• Audit as per the requirements of ISO/IEC 27001:2013 standard
• Understand key elements of ISO 19011 and ISO/IEC 17021 standards
• Understand key information security issues
• Plan an audit against a set of audit criteria
• Successfully execute an Information Security
• Management system audit
• Create clear, concise and relevant audit reports
• Communicate the audit findings to a client
• Information Security Management System overview
• Auditing Information Security Management System against requirements of ISO/IEC 27001:2013
• Audit techniques
• Accreditation issues
• Auditor competence
• Practical Exercises and Feedback

• IT Security Managers, Internal Auditors, Management Representatives & Members of IT teams
• Employees already working in ISMS certified organizations or organizations planning to achieve certification
• Individuals working as a consultant or subject matter experts on ISO 27001 or other management systems
• Any individual aspiring to pursue his/her career in the field of IT Security & Management System Auditing

• An appreciation of the importance of controlling Information Security in all types of business activities;
• The ability to plan, conduct and report on a process based activity;
• An appreciation of Risk Analysis process;
• Detailed review and interpretation of the main requirements of ISO/IEC 27001:2013;
• Learn how to use Annexure A of ISO/IEC 27001:2013;
• Evaluating corrective actions for root cause and effectiveness;
• Auditor competence (as per ISO 19011, IRCA norms & industry best practices.

PRE-REQUISITES:

Delegates are expected to have prior knowledge of the following:

• Understand the Plan-Do-Check-Act (PDCA) cycle
• Knowledge of the following information security management principles and concepts:
• awareness of the need for information security;
• the assignment of responsibility for information security;
• incorporating management commitment and the interests of stakeholders;
• enhancing societal values;
• using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
• incorporating security as an essential element of information networks and systems;
• the active prevention and detection of information security incidents;
• ensuring a comprehensive approach to information security management;
• continual reassessment of information security and making modifications as appropriate.
• Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.

PLEASE NOTE: 

The CQI-IRCA Exam will be administered online on Friday, at the conclusion of the training class.