IRCA Lead Auditor
IRCA ISO 27001 Lead Auditor Training Course: http://www.irca.org/
- Course Outline
- Course Aims and Objectives
- Who Should Attend?
- Why Should You Attend?
- What Previous Delegates Think
- Expected Outcomes
- Course Requirements
- Training Locations and Course Bookings
Course Outline
The course uses a mixture of PowerPoint sessions, interactive group discussions, exercises, a case study, continuous assessment and a final written examination to achieve its aims.
This is an accelerated course which keeps the PowerPoint slide presentations to a minimum. The training is very interactive and ensures participation by all who attend.
Practical exercises are based upon a fictional company with a first class case study forming the foundation of this area of the course. The procedures, work instructions and data are typical and relate to many different organisations across multiple industry sectors. The practical exercises have been carefully designed to recreate issues that commonly arise during Information Security audits.
To ensure delegates understand the importance of organising and reporting ISO 27001:2005 audit findings the course covers.
- An Introduction to Information Security.
- In depth coverage of the content of ISO 27001:2005.
- The Plan, Do, Check Act cycle.
- Similarities with other management systems: OHSAS 18001, ISO 14001 and ISO 9001.
- ISMS issues including continual improvement.
- Information Security Auditing Skills and knowledge.
- Practical exercises and workshops.
- An in depth Case study
The course is delivered over 5 days.
Course Aims and Objectives
The course enables delegates to undertake external and internal security audits of Information Security Management Systems (ISMS). Delegates will gain an in depth understanding of the importance of compliance with all company security policies, procedures and objectives within the organisation thus be in a position to ensure the security system is functional and facilitates continual improvement.
The course provides the most in depth training on ISO 27001:2005 offered anywhere in the world today.
- Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2005.
- Existing security auditors who wish to expand their auditing skills and knowledge.
- Consultants who wish to provide advice on ISO 27001:2005 systems certification.
- IT and Quality Professionals.
In partnership with Bureau Veritas Sapphire’s 5 day course is accredited by the International Register of Certificated Auditors (IRCA), the world's largest auditor certification body.
It is beneficial for companies planning to implement ISO 27001:2005 and for those who have undergone the implementation of an ISO 27001:2005 project.
Why Should You Attend?
Information Security auditing is an important role in any organisation; it ensures that the necessary procedures are in place and more importantly complied with to protect your organisation.
Key members of staff within your organisation need to be kept up to date with the latest methods and good practices in order to consistently be aware of their roles and responsibilities when it comes to information security.
What Previous Delegates Think
"A well hosted and informative course delivered at a good pace."
Tony Smith, Information Security Officer, Northumbrian Water
"I enjoyed all aspects of the course which was very good especially as it was not death by PowerPoint!"
Nigel Arkwell, Information Security Officer, Grampian Police
"The risk assessment chapter was most interesting and most valuable as it will help me in my day to day functions."
Neil Johnson, IS Manager - Infrastructure, Scottish Environment Protection Agency
"All of the content was extremely relevant to the course and to the requirement of the standard. I can think of no suggestions to improve the training."
Nick Connor, IT Project Manager, Lothian Buses
"This training has provided a valuable insight as to how specific questioning can improve the quality of a 27001 audit."
Ron Stephen, Information Governance Officer, Tayside Police
Back to top
Expected Outcomes
On successfully completing the course, delegates will be able to:
- Appreciate of the importance of controlling Information Security in your organisation.
- Understand the requirements of ISO 27001 2005.
- Interpret the requirements of the standard in respect to organisational needs.
- Manage a team of auditors, assign individual responsibility and collate the audit data.
- Identify the documented management systems required to control Information Security.
- Evaluate risk assessments for Information Security.
- Effectively plan and undertake management system security audits.
- Produce credible audit reports which identify both non conformances and areas which require attention facilitating continual improvement.
The IRCA Lead Auditor qualification is recognised globally as an acceptable recognised security management system audit qualification. Upon completing the course and gaining the qualification delegates will be in a position to make an application to the IRCA and provided they meet their criteria be awarded one of four auditor qualifications available. Continual submission of audit logs and evidence of continual professional development submissions on a 3 year basis will enable you to become a recognised auditing professional within a relatively short space of time which will add significant value to both your company and your personal development.
Course Requirements
On successful completion of the course a certificate is issued to the delegate.
Appraisal of the delegates’ knowledge and performance is made through a combination of continuous assessment during the course and a two hour written examination on final day. (The examination is a combination of multiple choice questions, questions which require a little more in depth answers, and finally evaluation of security scenarios).
The examination is 2 hours long (2 and half hours for delegates whose first language is not English.) The following documents are allowed during the examination:
- A copy of the ISO 27001:2005 standard.
- The course delegate manual.
- All personal notes taken during the course.
- Dictionary.
Training Locations and Course Bookings
Sapphire provides a range of venues across the country to enable delegates to select an appropriate location. For further information upcoming course dates and the course itself please contact tina.deighton@sapphire.net or complete our on line registration form on the events section of the Sapphire website.
Back to top
- Support 0845 58 27999
- General 0845 58 27001
- Request a Call / Quote
