ISO 27001 Lead Auditor
Course Overview:
ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. Information being a valuable asset and building block is important to the growth, success and maintaining credibility of any organization. Information needs to be suitably protected like any other important business asset. If this asset is compromised, then the organization may be exposed to various threats including cybersecurity threats, identity theft and risks which may lead to brand image erosion, business disruption, financial and productivity loss etc.
The course will be conducted by our experienced lead auditors, who have audited numerous organizations. This intensive course is a pre-requisite in becoming a registered auditor / lead auditor. The course is structured to provide the knowledge and skills required to assess the Information Security Management System of an organization in accordance with the requirements of the ISO/IEC 27001:2022 international standard.
This comprehensive five-day course is structured to provide an understanding of ISO/IEC 27001:2022 requirements blended with presentations, case studies, exercises, workshops and role-plays to ensure that the participant thoroughly understands the role of an auditor / lead auditor and acquires the expertise needed to perform effective audits.
Objective:
ISO 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.
By the end of this training course, the participants will be able to:
Target Practice:
Prerequisite:
Prior knowledge about concepts of information security and information security management system (ISO/IEC 27001) is mandatory. This course is not for filling gaps in the knowledge about the standard, but for enhancing the knowledge about the same with regards to the audit context. *Relevant proofs to be submitted.
Duration:
Full 5 Days (40 Hours)
Course Content:
Module 1:
ISMS concepts and ISO/IEC 27001 standard:
Module 2:
Auditing principles:
Module 3:
Roles, responsibility and competency of auditors:
Module 4:
Planning an audit:
Module 5:
Conducting an audit:
Module 6:
Reporting audit results:
Module 7:
Corrective actions:
Module 8:
CQI IRCA registration:
Module 9:
Exercises / Workshops / Roleplays
Module 10:
Written examination
Certification Prerequisites:
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.
| Credential | Exam | Professional Experience | ISMS audit Experience |
| Certified ISO/IEC 27001 Lead Auditor | Certified ISO/IEC 27001 Lead Auditor Exam | Five years: Two years of work experience in Information Security Management | Audit activities: Total of 300 hours |
Evaluation:
Continuous Assessment:
Participants will be assessed throughout the course for punctuality, presentation skills, interactive approach, involvement, role-play, daily tests etc. Passing criteria: 70%
Final Examination:
There will be a written examination at the end of the course. The examination is a ‘closed book’ and only reference material permitted in the examination is an unmarked copy of the ISO/IEC 27001:2022 international standard.
Passing Criteria:
70% overall and 50% in each section.
