Hong Kong Quality Assurance Agency

CQI & IRCA Certified ISO/IEC 27001:2013 Information Security Management Systems Auditor/Lead Auditor Course

Enquire Now

Course Information

  • 5 Jul 2021 (Mon) - 9 Jul 2021 (Fri) 9:30 AM - 5:00 PM
  • 26 Jul 2021 (Mon) - 30 Jul 2021 (Fri) 9:30 AM - 5:00 PM
Registration period
26 Apr 2021 (Mon) - 4 Jul 2021 (Sun)
HKD 9,800
Course Level
Study Mode
5 Day(s)

Course Overview



This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course is part of International recognized CQI/IRCA ISMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.  

Learning objectives

  •         Learn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification
  •         Learn how to explain the role of an auditor to plan, conduct, report, and follow-up an ISMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
  •         Learn how to plan, conduct, report and follow-up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  •         Your organization will have an internal resource and process to be able to conduct its own audit of its ISMS to assessand improve conformance with ISO/IEC 27001
  •         You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization
  •         Successful auditing will improve the protection of an organization’s personal data and trade secret to meet market assurance and corporate governance needs
  •         Understand how to identify gaps in an ISMS system
  •         Accurately audit will be able to provide continuous improvement to a management system
  •         Meet training requirements for CQI/IRCA auditor certification 

Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to the latest ISO/IEC 27001 in
any organization. The suggested job functions and their teams including but not limited to the following:
  •        Information security managers
  •        IT and corporate security managers
  •        Corporate governance managers
  •        Risk and compliance managers
  •        Information security consultants

You have successfully completed ISO/IEC 27001:2019 Information Security Management Systems - Understanding & application, Internal Auditor Training Course and/or equicalent to any working ecxperiences.

Delivery Method

This course will be conducted through a live virtual training.   Delegates are required to attend the class in-person at our training venue.




What you'll learn

Course outline

Day 1 : Information security management systems knowledge (ISO 27001)

  • Management system structure (MSS) and process approach (PDCA)
  • Understand the organization's compliance risk
  • Understanding of organization, interested parties, and their requirements
  • Management system scoping
  • Leadership and commitment
  • Top management leadership, management system policy and objectives
  • Support the management system and a documented management system
  • Compliance risk management and objectives
  • Information asset management (asset register, asset owner)
  • Information security risk management requirements and process
  • Risk assessment (identify the risk, risk owner, risk analysis and risk evaluation)
  • Risk treatment (treatment options, Statement of Applicability(SoA), risk treatment plan

Day 2: Guidelines for auditing management systems (ISO 19011 and ISO 17021) - Auditor, audit types and certification process

  • Management system operation
  • Management system performance evaluation and improvement processes
  • Auditor's role, responsibility, and competence
  • Different types of audit and certification process

Day 3: Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

  • Roles and responsibilities in an audit
  • Management system performance evaluation and continual improvement requirements
  • Different types of audit
  • Audit programme and purpose
  • Planning an audit (initiate the audit, feasibility analysis)
  • Conduct a Stage 1 audit (document review)
  • Preparation for Stage 2 (on-site) audit - audit plan
  • Preparation of audit work documents includes checklist and audit trails

Day 4: Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting
  • Roleplay for audit scenarios
  • Practice audit skills of collecting audit evidence
  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI)
  • Prepare audit report

Day 5: Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

  • Audit conclusion
  • Closing meeting
  • Audit follow-up
  • Evaluating correction, the corrective action including root cause analysis and audit finding closure
  • Management system certification
  • Course summary and examination

We use cookies to enhance your experience on our website. Please read and confirm your agreement to our Privacy Policy and Terms and Conditions before continue to browse our website.

Read and Agreed