Auditor/Lead Auditor Training Program on Information Security, Cybersecurity and Privacy Protection based on ISO/IEC 27001:2022

ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

This comprehensive five-day course is structured to provide a basic understanding of ISO/IEC 27001:2022 requirements blended with presentations, case studies, exercises, workshops, and role-plays to ensure that the participant thoroughly learns about the role of an auditor / lead auditor and acquires the expertise needed to perform effective audits.

At the end of this course, you will be able to:

• have essential knowledge and understanding of ISO/IEC 27001:2022
• assess the Information Security Management System of an organization in accordance with the requirements of the ISO/IEC 27001:2022 standard and ensure critical business information and assets are secured.

1. ISMS Concepts and ISO/IEC 27001 Standard

• ISMS concepts and benefits
• Risk assessment and management
• ISO/IEC 27001 standard requirements
• ISMS documentation

2. Auditing Concepts

• Audit objectives and auditing principles
• Types of audits
• Audit methods
• Audit process

3. Roles, Responsibilities, and Competency of Auditors

• Auditor and lead auditor’s responsibilities
• Competency of auditors
• Auditor's qualification and certification
• Auditor evaluation methods.

4. Planning an Audit

• Pre-audit planning
• Reviewing documentation
• Developing an audit plan
• Preparing checklists or working documents
• Communication factors

5. Conducting an Audit

• Opening meeting
• Effective interviewing techniques
• Collecting and verifying objective/audit evidence
• Identifying and recording nonconformities
• Closing meeting
• Do’s and Don’ts of auditing

6. Reporting Audit Results

• Preparing the audit report
• Distributing the audit report

7. Follow-up Actions

• Follow-up actions of an audit
• Corrective action of reporting
• Follow-up scheduling
• Monitoring corrective action

8. CQI IRCA Certification

• Registration process
• Code of conduct

9. Written Examination (Online)

• Chief Information Security Officer
• Information Security Practitioners, Head-IT
• Information Security Management System Consultants
• Information Security Management System Management Representative
• Information Security Managers and core group members are responsible for establishing, implementing, maintaining, and improving Information Security Management Systems
• Professionals who have a role to play in the auditing of Information Security Management Systems

Prior knowledge about concepts of information security and information security management system (ISO/IEC 27001) is mandatory.

Please Note: This course is not for filling gaps in the knowledge about the standard; but for enhancing the knowledge about the same with regards to conducting relevant audits.

The course will be conducted by our experienced lead auditors, who have audited numerous organizations.

Business Benefits from this Course

• Meet legal and regulatory compliance
• Follow a systematic approach to information security
• Improve information security and reduce overall business risk
• Limit IT security costs by reducing the risk of security breaches
• Gain significant marketplace advantage with a strong commitment to information security

TÜV SÜD South Asia as an approved training partner of CQI|IRCA and fulfils all compliances of the course PR373: ISMS ISO/IEC 27001:2022 Lead Auditor holding training course reference No 2544. Participants who score 70% and above in continuous assessment, plus 50% overall in each domain in final written examination will be issued a CQI|IRCA accredited certificate of successful completion of the course, which is a renowned certification and carries worldwide acceptance. Unsuccessful candidates will be issued a certificate of attendance.

Final examination will be conducted Online by CQI|IRCA. Please find exam framework for CQI|IRCA Lead Auditor Training Course as below:

• Exam duration: 1 hour 45 minutes
• Total number of items/questions: 40
• Maximum available: 80
• Learners must achieve the minimum passing mark for each domain and an overall score of 40 marks (50%)
• Open book exam. Learners can access relevant ISO standard during exam (electronic or paper copy permitted)

1. What is the mode of this course?
The course is available in either modes, classroom or virtual.

2. Is VILT a live training, or do I get access to watch pre-recorded videos?
This is a live virtual instructor-led training (VILT) session where you can interact with the trainer. Pre-recorded videos are not available or permitted.

3. Will I get a refund if I cancel my enrolment?
Please check Cancellation and Refund Policy page.

4. Can the dates of the training be customized?
The training dates are published in advance, although you may let us know your preferred dates for exclusive training by mailing us on [email protected].

5. How does the ISMS Lead Auditor Training help?
The training adequately equips you with the necessary knowledge and skills in ISMS to conduct effective audits.

6. To whom is this training relevant?

• Personnel who want to pursue an auditing career in information security and who are interested in assessing the ISMS of an organization.
• Consultants who want to be in an advisory role to an organization.
• Top Management (IT Head, CISO etc.) responsible for the IT governance of an enterprise and the management of its risks.

7. Are there any prerequisites to attending the training?
Prior knowledge of ISO/IEC 27001 standards is desirable. This course is not for filling gaps in the knowledge about the standard; but for enhancing the knowledge about the same with regards to audit context.

8. How are the examinations hosted?
Open book online exam with AI remote proctoring.

9. What is the duration of the examination?
The exam duration is 1 hour 45 minutes. For any participant having a physical disability that will place the learner at a substantial disadvantage in an online exam situation, CQI permits an additional time of 30 minutes to complete the exam.

10. How are participants assessed during the course?
There are two assessment methods.

• Continuous assessment: Participants are assessed throughout the training course for punctuality, presentation skills, interactive approach, involvement, role-play, daily tests, etc.
• Written exam: Participants must appear for an online examination (open book) at the end of the course, which is remotely proctored.

11. What is the passing criterion for a written examination?
Participants must achieve the minimum 50% in each domain and an overall score of 40 marks (50%) to pass the exam successfully.

12. Will I be awarded a certificate for attending the training course?

Certificate of Successful Completion: Will be awarded only if

• Participants score 70% and above in the continuous assessment and
• Participants achieve the minimum 50% in each domain and an overall score of 40 marks (50%) in the written online exam.
• Certificate of Attendance: Will be awarded only if participants who have satisfied the attendance requirement and have not been successful in the online final examination or the continuous assessment component.

13. Is it possible to retake the online final exam? Under what conditions is this possible?
Students who fail the written examination, but pass the continuous assessment, are allowed to retake the CQI|IRCA examination only once within 12 months from the last training date. However, the students who fail the continuous assessment will not get a chance to retake the final online exam but will have to attend the whole course again.

14. Will I be charged for an online exam retake?
Yes, additional charges would be applicable for a retake exam, and you will have to contact one of the TÜV SÜD representatives for the fees and exam retake details.

• Tata Consultancy Services
• Siemens
• Infosys
• Hitachi Solutions
• Mahindra
• Robert Bosch
• HCL
• SISA
• ESDS Software Solution Limited