ISO 27001 - ISMS Lead Auditor

This five-day course will enable participants to develop the expertise needed to audit an Information Security Management System (ISO 27001) and to manage a team of auditors by applying widely recognised audit principles, procedures and techniques. During the training participants will acquire the knowledge needed to plan and perform audits compliant with the certification process of standard 27001:2005. Based on practical exercises, the participant will be able to develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, and conflict resolution) necessary to the conduct of an audit.

 

The training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). An audit kit developed by experienced auditors will be distributed to participants.

 

Objectives:

 

• Understanding the application of the information security management
   system in the ISO 2701:2005 context.

• Understanding the relationship between the information security
   management system, including the management of risks and controls,
   and the various stakeholders.

• Understanding audit principles, procedures and techniques, and being
   able to apply them in an ISO 27001 audit framework.

• Understanding the legal, statutory, regulatory or contract obligations
   relevant during an ISMS audit.

• Acquiring the personal skills required to perform an audit in an effective
   and cost-effective manner, and managing an audit team.

• Preparing and completing an audit report ISO 27001.

 

Audience:

 

• Persons wanting to lead ISO 27001 certification audits as the person in
   charge of an audit team.

• Consultants wanting to prepare and support a company in an audit
   certification ISO 27001.

• Internal advisors to a company or internal auditors who want to prepare
   and support a company in a certification audit ISO 27001.

• Persons in charge of information security or conformity internally for the
   organisation.

• Expert advisors in information technology.

 

Prerequisites:

 

• ISO 27001 Foundations training or a basic knowledge of ISO 27001
   and ISO 27002 standards is recommended

 

Course Details:


Day 1: Introduction to the management of an Information Security Management System based on ISO 27001:

 

• Course objectives and structure

• Normative and regulatory framework

• ISO 27001 certification process

• Fundamental principles in Information Security and Risk Management

• Information Security Management System (ISMS)

• Introduction to clauses 4 to 8 (ISO 27001)

 

Day 2: Launching an ISO 27001 audit:

 

• Fundamental concepts and principles in audit

• Ethics and professional rules of conduct in audit

• Audit approach based on evidence and on risk

• Preparation of an ISO 27001 certification audit

• Documentation audit

• Preparing the audit plan

• Conducting an opening meeting

 

Day 3: Conducting an ISO 27001 audit:

• Communication during the audit

• Audit procedures (observation, interview, sampling techniques)

• Drafting audit findings and nonconformity reports

 

Day 4: Closing an ISO 27001 audit:

• Audit documentation

• Review of audit notes

• Closing an ISO 27001 audit

• Managing an audit program ISO 27001

• Competence and evaluation of auditors

• Completion of training

 

Day 5: Examination

• Examination

 

Examination:

• The certified ISO 27001 Lead Auditor exam covers the following
   competency units:

• (Information Security)

• (Audit Techniques)

• (Techniques for Lead Auditor)

• The ISO 27001 Lead Auditor exam is available in English, French
   or Spanish

• Duration of the exam: 3 hours

• A certificate will be issued to participants who successfully complete
   the exam

• After the training, the participant can apply for the title of ISO 27001
   provisional auditor, ISO 27001 auditor, ISO 27001 principal auditor or
   ISO 27001 lead auditor depending on their experience

• The certificate for the successful completion of the ISO 27001 Lead
   Auditor exam is recognised by IRCA (International Register of
   Certificated Auditors) and meets the IRCA/2016 certification criteria.
   A participant can register as IRCA or RABQSA auditor

• Successful participants can register as an accredited IRCA auditor

 

General:

• A copy of ISO 27001 standard is distributed to participants

• A 35 CPE (continuing professional education) participation certificate
   will be issued to participants

• An audit toolkit as well as a student manual containing over 400 pages
   of information and practical examples will be distributed to participants