Productivity & Quality Institute  Alexandria

ISO 27001 Lead Auditor Information Security Management Systems

The course enables participants to develop the expertise needed to audit an Information Security Management System (ISO 27001) and to manage a team of auditors by applying widely reorganized audit principles, procedures, and techniques.
The participant will be able to develop the abilities mastering audit techniques, and skills for managing, audit teams and audit program, communicating with customers, conflict resolution, etc. This course meets the training requirements for those seeking registration as an auditor under the CQI|IRCA Auditor Registration scheme.

Course Objectives

  • Understand the application of the Information Security Management System in ISO 27001 context.
  • Understand the relationship between Information Security Management System, including the management of risks and controls and the various stakeholders.
  • Understand audit principles, procedures, techniques, and being able to apply them in the audit framework.
  • Understand the legal, statutory or contract obligations relevant during an ISMS audit.
  • Acquire the personal skills required to perform an audit in an effective and cost-effective manner and manage an audit team.
  • Preparing and completing an audit report ISO 27001.

Course Contents

  • Introduction and overview of Information Security Management Systems.
  • ISO 27001 Structures.
  • Information security Risk Assessment.
  • Introduction to Audit.
  • Audit Planning and Preparation.
  • Conduct the Audit.
  • Audit Review, Reporting and Follow-up.

Duration

  • 5 Days / 40 Hrs.

Course Prerequisite

  • Understand the Plan-Do-Check-Act (PDCA) cycle.
  • Awareness of the need for information security.
  • The assignment of responsibility for information security.
  • Incorporating management commitment and the interests of stakeholders.
  • Enhancing societal values.
  • Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk.
  • Incorporating security as an essential element of information networks and systems.
  • The active prevention and detection of information security incidents.
  • Ensuring a comprehensive approach to information security management.
  • Continual reassessment of information security and making modifications as appropriate.
  • The requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.

Certification

  • Delegates shall be awarded a certificate of successful completion for passing the written examination and the continual assessment.
  • Non-Successful delegates shall receive a certificate of attendance approved by AASTMT.
  • Successful delegates shall receive certificates approved by CQI|IRCA.

Teaching Language

  • English / Arabic

Instructor/Trainer Qualification

  • Fulfills CQI|IRCA requirements for this scheme.

For more information or registration, click here