ISO/IEC 27001:2022 Lead Auditor Training (CQI and IRCA certified course)

Course description

Training objectives according to IRCA requirements:

The participants will be able to:

• explain: the objective and business benefits of the information security management system. Besides they will be able to explain the business benefits from improve efficiency of information security management system.
• present:
  • the Plan-Do-Check-Act framework and to apply this to the processes of information security management system.
  • the processes of create, accomplish, operate, follow up, supervise, maintains and improve of information security management system, including importance of this to the ISMS auditor
• plan, conduct and close an ISO 19011 standard based audit with the adequate interpretation of the ISO/IEC 27001 standard.
• apply: the terminology and requirements of standard.
• describe: the objective and differences of first-, second-, a third- party management systems audit.
• explain: the advantages of third party (accredited certification) information security management system audit to the organizations and stakeholders.

Our course material was developed by our experienced auditors, who had been in the profession for many years. As a result, they complied the theoretical and practical training materials to reflect real experience as much as possible and to prepare the auditors for unexpected situations too. Our training was developed by highly qualified experts with the aim of sharing knowledge on a professional level and with the purpose of training similarly good professionals, who may become manpower of the profession in demand not only in the domestic market but also abroad.

Methodology

Two-thirds of our training consists of exercises solved in a computer-assisted way. Prior to the practical tasks, the necessary theoretical knowledge is presented by the instructors via presentations. Participants will primarily be involved in simulations, in which they can practice teamwork and individual functions. Tasks are built on each other during the course and gradually become more difficult to help the participants for situations they will typically face during real audits. Participants will be able to perform increasingly complex tasks based on their acquired knowledge and experience of previous days. It is an important part of the training that at the end of each day there is an opportunity to consult the instructor, so the participants will have the chance to clarify any questions or suggestions they might have had during the day.

Course objective

• sharing of up-to-date auditor knowledge;
• developing skills (communication, collaboration, leadership, critical thinking and problem solving);
• getting to the ability of clear identification of conformity, deficiency and development areas between information security management systems and associated standards;
• developing attitudes related to teamwork and independently executed activities

Duration

40 hours distributed to 5 business days

Price

Training in English: Training fee: HUF 349,000 +VAT Exam fee: HUF 50,000 + VAT

Prerequisites / qualification

• Completed secondary or higher education.
• Basic information security management knowledge, acquaintance with ISO/IEC 27001 standard.
• Conversational or higher proficiency of English (for applying to training in English).
• Advantage: Internal auditor qualification.

The training is recommended for:

• Information security management representatives, quality managers.
• Internal auditors, supplier auditors.
• Employees working in information security management responsible for developing and building the system.
• For those who are considering an auditor career.
• For anyone who is passionate about information security.

Topics

Overview:

• Basics and requirements of information security
• Auditing basics (Implementing and monitoring an audit programme)
• Preparing for the audit: documentation review, audit plan, checklist
• On-site audit activities (opening meeting, identifying nonconformities, questioning techniques, interviewing)
• Closing the audit (closing meeting, audit report)
• Audit follow-up
• Risk assessment

Details:

Day 1

• Basics of information security: Management systems; Principles, concepts
• Auditing the ISMS: Principles of auditing, audit concepts
• Establishing, implementing and monitoring an audit programme

Day 2

• Preparation and planning of an ISMS audit
• Performing review of ISMS documented information
• Preparing an audit plan
• Preparing an audit question list

Day 3

• On-site audit activities
• Opening meeting
• Conducting an audit (Clauses 4-10 of the ISO/IEC 27001 standard)

Day 4

• Conducting an audit (Appendix “A” of the ISO/IEC 27001 standard)
• Documentation of nonconformities
• Closing meeting

Day 5

• Preparing audit report
• Closing the audit (6.5-6.6 of ISO 19011:2018)
• Audit follow-up
• Tracking of corrective actions
• Risk assessment for the audit process
• Exam

General information

• If you do not have verifiable knowledge of information security and ISO/IEC 27001 basics (internal auditor qualification, working experience in information security), you will be asked to write a preliminary online placement test. Participation on the course will be permitted based on the test results. This placement test should be written until the end of the week preceding the start of the course.
• Before the start of the training, participants will receive a detailed agenda of the course, examination rules, technical information about the course and a “learning method survey” that can be filled at home. Based on the findings of this survey, you will learn which learning method(s) are expected to be most effective for you during the course.
• In case of absence from the course, the exam cannot be taken.
• Although tasks are primarily to be solved in electronic form (via computers), all the materials and tasks will be made available for the participants in print too.
• Participants will receive a sample test (mock exam) to be completed as homework, but the review of this test will take place during class. This includes a set of tasks that will help a lot to prepare for the exam.
• Following a successful exam, participants will receive an English-language IRCA-registered certificate.

Price

Training in Hungarian: Training fee: HUF 374,000 + VAT; Exam fee: HUF 75,000 + VAT

Training in English: Training fee: there is no training available in English now.