The aim of this Information Security Management System Auditor/Lead Auditor course is to equip students with the necessary abilities and expertise to conduct audits, including first-party, second-party, and third-party audits, of an Information Security Management System as per ISO 27001:2013, complying with ISO 19011:2018 and ISO 17021-1:2015 where relevant. The course is tailored to fulfill the prerequisites for those seeking to become registered Auditors or Lead Auditors and it is conducted in compliance with certified regulation policies. The course structure includes an introduction and comprehensive course content.
Overview of Information Security Management System, including principles, terms, and definitions.
Auditing requirements for an Information Security Management System according to ISO 27001:2013 standards.
Roles and responsibilities of Auditors and Auditees.
Audit terminologies, principles, and types.
Establishing, implementing, monitoring, reviewing, and improving an audit program.
Planning and conducting audits (Stage 1 & Stage 2) in compliance with
ISO 19011:2018 , ISO 17021-1:2015.
Classification of audit findings and reporting methods.
Follow up and completion of the audit.
Competence and evaluation of Auditors.
Who should attend?
Certification Bodies responsible for running certification schemes.
Management Representatives, Information Security Core Group members, and other process heads accountable for creating, implementing, maintaining, and auditing an Information Security Management System.
All employees whose job responsibilities directly impact the Information Security Management System's performance.
Anyone responsible for leading an audit of their own or another company’s Information Security Management System.
Management System Professionals and ISMS Administrators, Executives seeking to enhance their Information Security Management System.
Anyone involved in organizing, planning, and conducting first-party, second-party, or third-party audits in Information Security Management System discipline.
Individuals interested in pursuing external auditing as a future profession by becoming an independent auditor and registering as an ISO 27001:2013 Lead Auditor.
Students seeking to learn and develop cross-functional skills for challenging future assignments in Information Security Management System discipline.
To attend this course, delegates must possess the following “expected prior
a) Completion of secondary education.
b) Desirable understanding of report writing.
c) Familiarity with the following principles and concepts:
The Plan, Do, Check, Act (P-D-C-A) cycle.
The relationship between Information Security Management and other business processes.
Commonly used Information Security Management terms and definitions.
The process approach and risk-based thinking in the Information Security Management system.
Basic understanding of Information Security Risks and Risk Treating Techniques.
ISO 27001:2005/ISO 27001:2013 structure and content.
Knowledge of ISO 27001:2005/ISO 27001:2013 requirements, which may be acquired by completing a certified Foundation Training course or its equivalent.
After completing this course, delegates should have the ability to:
Explain the purpose of an Information Security Management System, Information Security Management Systems standards, management system audit, and third-party certification.
Describe the role of an ISMS auditor in planning, conducting, reporting, and following up on an Information Security Management System audit in compliance with ISO 19011:2018 (and ISO 17021-1:2015, as appropriate).
Plan, conduct, report, and follow up on an audit of the Information Security Management System to determine conformity (or non-conformity) with ISO 27001:2013 in accordance with ISO 19011:2018 and ISO 17021-1:2015.
The course is conducted through a virtual classroom and workshop, and the
necessary standards and requirements will be communicated via email.
(40 Hours) In different formats as given below:
5 Days consecutively/ 2+3 Days/ 3+2 Days/ 1+2+2 Days/ 2+1+2 Days
Methodology of Delivery
The course is delivered using the following methods:
a) Workshops and exercises that promote accelerated learning
b) Role-play, case studies, and group and individual discussions
c) Mock audits and presentation of findings
Upon completion of the course, there will be a two-hour examination.
Successful delegates will receive a certificate of achievement. Delegates who
attended the full course but did not pass the exam can retake the exam within 12
months of the course end-date.
The course is led by highly experienced professionals from Crescosafe who
have extensive experience in auditing and training.
Please send us your details. Team Cresco Safe will get back to you at the earliest!
If you would like to know more about the above-mentioned courses