ISO/IEC 27001:2022 Information Security Management Systems Auditor/ Lead Auditor (CQI IRCA) Training

Classroom Training05 daysAdvanced

Our ISO/IEC 27001:2022 Information Security Management Systems (ISMS) auditor/ lead auditor (CQI IRCA) certificate will give you an edge in the information security market with world-class training from TÜV SÜD experts. This 5-day course is CQI & IRCA (http://www.quality.org/) accredited training. By completing this course, you will:

  • Receive a globally recognised ISO/IEC 27001:2022 Information Security Management Systems auditor/ lead auditor (CQI IRCA) certificate
  • Gain a 360⁰ understanding of the concept of Information Security Management Systems auditing
  • Learn from our team of experienced and knowledgeable TÜV SÜD experts in information security
  • Learn through lectures, case studies, group exercises, and discussions
  • Meet and build relationships with other professionals interested in information security management

Information, being a valuable asset and a building block and key to the growth of any organisation needs to be suitably protected like any other important business asset. In the modern world, this asset becomes crucial for success and maintaining credibility.

If this asset is compromised, then the organisation may have to face various threats and risks like brand image erosion, business disruption, financial and productivity loss etc. Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, maximise return on investments and increase business opportunities.

The intensive ISO/IEC 27001:2022 lead auditor course is a key requirement for becoming a registered auditor/lead auditor. The course is structured to provide the knowledge and skills required to assess the Information Security Management System of an organisation with respect to the requirements of the ISO/IEC 27001:2022 standard.

By the end of the course, you will:
  • Understand the purpose of an Information Security Management System and the processes involved in establishing, implementing, maintaining and continually improving an ISMS
  • Know the key changes in ISO 27001:2013 vs ISO 27001:2022
  • Be able to apply the PDCA approach to information security management processes
  • Understand the role and skills required by an auditor / lead auditor
  • Understand auditing concepts and principles
  • Know how to plan, conduct and report audits in accordance with ISO 19011.

Our ISO 27001 lead auditor course will provide participants with a comprehensive understanding of the ISO/IEC 27001:2022 standard and the skills necessary to conduct effective ISMS audits.

ISMS concepts and ISO 27001 standard
  • ISMS concepts and benefits
  • Risk assessment and management
  • ISO 27001 process framework requirements
  • ISO 27001 standard requirements
  • ISMS documentation
Auditing principles
  • Auditing objectives
  • Types of audits
  • Process approach
Roles and responsibilities of auditors
  • Auditors and lead auditors
  • The auditors’ responsibilities
  • The lead auditors’ responsibilities
  • Auditors qualification and certifications
Planning an audit
  • Pre-audit planning
  • Reviewing documentation
  • Developing an audit plan
  • Preparing checklists or working documents
  • Communication factors
Conducting an audit
  • Opening meeting
  • Collecting objective/audit evidence
  • Effective interviewing techniques
  • Identifying and recording nonconformities
  • Preparing for the closing meeting
  • Do’s and Don’t’s of auditing
Reporting audit results
  • Conducting the closing meeting
  • Preparing the audit report
  • Distributing the audit report
Corrective actions
  • Corrective action responsibilities
  • Follow up scheduling
  • Monitoring corrective action
ISO 27001 registration
  • Choosing a registrar
  • The registration process
  • Surveillance audits
Exercises / Roleplay (50% of course time)

Written Assessment

Our course is ideal for:
  • Information security professionals, IT heads
  • Chief Information Security Officers (CISOs)
  • Information security management system consultants, management representatives
  • Information security managers and core group members responsible for establishing, implementing, maintaining, auditing, and improving informationSecurity Management Systems
  • Professionals who have a role to play in the implementation of informationSecurity Management Systems

The participants interested in attending this course must have prior knowledge of the management system and principles and concepts of Information Security Management.

Participants are expected to have the following prior knowledge:

1. Management systems
  • Understand the Plan-Do-Check-Act (PDCA) cycle
2. Information security management
  • Knowledge of the following information security management principles and concepts:
  • Awareness of the need for information security
  • The assignment of responsibility for information security
  • Incorporating management commitment and the interests of stakeholders
  • Enhancing societal values
  • Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk
  • Incorporating security as an essential element of information networks and systems
  • The active prevention and detection of information security incidents
  • Ensuring a comprehensive approach to information security management
  • Continual reassessment of information security and making of modifications as appropriate
3. ISO/IEC 27001
  • Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an IRCA-certified ISMS Foundation Training course or equivalent.

Please submit relevant proofs to demonstrate that you meet the prerequisites for this course.

This course is not for filling gaps in your knowledge about the ISO/IEC 27001:2022 standard; but for improving the knowledge about the same from an audit perspective.

Becoming a certified ISO/IEC 27001:2022 lead auditor will give you the knowledge and skills to assess an organisation’s ISMS against the standard’s requirements.

Career opportunities in the field of information security include:
  • ISO/IEC 27001:2022 lead auditor
  • ISMS consultant
  • Information security manager
  • ISMS auditor
  • Information security risk assessor
Certified ISO/IEC 27001:2022 lead auditors are in high demand in a variety of industries, including:
  • Financial services
  • Healthcare
  • IT
  • Government
  • Education
  • Manufacturing

The course content and structure are designed by the domain experts from TÜV SÜD.

With immense experience and knowledge of the relevant standards, our team of product specialists and technical experts at TÜV SÜD developed the course content based on the current business landscape and market requirements.

The course will be conducted by our experienced lead auditors, who have audited numerous organisations.


Participants will be assessed throughout the course on various factors, including punctuality, presentation skills, interactive approach, involvement, role-play, and daily tests. The final assessment will be a closed-book test, with the only permitted reference material being a copy of the ISO/IEC 27001:2022 standard.

The passing criteria for the examination is 70%.

CQI-IRCA Registered Certificate

TÜV SÜD South Asia is an Approved Training Partner of CQI IRCA and fulfils all compliances of the course PR 320: ISMS ISO/IEC 27001:2022 Lead Auditor training course reference No. 17829.

Participants who score 70% or higher in the continuous assessment and written examination will be awarded a CQI (Chartered Quality Institute) and IRCA (International Register of Certificated Auditors) registered certificate of successful completion.

Unsuccessful candidates will be awarded a certificate of attendance from TÜV SÜD South Asia.

1. Can I also attend the e-learning courses on top of attending the ISO/IEC 27001:2022 ISMS auditor/lead auditor course?
Yes, you can register for any e-learning course at TÜV SÜD.

2. How do I enroll in the ISO/IEC 27001:2022 Information Security Management Systems auditor/lead auditor (CQI IRCA) course?
To enroll in the ISO/IEC 27001:2022 Information Security Management Systems auditor/lead auditor (CQI and IRCA) course, click “Buy now” and check out your cart.

3. What is the ISO/IEC 27001:2022 auditor/lead auditor course methodology?
The ISO 27001 lead auditor training will be delivered using various interactive learning methods, including case studies, group exercises, and discussions. This will help you learn and practically apply the concepts of ISO/IEC 27001:2022.

4. Can I get a refund if I cancel my enrollment?

  • If you communicate the cancellation to us by email within 14 days before the confirmed training date, we will not provide a refund for the training.
  • If you communicate the cancellation to us by email more than 14 days before the confirmed training date, we will provide a 50 % refund for the training.

5. Will there be any mid-course assessments?
Participants will be assessed throughout the course for punctuality, presentation skills, interactive approach, involvement, roleplay, daily tests, etc.

Net Price (excl. GST)
S$ 2,108.00

Currently there are no events bookable.

Request availability

Recently Viewed

View All