ISO 27001:2013 (Information Security Management System)

This Information Security management system Auditor/Lead Auditor course has been designed and developed to provide students with the knowledge and skills required to perform audits (first party, second and third-party) of Information Security Management System against ISO 27001:2013, in accordance with ISO 19011 2018 and ISO 17021-1:2015, as applicable. This course is meeting the requirements for individuals seeking registration as an Auditor or Load Auditor for IRCA.

This training course is conducted in conjunction with the CQI-IRCA Regulations.

Course Content

• Information Security Management System – Overview, Principles, Terms and Definitions
• Auditing Information Security Management System requirements as per ISO 27001:2013 Standards
• Roles and responsibilities of Auditors and Auditee
• Audit terminologies, Audit Principles and Types of Audit
• Establishing, Implementing, Monitoring, Reviewing and improving Audit Programme
• Planning and conducting an audit (Stage 1 & Stage 2)in accordance with ISO 19011:2018 & ISO 17021-1:2015
• Audit findings Classification & It’s reporting methods
• Follow up & Completing the Audit
• Competence and Evaluation of Auditors

Who should attend?

• The organisations running the certification schemes (Certification Bodies)
• Management Representatives, Information Security Core Group members and other process heads responsible for establishing, implementing, maintaining and auditing Information Security Management System
• All employees whose work responsibility directly affects the performance of the Information Security Management System
• Anyone who is responsible for loading an audit of their own or another company’s Information Security Management System
• Management System Professionals and ISMS Administrators, Executives who wants to improve their Information Security Management System
• Any person involved in organizing. planning and conducting first party, second party or third-party audits in Information Security Management System discipline
• Those individuals willing to take up external auditing as a future profession by becoming an independent auditor and to become a registered ISO 27001:2013 Lead Auditor
• Students who wish to learn and develop cross-functional skills for the challenging future assignments in Information Security Management System discipline

Pre-Requisites

Delegates attending this course are required to have a minimum level of “expected prior knowledge in the following areas:

• Completion of secondary education
• An understanding of report writing is desirable
• Knowledge of the following principles and concepts:
  
  • The Plan, Do Check, Act (P-D-C-A) cycle
  • The relationship between Information Security Management and other Business Processes
  • Commonly used Information Security Management terms and definitions
  • The Process approach & Risk-based thinking in Information Security management system
  • Basic Understanding on Information Security Risks & Risk Treating Techniques
  • The structure and content of ISO 27001:2005/ISO 27001:2013
  • Knowledge of the requirements of ISO 27001:2005/150 27001:2013, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.

Learning Outcome

Upon completion of this course, delegates should be able to (Knowledge oriented)

• Describe the purpose of an Information Security Management system, Information Security management systems standards, Management system audit and of third-party certification
• Explain the role of an ISMS auditor to plan, conduct report and follow up of on Information Security management system audit in accordance with 150 15001:2018 (and 150 17025-12015 where appropriate)

Skills oriented

• Plan, conduct, report and follow up on audit of information security management System to establish conformity (or otherwise) with 150 27001:2013 and in Accordance with 150 150:2013 and ISO 17025-1.2015

Course Venue/Mode

Courses are held through virtual class room and workshop and requirement standards will communicated by mail.

Duration

(40 Hours) in different formats as given below 5 Days consecutively/2+3 Days/3+2 Days/1+2+2 Days/2+1+2 Days

Methodology of delivery

• Accelerated learning through Workshops & Exercises
• Role play, case study and discussions between the groups and individuals
• Mock audit and Presentation of findings

Examination

This course includes a 2 hours examination and on successful completion, delegates will be awarded certificate of achievement in case the delegate does not qualify the exam but attended the full course con re-sit for the exam with 1 month of course end-date.

Course Tutor(s)

KBS deploys highly experienced Professionals with Best experience in auditing & training