ISO 27001:2013 Information Systems Management System Lead Auditor (IRCA Certified) - Virtual Classroom



  • Audit as per the requirements of ISO/IEC 27001:2013 standard
  • Understand key elements of ISO 19011 and ISO/IEC 17021 standards
  • Understand key information security issues
  • Plan an audit against a set of audit criteria
  • Successfully execute an Information Security
  • Management system audit
  • Create clear, concise and relevant audit reports
  • Communicate the audit findings to a client
  • Information Security Management System overview
  • Auditing Information Security Management System against requirements of ISO/IEC 27001:2013
  • Audit techniques
  • Accreditation issues
  • Auditor competence
  • Practical Exercises and Feedback

Who the course is for

  • IT Security Managers, Internal Auditors, Management Representatives & Members of IT teams
  • Employees already working in ISMS certified organizations or organizations planning to achieve certification
  • Individuals working as a consultant or subject matter experts on ISO 27001 or other management systems
  • Any individual aspiring to pursue his/her career in the field of IT Security & Management System Auditing

Course Contents

  • An appreciation of the importance of controlling Information Security in all types of business activities;
  • The ability to plan, conduct and report on a process based activity;
  • An appreciation of Risk Analysis process;
  • Detailed review and interpretation of the main requirements of ISO/IEC 27001:2013;
  • Learn how to use Annexure A of ISO/IEC 27001:2013;
  • Evaluating corrective actions for root cause and effectiveness;
  • Auditor competence (as per ISO 19011, IRCA norms & industry best practices.


Delegates are expected to have prior knowledge of the following:

  • Understand the Plan-Do-Check-Act (PDCA) cycle
  • Knowledge of the following information security management principles and concepts:
  • awareness of the need for information security;
  • the assignment of responsibility for information security;
  • incorporating management commitment and the interests of stakeholders;
  • enhancing societal values;
  • using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
  • incorporating security as an essential element of information networks and systems;
  • the active prevention and detection of information security incidents;
  • ensuring a comprehensive approach to information security management;
  • continual reassessment of information security and making modifications as appropriate.
  • Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.


The CQI-IRCA Exam will be administered online on Friday, at the conclusion of the training class.

Course dates

Start Date End date Info
2/21/2022 08:00 AM 2/25/2022 05:00 PM Add To Cart
6/27/2022 08:00 AM 7/1/2022 05:00 PM Add To Cart