Overview
The 5-day Lead Auditor training course aims to provide participants with the knowledge, and develop the skills and expertise necessary to:
-
Audit a Quality Management System (QMS) based on ISO 9001:2015
-
Ensure that the organization is competent in maintaining and continually improving its QMS
-
Perform third party audits by applying widely recognized audit principles, procedures and techniques
-
Proficiently plan and perform internal and external audits in compliance with ISO 19011 and the certification process according to ISO 17021.
-
Manage audit teams and audit programmes, communicate with customers, resolve conflicts, etc.
Based on practical exercises, the participants will master the audit tools and techniques.
ISO 13485: 2016
Lead Auditor
First time you visit our website?
​
Empower Your Team with Industry-Leading Training Programs
Tailored corporate training for leadership, technical skills and professional development
​
-
We serve corporate clients investing in peoples' knowledge, skills, and competencies, to improve business performance, enhance process, product and service quality, and achieve sustained growth and profitability.
-
We understand the meaning of the business terms "Voice of the Customer" and what constitutes "value" from the customer's point of view.
-
We also understand the difference between "value" and "waste" from the business and individual learner point of view.
-
-
We care about the people, the knowledge enhancement of which is entrusted to us by their organisation or themselves.
-
We focus on learning (not just on training, and issuing certificates) and providing post-training advice and support through workshops and consulting services.
Stratos Lazaridis
CEO The Marvel Academy
Corporate Training Solutions
Mob: +44 (0)749 114 7156
Contents
-
Overview
-
Who should attend
-
Learning objectives
-
Course agenda and content
-
Prerequisites
- Training approach
- Examination
- Competence domains being tested
- Certification
-
General course information
​
​
ISO/ IEC 27001: Information Technoogy - Security Techniques - Information Security Management Systems - Requirements
Overview
This 5-day intensive course enables participants to gain a thorough understanding and develop the necessary expertise to:
-
Support an organization in implementing, managing, and maintaining an Information Security Management System (ISMS) based on ISO/IEC 27001:2013.
​
Use best practices to implement information security controls from all areas of ISO/IEC 27002.
​
The content of this training course is:
-
Consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects).
-
Fully compatible with ISO/IEC 27003, ISO/IEC 27004 and ISO/IEC 27005.
Notes
-
ISO/IEC 27003: Guidelines for the Implementation of ISMS
-
ISO/IEC 27004: Measurement of Information Security
-
ISO/IEC 27005: Risk Management in Information Security.
ISO 27001
Lead Implementer
Training Course details
​
-
5 days (09.00 - 17.00 GMT)
-
Online instructor-led via zoom.us
-
£1190 + VAT per delegate
-
Deadline for payment/ registration: 2 calendar days before course start
-
Included: 5 days online instructor-led training, delegate workbook, online exam, and certificate.
​
Onsite training
Please refer to our Terms & Conditions:
-
Trainer's expenses for onsite training, paid by the client
-
Fixed onsite training expenses policy
​​Who Should Attend
-
Anyone involved in information security management, writing information security policies, or implementing ISO 27001, either as a Lead Implementer or as part of an implementation team
-
Project managers or consultants preparing to support an organization in the implementation of an ISMS
-
ISO/IEC 27001 auditors wishing to fully understand the ISMS implementation process
-
Senior Managers responsible for the IT governance of an enterprise and the management of its risks
-
Members of an information security team
-
Expert advisors in information technology
-
Technical experts preparing for an information security role or for an ISMS project management role.
Learning Objectives
On completion of this course, delegates will have understood the following:
-
The concepts, approaches, standards, methods and techniques required for the effective management of an ISMS
-
The relationship between the components of an ISMS, including risk management, controls, and compliance with the requirements of different interested parties of the organization
-
The Statement of Applicability (SoA), and justifications for inclusions and exclusions.
-
The importance of an effective communication strategy.
-
The importance of staff and general awareness training in information security.
-
The inputs, outputs and process of management review.
On completion of this course, delegates will be able to:
-
Build the business case for developing and implementing an ISMS
-
Secure senior management commitment
-
Articulate the role and structure of an information security policy
-
Determine the scope of an ISMS based on the requirements of ISO 27001.
