ISO 27001 - ISMS Lead Auditor

ISM Lead Auditor (5 days)

The ISO 27001 audit training course teaches participants the foundations of the audit of Information Security Management System (ISMS). Taking place over five days, including the official certification exam, the course gives students basic training in how to conduct audits in accordance with the registration process for the ISO 27001:2005 standard. The lectures and audit exercises are based on the guidelines for the ISO 19011:2002 audit as well as the various standards in the ISO 27000 family.

• Objectives and course structure
• Information Security Standard
• Certification Process
• Fundamental Principles of Information Security
• Information Security Management System

• Fundamental Audit Concepts and Principles
• Evidence based approach
• Audit Preparation
• Documentary Audit
• Preparing for the On-site Audit Activities
• Conducting On-site Activities

• Communication during the audit
• Audit Procedures
• Drafting of conclusions and non-conformity reports

• Audit Documentation
• Review of the Audit Notes
• Audit Conclusions
• Managing an audit program
• The competence and evaluation of auditors
• Training Closure

• 3-hour examination leading to certification as an ISO 27001 Lead Auditor. The training course and examination are accredited by RABQSA, a US certification body recognized by other personnel certification bodies including IRCA.

• The ISMS Foundation course or basic knowledge of the ISO 27001 and ISO 27002 standards is recommended.

• Maximum number of students: 10
• A copy of the ISO 19011, ISO 27001 and ISO 27002 standards will be provided to participants.
• A certificate of attainment will be given to participants who successfully pass the examination (certified by RABQSA).