Information security, increasingly becoming more and more popular so the auditing of information security is the same. The data and the assests of any organisation and security, availability and integrity of these are very important for effective running of any business.
Auditing the information security management system of an organization as a third party, independently and impartially, is one of the way of identifying the weaknesses, effectiveness and threats. Identification of the system performance and identification of effectiveness requires auditors with special knowledge and skills. This course is mainly for preparing the auditors with such knowledge and skills.


Course Program
ISMS Management System Lead Auditor Course Start & Review Precourse Study, Information Security Management Systems Purpose & Benefits, Terms & Terminology, PDCA Cycle, Processes In Operation Of Information Security Management System, Information Security Management System Documented Information, Audit Types & Auditors
Accreditation, Certification, People In Audits Roles & Responsibilities, Identifying Auditor Characteristics & Confidentiality, Audit Types, Audit Process, Audit Objectives & Scope & Criteria, Identification Of An Audit Duration, Resourcing An Audit, Preparing Stage 1 Audit & Communication, Stage 1 Audit, Audit Planning, Checklists & Preparation, Checklists & Preparation, Auditing (Stage-2) & Questioning, Opening Meeting, Sampling & Sampling Planning, Stage 2 Audit & Live Audit, Live Audit Review, Nonconformity Identification, Nonconformity Reporting, Closing Meeting, Audit Reporting, Post Audit Activities, Nonconformity Closing.


What You Will Get?
By Attending this course you will be able to:
* Audit the processes and management system effectively
* Make a process audit and a procedure or a clause audit
* Prepare and plan audits in a risk based manner and effectively
* Behave as a successful auditor.
* Learn about the most effective auditing techniques
* Select the audit teams and evaluate their performances
* Effectively get prepared for an audit
* Effectively audit the processes assigned
* Evaluate the findings and the conformities, nonconformities and improvement points effectively
* Run opening and closing meetings and report the audits and nonconformities
* Effectively follow up the audit findings
* Explain the accreditation and certification
* Add new certificate to your carrier.


Who Should Attend?
Information Security management system lead auditor course is designed primarily for those who want to become third party auditor on the subject.
It helps them to perform capable and value-adding audits, and also to develop attendees wider understanding of information security management systems design and implementation. Brings a different view infront of the delegates as to see and test the system as an auditor watch.
The aim of this course is to provide delegates with the knowledge and skills required to perform first, second and third-party audits of information security management systems against ISO/IEC 27001 (with ISO/IEC 27002), in accordance with ISO 19011 and ISO 17021, as applicable. All references in this document to ISO standards are to the current versions unless otherwise stated.


Pre-Course Requirement?
This course will benefit you best with your initial knowledge about;
Management systems
Understand the Plan-Do-Check-Act (PDCA) cycle
a) Information security management
Knowledge of the following information security management principles and concepts:
 Awareness of the need for information security;
 The assignment of responsibility for information security;
 Incorporating management commitment and the interests of stakeholders;
 Enhancing societal values;
 Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
 Incorporating security as an essential element of information networks and systems;
 The active prevention and detection of information security incidents;
 Ensuring a comprehensive approach to information security management;
 Continual reassessment of information security and making of modifications as appropriate.
b) ISO/IEC 27001
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing CQI and IRCA Certified ISO 27001:2013 Foundation (ISMS) Training course or equivalent.


Which Course After This?
After attending this course you might attend other CQI/IRCA certified courses