-
Develop a management framework for information security.
-
Write policies and produce other mandatory ISMS documentation.
-
Structure and manage the ISMS project.
-
Allocate roles and responsibilities for an ISO 27001-based ISMS implementation.
-
Implement an ISMS in accordance with ISO/IEC 27001
-
Define risks in the internal and external information security environment and options for risk assessment and mitigation under the Standard.
-
Review existing information security controls and mapping controls to Annex A of ISO 27001.
-
Support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001
-
Advise an organization on best practices in information security management
-
Manage and drive continual ISMS improvement under ISO 27001.
-
Prepare for the ISO 27001 certification audit.
-
Gather important information to ensure that the ISMS pass the audit first time.
Course Agenda and Content
Day 1: Introduction to ISMS Concepts and Requirements of ISO/IEC 27001 and Initiation of the ISMS Implementation Project
-
Introduction to management systems and the process approach
-
Presentation of the standards ISO/IEC 27001, ISO 27002 and ISO 27003 and regulatory framework
-
Fundamental principles of Information Security
-
Preliminary analysis and establishment of the level of the maturity level of an existing information security management system based on ISO 21827
-
Writing a business case and a project plan for the implementation of an ISMS.
Day 2: Planning the Implementation of an ISO/IEC 27001- based ISMS
-
Defining the scope
-
Developing the ISMS and information security policies
-
Selecting the approach and methodology for risk assessment
-
Managing Risk: identification, analysis and treatment of risk (drawing on guidance from ISO/IEC 27005)
-
Drafting the Statement of Applicability (SoA).
Day 3: Implementing an ISO/IEC 27001-based ISMS
-
Implementation of a document management framework
-
Design of controls and writing of procedures
-
Implementation of controls
-
Development of a training and awareness program and communicating about the ISMS
-
Incident management (based on guidance from ISO 27035)
-
ISMS operations management.
Day 4: Controlling, Monitoring, Measuring and Improving an ISMS; ISMS Certification Audit
-
Controlling and monitoring the ISMS
-
Developing metrics, KPIs, and dashboards in accordance with ISO 27004
-
Conducting internal ISMS audit for compliance with the requirements of ISO/IEC 27001
-
Management review
-
Implementing a continual ISMS improvement programme
-
Preparing for the ISMS certification audit.
Day 5: Certification Exam
​
Prerequisites
It is assumed that delegates have a basic knowledge of ISO 27001 gained through:
-
Practical on-the-job experience regarding information security
-
Familiarity with the ISO 27001:2013 standard
-
Attending the ISO27001 Foundation course.
Training Approach
The course covers both theory and practice:
-
Slide-based training sessions, illustrated with examples
-
Practical exercises based on a full case study including role playing and oral presentations
-
Business cases
-
Review exercises to assist the exam preparation
-
Practice test (mock exam) similar to the certification exam.
Examination and Certification
Examination
​
-
Duration 90 min.
-
Format Closed book
-
Questions 60 multiple-choice questions
-
Pass mark 70% (42 correct answers)
Competence Domains Being Tested
The exam covers the following competence domains:
-
Fundamental principles and concepts of information security
-
Information security control best practice based on ISO 27002
-
Planning an ISMS based on ISO/IEC 27001
-
Implementing an ISMS based on ISO/IEC 27001
-
Performance evaluation, monitoring and measurement of an ISMS based on ISO/IEC 27001
-
Continual improvement of an ISMS based on ISO/IEC 27001
-
Preparing for an ISMS certification audit.
Certification
The ISO 27001 Lead Implementer certificate will be issued to delegates passing the exam.
​
For general course information please click on the link here.
​
N.B. Please read our Terms & Conditions (T&Cs) and ask for clarifications, if any, before booking your training event.
​
Book now to reserve an on-site or online instructor-led training event of your choice.
​
For more details about our:
-
List of training courses please click here.
-
Consulting services please click here
-
Workshops please click here.
​
For queries, including non-obligation quotes, please contact us.
​
​
