May 15, 2017 CERT.Global 2743times

Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course

(Registered Course Nr. PR320 / A17533)

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation and continual improvements in the management system to control the risks and achieve its expected outcome.

Introduction 

This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course (Registered Course Nr. PR320 / A17533) is part of International recognized CQI/IRCA ISMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.  

To participate in this training course, the following prior knowledge was expected: 

  1. Knowledge of Management System Compliance (ISO 19600)
    • Process approach (Plan-Do-Check-Act)
    • Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies, and procedures.
    • Top management leadership, other roles and responsibilities to support management system
    • Consideration of planning a management system - identify the organizational and technical measures to manage the identified risk
    • Supporting required by the management system 
    • Management system operation consideration - monitoring, reporting and communicating 
    • Performance evaluation of a management - objectives evaluation, Internal Audits, and Management Review 
    • Continually improve the effectiveness of a management system
  2. Knowledge of risk management (ISO 31000)
    • risk management process 
    • risk criteria
    • risk assessment (includes risk identification, analysis, and evaluation)
    • risk treatment 
    • risk communication, monitoring, and improvements
  3. Knowledge of information security management principles and concepts includes but not limited to:
    • awareness of the need for information security;
    • the assignment of responsibility for information security;
    • incorporating management commitment and the interests of stakeholders;
    • enhancing societal values;
    • using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
    • incorporating security as an essential element of information networks and systems;
    • the active prevention and detection of information security incidents;
    • ensuring a comprehensive approach to information security management;
    • continual reassessment of information security and make of modifications as appropriate.
  4. Knowledge of Management system audit (ISO 19011)
    • Audit programme management 
    • Initial the audit
    • Prepare for an audit
    • Document review
    • Preparing for the on-site audit
    • Audit skills
    • Conducting on-site audit 
    • Preparation of Audit evidence and findings
    • Audit report
    • Audit follow-up 
  5. ISO/IEC 27001: Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.
  6. Understand the management system certification requirements, i.e. ISO/IEC 17021-1 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements 

Note. You are advised that course examination questions can relate to any requirement of ISO/IEC 27001 and the expected prior knowledge. For delegates who do not have these, we recommend attending our foundation training course. 

Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to latest ISO/IEC 27001 in any organization.

Suggested job functions and their teams include:

  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants

Learning objectives

  • Learn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification
  • Learn how to explain the role of an auditor to plan, conduct, report, and follow-up an ISMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
  • Learn how to plan, conduct, report and follow-up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  • Your organization will have an internal resource and process to be able to conduct its own audit of its ISMS to assess and improve conformance with ISO/IEC 27001
  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization
  • Successful auditing will improve the protection of an organization’s personal data and trade secret to meet market assurance and corporate governance needs
  • Understand how to identify gaps in an ISMS system
  • Accurately audit will be able to provide continuous improvement to a management system
  • Meet training requirements for CQI/IRCA auditor certification 

Course outline

Day 1, Information security management systems knowledge (ISO 27001)

  • Management system structure (MSS) and process approach (PDCA)
  • Understand the organization's compliance risk
    • Understanding of organization, interested parties, and their requirements 
    • Management system scoping 
  • Leadership and commitment
    • Top management leadership, management system policy and objectives 
    • Support the management system and a documented management system
  • Compliance risk management and objectives
    • Information asset management (asset register, asset owner)
    • Information security risk management requirements and process
    • Risk assessment (identify the risk, risk owner, risk analysis and risk evaluation)
    • Risk treatment (treatment options, Statement of Applicability(SoA), risk treatment plan)

Day 2, Guidelines for auditing management systems (ISO 19011 and ISO 17021) - Auditor, audit types and certification process

  • Management system operation
  • Management system performance evaluation and improvement processes
  • Auditor's role, responsibility, and competence
  • Different types of audit and certification process

Day 3, Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

  • Roles and responsibilities in an audit 
  • Management system performance evaluation and continual improvement requirements 
  • Different types of audit
  • Audit programme and purpose
  • Planning an audit (initiate the audit, feasibility analysis)
  • Conduct a Stage 1 audit (document review)
  • Preparation for Stage 2 (on-site) audit - audit plan
  • Preparation of audit work documents includes checklist and audit trails 

Day 4, Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting
  • Role play for audit scenarios 
  • Practice audit skills of collecting audit evidence
  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 
  • Prepare audit report 

Day 5, Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

  • Audit conclusion 
  • Closing meeting 
  • Audit follow-up
  • Evaluating correction, the corrective action including root cause analysis and audit finding closure
  • Management system certification 
  • Course summary and examination 

What's included?

  • Course material
  • CQI/IRCA auditor course examination 
  • Course certificate

Organizational information

  • Delegates should note that there are evening works during the course
  • The minimal numbers of delegates for this course are 4 and the maximum is 20. If the students are less than 4, the course will be postponed.
  • This course is facilitated by www.TKSG.global online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
  • This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes infotech Inc.

Additional Info

Venue (地點): Public or In-house training
Time (時間): Course time: 40 hours
Facilitator (講師): Authorized tutor

Related items

Information Security Risk Management (ISO/IEC 27005:2018) for Leaders and Management (incorporating ISO 31000:2018 requirements)
Information Security Risk Management (ISO/IEC 27005:2018) for Leaders and Management (incorporating ISO 31000:2018 requirements)

Understand how to apply and integrate the information security risk management process (ISRM, ISO/IEC 27005) as part of the organization's business risk management (ISO 31000). 

May 15, 2017
ICT Business Continuity and Disaster Recovery Professional Training Course
ICT Business Continuity and Disaster Recovery Professional Training Course

Understand how to apply business continuity risk management principles (ISO 22301) on the organization's ICT business continuity and disaster recovery management.

May 15, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipment, people, communication, networking, system, and application.

May 15, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

May 15, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course

To compliance with ISO/IEC 27001, the organisation shall demonstrate its capability on conducting an effective Internal Audit, to ensure the management system fulfills legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures requirements.

Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.

May 15, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

May 15, 2017
Risk Management (ISO 31000) on Information Security Management Training Course
Risk Management (ISO 31000) on Information Security Management Training Course

Understand how to apply risk management principles (ISO 31000) on organization's information security management.

May 15, 2017
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services

協助企業在即時偵測惡意攻擊與可疑的內部資料外洩偵測行為,防止惡意軟體蒐集將資料外送。

May 15, 2017
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework