CQI and IRCA Certified ISO/IEC 27001:2022 Lead Auditor ISMS Training Course

CQI and IRCA certified ISO/IEC 27001:2022 Lead Auditor (ISMS) Training Course (Course ID:2584)

Malaysia: HRDF grant claimable.

Overview:

• This course meets the Chartered Quality Institute & International Register of Certificated Auditors Criteria, PR373 Course Specification: ISO 27001:2022 Lead Auditor ISMS Training Course.

Learning Objectives:

KNOWLEDGE

• Explain the purpose of business benefits of an information security management system, of information security management systems standards, of management system audit and of third-party certification

• Explain the role of an auditor to plan, conduct, report and follow up an information security management system audit in accordance with ISO 19011.

SKILLS

• Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011.

Course Contents:

Knowledge

Explain the purpose of and differences between first-party, second-party and third-party certification audit of management systems, including the role of the ISMS auditor in evaluating an organisation’s capability to protect the confidentiality, integrity and availability of information.

• Explain the benefits of third-party accredited certification of occupational health & safety management systems for organizations and stakeholders.

• Explain the role of an auditor to plan, conduct, report and follow-up an information security management system audit in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate).

SKILLS

Skills are to be practiced and tested through tasks and in real, or simulated, audit situations.
• Planning the audit
• Conducting the audit
• Auditing ISMS management system requirements
• Generating audit findings
• Reporting the audit
• Following up the audit

Prerequisites:

Students are expected to have the following prior knowledge:

MANAGEMENT SYSTEM
• The Plan, Do, Check, Act (PDCA) cycle
• The core elements of a management system and the interrelationship between top management responsibility, policy, objectives, planning, implementation, measurement, review and continuous improvement.

INFORMATION SECURITY MANAGEMENT SYSTEM
• The fundamental concepts and the seven information security management principles (see ISO 27001) namely customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making and relationship management.

Summary of Course Features:

• CQI and IRCA(UK) Approved Course
• “Accelerated Learning Approach” with stimulating and enriching workshops/case studies activities
• “Workshop-based training” with comprehensive course notes & industrial examples
• Emphasized on Risk-based thinking, PDCA and the Process Approach concepts
• Focus on the more important (“high-risk”) processes and their outputs
• Examination based training, award CQI and IRCA Certificate of Achievement and Attendance

Examination:

An examination will be administered by CQI and IRCA via SARAS system. The examination would cover the topics covered in the course and would last one hour forty-five minutes. All the examination would be managed and results provided by CQI and IRCA.

Delegates Qualification:

All delegates who have successful passed the above courses have the opportunity to register as ISMS lead auditor with the CQI and IRCA. (Note: See *)

Who should attend:

• Delegates with some understanding of the content, application, development and implementation of the ISO 27001 series of standards and who wish to subsequently practice as an ISMS auditor.

• Management Representatives, internal auditors, 2nd party & 3rd party auditors who are responsible to provide “value added” ISMS audit to enable Continual Improvement.

Notes:

* For more information about auditor registration criteria, please visit CQI and IRCA website or send an email to marketing@quality.org

^ Malaysia – Participants are eligible to apply for HRDF grant subject to HRDF approval. Participants are advised to obtain approval before training.