ISO 27001 Lead Auditor Training - PECB Certified / IAS Accredited
Lead Auditor Training
ISO 27001 Lead Auditor Training - PECB Certified / IAS Accredited
ISO 27001 Lead Auditor Training
The ISO 27001 Lead Auditor Training – PECB Certified / IAS Accredited is a five-day course that provides the expertise to audit ISO/IEC 27001 Information Security Management Systems (ISMS). All training sessions are delivered exclusively by iCertWorks, a trusted SecuraStar company. All training classes are provided exclusively by iCertWorks (a sister company of SecuraStar).
Mastering the Audit of an Information Security Management System (ISMS) Based on ISO 27001, in Compliance with the Requirements of ISO 19011 and ISO 17021
SUMMARY
This five-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC 27001 standard. Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.
Who Should Attend?
- Internal auditors
- Auditors wanting to perform and lead an ISMS certification audits
- Members of an Information Security team
- Technical experts wanting to prepare for an Information Security audit function
COURSE AGENDA
DURATION: 5 Days
Day 1
Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001
- Normative, regulatory and legal framework related to Information Security
- Fundamental principles of Information Security
- The ISO 27001 certification process
- Detailed presentation of the clauses of ISO 27001
Day 2
Planning and initiating an ISO 27001 audit
- Fundamental audit concepts and principles
- Audit the approach based on evidence and on risk
- Preparation of an ISO 27001 certification audit
- Documenting of an ISMS audit
Day 3
Conducting an ISO 27001 audit
- Communication during the audit
- Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
- Drafting test plans
- Formulation of audit findings, drafting of nonconformity reports
Day 4
Concluding and ensuring the follow-up of an ISO 27001 audit
- Audit documentation
- Conducting a closing meeting and conclusion of an ISO 27001 audit
- Evaluation of corrective action plans
- ISO 27001 surveillance audit and audit management program
Day 5
IAS Accredited Certification Exam
Learning Objectives
- To acquire expertise of performing an ISO 27001 internal audit, following the ISO 19011 guidelines
- To acquire expertise of performing an ISO 27001 certification audit, following the ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
- To acquire necessary expertise for managing an ISMS audit team
- To understand the operation of an ISO 27001
EXAMINATION
The "PECB Certified ISO/IEC 27001 Lead Auditor" exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
1
Domain 1: Fundamental principles and concepts in Information Security
Main Objective: To ensure that the ISO 27001 Lead Auditor candidate can understand, interpret and illustrate the main Information Security concepts related to an Information Security Management System (ISMS)
2
Domain 2: Information Security Management System (ISMS)
Main Objective: To ensure that the ISO 27001 Lead Auditor candidate can understand, interpret and illustrate the main concepts and components of an Information Security Management System based on ISO 27001
3
Domain 3: Fundamental Audit Concepts and Principles
Main Objective: To ensure that the ISO 27001 Lead Auditor candidate can understand, interpret and apply the main concepts and principles related to an ISMS audit in the context of ISO 27001
4
Domain 4: Preparation of an ISO 27001 audit
Main Objective: To ensure that the ISO 27001 Lead Auditor candidate can prepare appropriately an ISMS audit in the context of ISO 27001
5
Domain 5: Conduct of an ISO 27001 audit
Main Objective: To ensure that the ISO 27001 Lead Auditor candidate can conduct efficiently an ISMS audit in the context of ISO 27001
6
Domain 6: Conclusion and follow-up of an ISO 27001 audit
Main Objective: To ensure that the ISO 27001 Lead Auditor candidate can conclude an ISMS audit, and conduct the follow-up activities in the context of ISO 27001
7
Domain 7: Management of an ISO 27001 audit program
Main Objective: To ensure that the ISO 27001 Lead Auditor understands how to establish and manage an ISMS audit program
- The “PECB Certified ISO/IEC 27001 Lead Auditor” exam is available in different languages, such as English, French, Spanish and Portuguese
- Duration: 3 hours
- For more information about the exam, please visit: www.pecb.com
CERTIFICATION
- After successfully completing the exam, participants can apply for the credentials of PECB Certified ISO/IEC 27001 Provisional Auditor, PECB Certified ISO/IEC 27001 Auditor or PECB Certified ISO/IEC 27001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors
- A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential:
Credentials
PECB ISO 27001 Provisional Auditor
PECB ISO 27001 Auditor
PECB ISO 27001 Lead Auditor
Exam
PECB ISO 27001 Lead Auditor Exam
PECB ISO 27001 Lead Auditor Exam
PECB ISO 27001 Lead Auditor Exam
Professional Experience
None
Two years One year of Information Security work experience
Five years Two years of Information Security work experience
ISMS Audit Experience
None
Audit activities totaling 200 hours
Audit activities totaling 300 hours
ISMS Project Experience
None
None
None
Other Requirements
Signing the PECB code of ethics
Signing the PECB code of ethics
Signing the PECB code of ethics
GENERAL INFORMATION
- Certification fees are included in the exam price
- Participant manual contains over 450 pages of information and practical examples
- A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
- In case of failure of the exam, participants are allowed to retake it for free under certain conditions
FAQ
How much does it cost to certify ISO 27001?
The cost to certify ISO 27001 after implementation can vary from organization to organization based on size of the scope of registration including number of locations. Most registrars calculate their costs based on audit days so the larger the scope and number of locations, the larger the cost. Quotes from certification bodies typically cover a 3 year period which includes a full audit (stage 1 and 2) the 1st year and a smaller annual surveillance audit in years 2 and 3. Costs can range as low as $6,000 for a small scope with one location to over $50,000+ for a large organization with a large scope and many locations worldwide. Surveillance audits in years 2 and 3 are typically around half to one-third the cost of the 1st year full audit.
How long does it take to become ISO 27001 Certified?
It typically takes anywhere from 3 – 12 months to implement and certify ISO 27001 requirements for an information security management system (ISMS). This can vary from organization to organization based on size of the scope of registration including number of locations, status of the current information security program, company size, internal resources and focus, etc. SecuraStar’s ISO 27001 Software (ISMS Manager) can often speed the process by several months due to the efficiencies built into the risk management process and its automatic outputs including the risk treatment plan, statement of applicability, policy creation, compliance mapping and task management.
Does ISO 27001 require legal and contractual compliance?
Yes! ISO 27001 requires compliance to any legal / regulatory or contractual obligation that is applicable to the scope of registration. The risk assessment process typically addresses this as the risk of non-compliance. Compliance requirements such as FISMA, HIPAA, PCI DSS, are often mapped to Annex A for audit and applicability purposes.
What is an Information Security Management System (ISMS)?
A framework of processes and procedures used to protect against the loss of confidentiality, integrity and availability (CIA) of information in any form.
What is information security?
Information Security is known as the process of protecting information assets against the loss of confidentiality, integrity and availability (CIA) or preservation of CIA.
What training is required to be a ISO 27001 Certification Auditor?
The minimum training to become an accredited ISO 27001 Certification Auditor is:
- PECB – ISO 27001 Lead Auditor Training
- PECB – Certified Management System Auditor (CMSA)
- 300 Management System Audit hours (per audit log). Each Certification Body may recognize some audit hours from other related ISO management system standards, internal audit hours, certification audit hours, industry experience, etc.
