1. CQI and IRCA certified ISO/IEC 27001:2022 Lead Auditor (ISMS) Training Course (Course ID:2584)
CQI and IRCA Certified ISO/IEC 27001:2022 Lead Auditor ISMS Training Course
CQI and IRCA certified ISO/IEC 27001:2022 Lead Auditor (ISMS) Training Course (Course ID:2584)
|
Duration: 5 days |
Course Brochure: Download | Course Registration: Click Here |
| Price: TBD | Training Calendar: Click Here | In-house Training Enquiry: Contact Us |
Malaysia: HRDF grant claimable.
Overview:
- The aim of this course is to provide learners with the knowledge and skills required to perform first, second and third-party audits of information & cyber security management systems against ISO/IEC
27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO 17021 as applicable. - This course is designed for learners who have prior knowledge of information & cyber security management principles and concepts, and the requirements of ISO/IEC 27001 (with ISO/IEC 27002). Learning objective 1.1.1 and enabling objective 2.1 require learners to apply and extend this
prior knowledge in context with performing a management system audit. CQI and IRCA will accept training courses that include some coverage of the specific information & cyber security management-related clauses of ISO/IEC 27001, sufficient to enable learners to refresh their prior
knowledge. CQI and IRCA will not accept training courses designed to impart this knowledge. CQI
and IRCA will not accept a clause-by-clause analysis of ISO/IEC 27001 in certified courses. - This course does require learners to audit an information & cyber security management system against the
requirements of ISO/IEC 27001 (with ISO/IEC 27002), including the ability to identify audit evidence
to establish conformity or nonconformity. - Course examination questions can relate to any requirement of ISO 27001 and the expected prior
knowledge.
Learning Objectives:
KNOWLEDGE
- Explain the purpose and business benefits of an information & cyber security
management system, of information & cyber security management systems
standards, of management system audit and of third-party
certification. - Explain the role of an auditor to plan, conduct, report and follow up
an information & cyber security management system audit in accordance with
ISO 19011.
SKILLS
• Plan, conduct, report and follow up an audit of an information & cyber security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011.
Course Contents:
Knowledge
|
· Explain the purpose and business benefits of an information & cyber security management system and the business benefits of improving the effectiveness of an information & cyber security management system. · Explain the ISO/IEC 27001, PDCA cycle and ISMS requirements. |
Explain the purpose of and differences between first-party, second-party and third-party certification audit of management systems, including the role of the ISMS auditor in evaluating an organisation’s capability to protect the confidentiality, integrity and availability of information.
• Explain the benefits of third-party accredited certification of information & cyber security management systems for organizations and stakeholders.
• Explain the role of an auditor to plan, conduct, report and follow-up an information & cyber security management system audit in accordance with ISO 19011 (and ISO/IEC 17021 where appropriate).
SKILLS
Skills are to be practiced and tested through tasks and in real, or simulated, audit situations.
• Planning the audit
• Conducting the audit
• Auditing ISMS management system requirements
• Generating audit findings
• Reporting the audit
• Following up the audit
Prerequisites:
Students are expected to have the following prior knowledge:
MANAGEMENT SYSTEM
• The Plan, Do, Check, Act (PDCA) cycle
• The core elements of a management system and the interrelationship between top management responsibility, policy, objectives, planning, implementation, measurement, review and continuous improvement.
INFORMATION & CYBER SECURITY MANAGEMENT SYSTEM
• The fundamental concepts and the seven information & cyber security management principles (see ISO 27001) namely customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making and relationship management.
Summary of Course Features:
• CQI and IRCA(UK) Approved Course
• “Accelerated Learning Approach” with stimulating and enriching workshops/case studies activities
• “Workshop-based training” with comprehensive course notes & industrial examples
• Emphasized on Risk-based thinking, PDCA and the Process Approach concepts
• Focus on the more important (“high-risk”) processes and their outputs
• Examination based training, award CQI and IRCA Certificate of Achievement and Attendance
Examination:
An examination will be administered by CQI and IRCA via SARAS system. The examination would cover the topics covered in the course and would last one hour forty-five minutes. All the examination would be managed and results provided by CQI and IRCA.
Delegates Qualification:
All delegates who have successful passed the above courses have the opportunity to register as ISMS lead auditor with the CQI and IRCA. (Note: See *)
Who should attend:
• Management Representatives, internal auditors, 2nd party & 3rd party auditors who are responsible to provide “value added” ISMS audit to enable Continual Improvement.
Notes:
* For more information about auditor registration criteria, please visit CQI and IRCA website or send an email to applications@quality.org
^ Malaysia – Participants are eligible to apply for HRDF grant subject to HRDF approval. Participants are advised to obtain approval before training.
2. ISMS FDIS ISO 27001:2022 LATEST CHANGES
