CQI/IRCA Registered ISO 27001:2013 Auditor/Lead Auditor Course

Course Objectives

  • To refresh/review the structure & requirements of ISO 27001:2013
  • To enable delegates understand Key concepts in Information Security Management System auditing
  • To impart/enhance practical auditing skills to become internationally recognized certified Auditor/Lead Auditor.
  • To enable the delegates to plan, conduct & manage ISMS external (second and third party) as well as internal audits in accordance with the principles & guidance of ISO/IEC 17021 & ISO 19011.

Course Features

This course is registered with CQI/IRCA (Chartered Quality Institute/International Register of Certificated Auditors, London) vide course registration no. A 17242 and satisfies part of the formal training requirements for individuals seeking registration under the CQI/IRCA ISMS Auditor/Lead Auditor Registration Scheme.

Who should attend ?
  • Individuals interested in becoming IRCA certified Auditors/Lead Auditors for Information Security Management System (ISMS)
  • Individuals wishing to implement ISMS based on requirements of ISO 27001:2013 in their organization
  • Individuals responsible for managing the audit programs in their organization
  • Information security managers/team leads
  • Management representatives and/or departmental/functional information security coordinators
  • Existing ISMS internal auditors
  • Consultants of Information Security Management System
Course Contents
  • Course Introduction
  • Relevant standards, ISO/IEC 27001:2013, ISO/IEC 17799:2005, ISO/IEC TR 13335 part 3 and part 4, ISO 19011
  •  The importance of information security
  • Assessing security threats and vulnerabilities
  • Management of information security risks
  • Selecting security controls
  • Developing Information Security Management System (ISMS)
  • Introduction to auditing ISMS
  • ISO/IEC 27001:2013 auditing techniques
  • Managing and leading a ISO/IEC 27001:2013 audit team
  • Interview techniques
  • Recording & Reporting Non Conformities
  • Audit reporting
  • Corrective Action & Audit Close out process
  • Continuous Assessment exercises & feedback
  • Syndicate & role play exercises & feedback
  • Written Examination
  • Sum-up


The knowledge of the principles and concepts for information security management systems including awareness of the need for information security, responsibilities, management commitments, using results of risk assessments and incorporation security as an essential element of information networks and systems are just as recommended as the knowledge of the requirements of ISO/IEC 27001 and terms and definitions as given in ISO/IEC 27000. Additionally, the knowledge and understanding of the PDCA cycle will support a successful completion of the course.

Knowledge of English is essential.



Certificate of successful completion shall be issued to all the delegates who attend entire duration of the course & pass the written examination. Certificate of attendance shall be issued to those who do not pass the written examination.


5 Days