ISO IEC 27001 Lead Auditor Conversion

ISO/IEC 27001:2022 Lead Auditor Conversion (ISMS) Training Course

Be well equipped to effectively manage your organisation’s ISMS

Be well equipped to effectively manage your organisation’s ISMS

about the course

ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

Information being a valuable asset and building block is important to the growth, success and maintaining credibility of any organisation. Information needs to be suitably protected like any other important business asset. If this asset is compromised, then the organisation may be exposed to various threats including cybersecurity threats, identity theft and risks which may lead to brand image erosion, business disruption, financial and productivity loss etc.

The course is structured to provide the knowledge and skills required to assess the Information Security Management System of an organisation in accordance with the requirements of the ISO/IEC 27001:2022 international standard.

Duration: 3-day course

Language: English



  • Course Objectives

    At the end of this course, participants will be able to:

    • Be equipped with the auditing knowledge and skills to conduct effective audits.
    • Understand the purpose of an Information Security Management System and the processes involved in establishing, implementing, maintaining and continually improving an ISMS.
    • Understand auditing concepts, principles and the role and skills required by an auditor / lead auditor.
    • Develop skills to plan conduct, report and follow up audits in accordance with ISO 19011.
  • Course Content

    Topics to be covered include:

    1. ISMS concepts & ISO/IEC 27001 standard

    • Concept & benefits
    • Risk assessment & management 
    • Standards requirements & documentation

    2. Auditing principles

    • Objectives and types of audits
    • Process approach

    3. Roles, responsibilities & competency of auditors

    • Responsibilities of auditors and lead auditors
    • Competency of auditors
    • Auditor qualification and certifications

    4. Planning an audit

    • Pre-audit planning
    • Reviewing documentation
    • Developing an audit plan 
    • Preparing checklists or working documents
    • Communication factors

    5. Conducting an audit

    • Conducting opening meeting
    • Collecting objective/audit evidence
    • Effective interviewing techniques
    • Identifying and recording nonconformities
    • Preparing and conducting closing meeting
    • Do’s and Don’ts of auditing

    6. Reporting audit results

    • Preparation and distribution of the audit report

    7. Following up on the audit

    • Corrections, root cause analysis and corrective action
    • Effectiveness of corrective actions

    8. CQI IRCA Registration Process

    9. Exercises / Workshops / Roleplays

    10. Written Examination



Continuous Assessment: Participants will be assessed throughout the course for punctuality, presentation skills, interactive approach, involvement, role-play, daily tests etc.

Passing criteria: 70%

Examinations : According to South Asia and CQI IRCA, written exams online are ‘Open Book’. An exam link by CQI IRCA will be sent to the participant on the last day of training date. 
Participants are given 30 days to access the exam link. Exam link will expire after 30 days. 
Duration of exam: 1 hour 40 min
Pass criteria: 70% overall and 50% in each section 

CQI-IRCA Registered Certificate

  • TÜV SÜD South Asia as Approved Training Partner of CQI IRCA fulfills all compliances of the course PR 320 : ISMS ISO/IEC 27001:2022 Lead auditor holding training course reference No. 17829
  • Participants who scores 70% and above in both the continuous assessment and written examination will be issued an CQI (Charted Quality Institute) & IRCA (International Register of Certificated Auditors) registered certificate of successful completion of the course.
  • Unsuccessful candidates will be issued a certificate of attendance from TÜV SÜD.

WHO SHOULD TAKE THE ISO/IEC 27001 Auditor Conversion Training Course?

This course is specially designed for:

  • Anyone who has completed the CQI IRCA LATC in another discipline or previous version of ISO/IEC 27001
  • Information Security Practitioners, Head - IT
  • Chief Information Security Officer
  • Information Security Management System Consultants
  • Information Security Management System Management Representative
  • Information Security Managers and core group members responsible for establishing, implementing, maintaining, and improving Information Security Management Systems
  • Professionals who have a role to play in the auditing of Information Security Management System
  • Prerequisities

    Prior knowledge about concepts of information security and management system audit is mandatory. This course is not for filling gaps in the knowledge about the standard; but for enhancing the knowledge about the same with regards to audit context.

    *Relevant proofs to be submitted



The course content and structure are designed by the domain experts from TÜV SÜD.

With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.

  • What are the benefits of enrolling in this course?
    • World-class training – by learning from TÜV SÜD’s industry experts and training specialists
    • Interactive learning style – with interactive formats such as lectures, illustrations and simulations are used
    • Networking opportunity – where you can meet and build network with like-minded individuals at our instructor-led training
    • Gain a competitive edge – by getting trained by experts known in the fields of safety, security and sustainability



Next Steps

Site Selector