On completion, successful learners will have the knowledge and skills to:

Knowledge

Explain the purpose and benefits of an information security management system and of information security management systems standards 

Skills

 Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) and in accordance with ISO 19011 (and ISO 17021 where appropriate).

Before starting this course, delegates are expected to have the following prior knowledge:

Management systems

Understand the Plan-Do-Check-Act (PDCA) cycle

Information security management

Knowledge of the following information security management principles and concepts:

• awareness of the need for information security;
• the assignment of responsibility for information security;
• incorporating management commitment and the interests of stakeholders;
• enhancing societal values;
• risk assessments to determine appropriate controls to reach acceptable levels of risk;
• incorporating security as an essential element of information networks and systems;
• the active prevention and detection of information security incidents;
• ensuring a comprehensive approach to information security management;
• continual reassessment of information security and making of modifications as appropriate

ISO/IEC 27001

Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing a CQI and IRCA Certified ISO 27001:2022 Foundation (ISMS)Training course or equivalent.

Management systems audit

Knowledge of management systems audit through satisfactory completion of a CQI and IRCA Certificated (or acceptable alternative) Lead Auditor Training course in another discipline.

In addition, you must inform learners who have not satisfactorily completed a CQI and IRCA Certificated (or acceptable alternative) Lead Auditor Training course in another discipline that they are unlikely to successfully complete this 24-hour course and will find the 40-hour ISO/IEC 27001:2022 Lead Auditor (ISMS) Training course more appropriate.

You must provide clear and documented guidance for tutors, who find they have learners lacking this prior knowledge, to ensure that this does not adversely affect other learners’’ learning on this course.

• Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO/IEC 27001: 2022
• Existing security auditors who wish to enhance their auditing skills
• Consultants who wish to provide advice on ISO/IEC 27001: 2022 systems certification.

This will be a classroom- based course. Training methods used in this course will be a mix of various methods keeping in mind the learning styles of students. This will include:

• Presentations
• Video Conferencing
• Actual Application of learning
• Role Play & Presentations
• Brainstorming sessions
• Reflection
• Tutorial sessions
• Group discussions
• Exercises & Case Studies
• Continuous Assessment

• Information Security Management System – Introduction
• ISMS Purpose and Benefits
• ISO 27001 New Changes
• Audit Concepts
• Conduct of Audit

The duration of this course will be 24hours spread over 3 days. 

• Full-time classroom/ virtual class learning – delivered over consecutive days
• Part-time classroom/ virtual class – delivered in blocks of learning e.g. 2 days + 1 days, or on a weekly basis using any of the following formats:
  • 1 + 2 days
  • 2 + 1 days
  • 1 + 1 + 1 days