Information security, increasingly becoming more and more popular so the auditing of information security is the same. The data and the assests of any organisation and security, availability and integrity of these are very important for effective running of any business.
Auditing the information security management system of an organization as a third party, independently and impartially, is one of the way of identifying the weaknesses, effectiveness and threats. Identification of the system performance and identification of effectiveness requires auditors with special knowledge and skills. This course is mainly for preparing the auditors with such knowledge and skills.

Who Should Attend ?

Information Security management system lead auditor course is designed primarily for those who want to become third party auditor on the subject.
It helps them to perform capable and value-adding audits, and also to develop attendees wider understanding of information security management systems design and implementation. Brings a different view infront of the delegates as to see and test the system as an auditor watch.
The aim of this course is to provide delegates with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO 17021, as applicable. All references in this document to ISO standards are to the current versions unless otherwise stated.

Course Program

ISMS Management System Lead Auditor Course Start & Review Precourse Study
Information Security Management Systems Purpose & Benefits
Terms & Terminology
PDCA Cycle
Processes In Operation Of Information Security Management System
Information Security Management System Documented Information
Audit Types & Auditors
Accreditation, Certification
People In Audits Roles & Responsibilities
Identifying Auditor Characteristics & Confidentiality
Audit Types
Audit Proces
Audit Objectives & Scope & Criteria
Identification Of An Audit Duration
Resourcing An Audit
Preparing Stage 1 Audit & Communication
Stage 1 Audit
Audit Planning
Checklists & Preparation
Checklists & Preparation
Auditing (Stage-2) & Questioning
Opening Meeting
Sampling & Sampling Planning
Stage 2 Audit & Live Audit
Live Audit Review
Nonconformity Identification
Nonconformity Reporting
Closing Meeting
Audit Reporting
Post Audit Activities Nonconformity Closing

Pre-course Requirements ?

This course will benefit you best with your initial knowledge about;
Management systems
Understand the Plan-Do-Check-Act (PDCA) cycle
a) Information security management
Knowledge of the following information security management principles and concepts:
 Awareness of the need for information security;
 The assignment of responsibility for information security;
 Incorporating management commitment and the interests of stakeholders;
 Enhancing societal values;
 Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
 Incorporating security as an essential element of information networks and systems;
 The active prevention and detection of information security incidents;
 Ensuring a comprehensive approach to information security management;
 Continual reassessment of information security and making of modifications as appropriate.
b) ISO/IEC 27001
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing CQI and IRCA Certified ISO 27001:2013 Foundation (ISMS) Training course or equivalent.

Course Approval?

This course approved by CQI & IRCA with the registration no:17835

Course Delivery?

This course can be delivery both as classroom training or virtual classroom training. In case of virtual class course the exam will be classroom based on the planned venues.