This is the premier standard in training for Auditors. It takes the skills and knowledge of Auditors to the level necessary for conducting effective third part and external audits of Information Security Management Systems (ISMS).
The 5 day course is challenging and highly participative. It involves the use of advanced learning techniques in all of the group sessions. it is designed to stretch the delegates and the tutor, so that everyone involved gets the most from the event.
The course also features a range of scenarios that a Lead Auditor will experience and helps them to understand how to interpret these situations in an auditing environment. The scenarios are drawn from ‘real-life’ situations and are designed to challenge the delegates concepts of quality and interpretation of ISO 27001:2013.
Those commissioning an in-house course can take advantage of the opportunity to undertake a ‘Live’ on-site Audit.
The course culminates in a formal examination and the presentation of certificates to the successful candidates.
At the end of the course, a participant will:
- Have experienced each stage of planning, preparation, conducting and reporting of a first, second- or third-part audit.
- Understand how to deploy and manage a team of auditors.
- Have experienced a range of scenarios designed to expand their knowledge and interpretation of ISO 27001:2013 and how to assess the diverse elements of an ISMS.
- The ability to assess and evaluate disparate examples of auditing situations and to interpret their impact on compliance with the relevant parts of ISO 27001:2013.
- Have experienced all stages of conducting and reporting a live audit.
- Have undertaken ‘Live’ or realistic role-played opening and closing meetings with host company representatives.
- Have a complete evidence portfolio of a live audit.
Any personnel involved in internal audits, but specifically those involved in second party (supplier) or third party (certification) audits.
Some knowledge of the ISO management system model would be advantageous, as would a basic understanding of ISO 27001:2013 in particular. However, these are not essential prerequisites for attendance.