 Lead Auditor (ISMS) Training course successfully (within the five years prior to making an application to become a certificated auditor) will satisfy the training requirements for initial certification as an IRCA ISMS auditor.

What Will I Learn ?

Why should you attend this course?

  • Review the Audit Requirements of ISO/IEC 27001:2022
  • Learn Auditing Principles applicable ISO 27001 Auditing
  • Learn How to Assess Security Threats and Vulnerabilities
  • Understand Review Requirements of Security Controls and Countermeasures
  • Understand the Roles and Responsibilities of the Auditor
  • Learn How to Plan, Execute, Report, and Follow-up on an Information Security Management System Audit

Exam & Certification:

  • Exam Duration: 3 hours, Exam Format: Multiple Choice, Open Book, Paper Based

Delivery Mode & Duration:
Instructor-led classroom  -  5Days (9:30 AM to 5: 30 PM)

Prerequisites:

  • ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended.

Prerequisite Knowledge

ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended.


Who can benefits ?

  • Who should attend?

    This course is for those intending to acquire the competence to audit an organization’s entire ISMS to meet the requirements of ISO/IEC 27001, either as a third or second-party auditor

    • Quality professionals with experience in the implementation and auditing of Information Security Management Systems (ISMS)
    • Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2022.
    • Existing security auditors who wish to expand their auditing skills.
    • Consultants who wish to provide advice on ISO 27001:2022 systems certification.
    • Security and Quality Professionals

    §  Technical experts wanting to prepare for an Information security audit function

Opportunity Scope

Mentor shall discuss on classroom.

Modules / Chapter

Course Contents

(Introduction to the information Security Management System (ISMS) and ISO/IEC 27001

Section 1: Training course objectives and structure

  • General information
  • Learning objectives
  • Educational approach
  • Examination and certification

Section 2: Standards and regulatory frameworks

  • What is ISO?
  • The ISO/IEC 27000 family of standards
  • Advantages of ISO/IEC 27001

Section 3: Certification process

  • Certification process
  • Certification scheme
  • Accreditation bodies
  • Certification bodies

Section 4: Fundamental concepts and principles of information security

  • Information and asset
  • Information security
  • Confidentiality, integrity, and availability
  • Vulnerability, threat, and impact
  • Information security risk
  • Security controls and control objectives
  • Classification of security controls

 Section 5: Information security management system (ISMS)

  • Definition of a management system
  • Definition of ISMS
  • Process approach
  • ISMS implementation
  • Overview – Clauses 4 to 10
  • Overview – Annex A
  • Statement of Applicability

(Audit principles, preparation, and initiation of an audit)

Section 6: Fundamental audit concepts and principles

  • Audit standards
  • What is an audit?
  • Types of audits
  • Involved parties
  • Audit objectives and criteria
  • Combined audit
  • Principles of auditing
  • Competence and evaluation of auditors

Section 7: The impact of trends and technology in auditing

  • Big data
  • The three V’s of big data
  • The use of big data in audits
  • Artificial intelligence
  • Machine learning
  • Cloud computing
  • Auditing outsourced operations

Section 8: Evidence-based auditing

  • Audit evidence
  • Types of audit evidence
  • Quality and reliability of audit evidence

Section 9: Risk-based auditing

  • Audit approach based on risk
  • Materiality and audit planning
  • Reasonable assurance

Section 10: Initiation of the audit process

  • The audit offer
  • The audit team leader
  • The audit team
  • Audit feasibility
  • Audit acceptance
  • Establishing contact with the auditee
  • The audit schedule

Section 11: Stage 1 audit

  • Objectives of the stage 1 audit
  • Pre on-site activities
  • Preparing for on-site activities
  • Conducting on-site activities
  • Documenting the outputs of stage 1 audit

On-site audit activities

Section 12: Preparing for stage 2 audit

  • Setting the audit objectives
  • Planning the audit
  • Assigning work to the audit team
  • Preparing audit test plans
  • Preparing documented information for the audit

Section 13: Stage 2 audit

  • Conducting the opening meeting
  • Collecting information
  • Conducting audit tests
  • Determining audit findings and nonconformity reports
  • Performing a quality review

Section 14: Communication during the audit

  • Behavior during on-site visits
  • Communication during the audit
  • Audit team meetings
  • Guides and observers
  • Conflict management
  • Cultural aspects
  • Communication with the top management

Section 15: Audit procedures

  • Overview of the audit process
  • Evidence collection and analysis procedures
  • Interview
  • Documented information review
  • Observation
  • Analysis
  • Sampling
  • Technical verification

Section 16: Creating audit test plans

  • Audit test plans
  • Examples of audit test plans
  • Guidance for auditing an ISMS
  • Corroboration
  • Evaluation
  • Auditing virtual activities and locations

Closing of the audit

Section 17: Drafting audit findings and nonconformity reports

  • Audit findings
  • Types of possible audit findings
  • Documenting the audit findings
  • Drafting a nonconformity report
  • The principle of the benefit of the doubt

Section 18: Audit documentation and quality review

  • Work documents
  • Quality review

Section 19: Closing of the audit

  • Determining audit conclusions
  • Discussing audit conclusions
  • Closing meeting
  • Preparing audit report
  • Distributing the audit report
  • Making the certification decision
  • Closing the audit

Section 20: Evaluation of action plans by the auditor

  • Submission of action plans by the auditee
  • Content of action plans
  • Evaluation of action plans

Section 21: Beyond the initial audit

  • Audit follow-up activities
  • Surveillance activities
  • Recertification audit
  • Use of trademarks

Section 22: Managing an internal audit program

  • Managing an audit program
  • Role of the internal audit function
  • Main internal audit services and activities
  • Audit program resources
  • Audit program records
  • Follow up on nonconformities
  • Monitoring, evaluating, reviewing, and improving an audit program

The above-mentioned content is delivered in 32 hours. In addition to this, we have added 8 hours session.

8hrs dedicated session

ISO 27001 Practical Approach

  • ISO 27001 (new 93 controls) Controls to Evidence Mapping
  • Practical approach on how to collect evidence while auditing with three scenarios/ case studies paragraphs

 ISO 27001 Exam Prep

  • Revision of course and open mic session for doubts
  • Exam Prep – mock exam
  • Discussion on exam questions and answers

Discussion on different exams (TUV/IGC/PECB)

Enquiry Form

Required fields are marked (*).

(Max 350 words only)

Contact Information

  • Address

    Anamnagar - 32 Kathmandu, Nepal

  • Email

    info@labanepal.com

  • Phone

    +977-1-4102721, 4102722, 4244804

  • Opening Hours

    10 AM - 5 PM

Registration Form

Required fields are marked (*).

(Max 350 words only)

Contact Information

  • Address

    Anamnagar - 32 Kathmandu, Nepal

  • Email

    info@labanepal.com

  • Phone

    +977-1-4102721, 4102722, 4244804

  • Opening Hours

    10 AM - 5 PM

newsletter

Sign Up for News and Offers

Subscribe for the latest news and great deals we offer