ISO 27001:2013 (Information Security Management System)

This Information Security management system Auditor/Lead Auditor course has been designed and developed to provide students with the knowledge and skills required to perform audits (first party, second and third-party) of Information Security Management System against ISO 27001:2013, in accordance with ISO 19011 2018 and ISO 17021-1:2015, as applicable. This course is meeting the requirements for individuals seeking registration as an Auditor or Load Auditor for IRCA.

This training course is conducted in conjunction with the CQI-IRCA Regulations.

Course Content

  • Information Security Management System – Overview, Principles, Terms and Definitions
  • Auditing Information Security Management System requirements as per ISO 27001:2013 Standards
  • Roles and responsibilities of Auditors and Auditee
  • Audit terminologies, Audit Principles and Types of Audit
  • Establishing, Implementing, Monitoring, Reviewing and improving Audit Programme
  • Planning and conducting an audit (Stage 1 & Stage 2)in accordance with ISO 19011:2018 & ISO 17021-1:2015
  • Audit findings Classification & It’s reporting methods
  • Follow up & Completing the Audit
  • Competence and Evaluation of Auditors

Who should attend?

  • The organisations running the certification schemes (Certification Bodies)
  • Management Representatives, Information Security Core Group members and other process heads responsible for establishing, implementing, maintaining and auditing Information Security Management System
  • All employees whose work responsibility directly affects the performance of the Information Security Management System
  • Anyone who is responsible for loading an audit of their own or another company’s Information Security Management System
  • Management System Professionals and ISMS Administrators, Executives who wants to improve their Information Security Management System
  • Any person involved in organizing. planning and conducting first party, second party or third-party audits in Information Security Management System discipline
  • Those individuals willing to take up external auditing as a future profession by becoming an independent auditor and to become a registered ISO 27001:2013 Lead Auditor
  • Students who wish to learn and develop cross-functional skills for the challenging future assignments in Information Security Management System discipline

Pre-Requisites

Delegates attending this course are required to have a minimum level of “expected prior knowledge in the following areas:

  • Completion of secondary education
  • An understanding of report writing is desirable
  • Knowledge of the following principles and concepts:
    • The Plan, Do Check, Act (P-D-C-A) cycle
    • The relationship between Information Security Management and other Business Processes
    • Commonly used Information Security Management terms and definitions
    • The Process approach & Risk-based thinking in Information Security management system
    • Basic Understanding on Information Security Risks & Risk Treating Techniques
    • The structure and content of ISO 27001:2005/ISO 27001:2013
    • Knowledge of the requirements of ISO 27001:2005/150 27001:2013, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.

Learning Outcome

Upon completion of this course, delegates should be able to (Knowledge oriented)

  • Describe the purpose of an Information Security Management system, Information Security management systems standards, Management system audit and of third-party certification
  • Explain the role of an ISMS auditor to plan, conduct report and follow up of on Information Security management system audit in accordance with 150 15001:2018 (and 150 17025-12015 where appropriate)
Skills oriented
  • Plan, conduct, report and follow up on audit of information security management System to establish conformity (or otherwise) with 150 27001:2013 and in Accordance with 150 150:2013 and ISO 17025-1.2015

Course Venue/Mode

Courses are held through virtual class room and workshop and requirement standards will communicated by mail.

Duration

(40 Hours) in different formats as given below 5 Days consecutively/2+3 Days/3+2 Days/1+2+2 Days/2+1+2 Days

Methodology of delivery

  • Accelerated learning through Workshops & Exercises
  • Role play, case study and discussions between the groups and individuals
  • Mock audit and Presentation of findings

Examination

This course includes a 2 hours examination and on successful completion, delegates will be awarded certificate of achievement in case the delegate does not qualify the exam but attended the full course con re-sit for the exam with 1 month of course end-date.

Course Tutor(s)

KBS deploys highly experienced Professionals with Best experience in auditing & training