ISMS-IRCA
IRCA Certified ISO/IEC 27001:2013 Information Security Management Systems Lead Auditor - IRCA Course No. A17207


ISMS-IRCA Course Introduction


The course uses a mixture of taught sessions, interactive group discussions, exercises, continuous assessment and examination to achieve its aims. The practical exercises are based upon a fictional company. However, the procedures, work instructions and data are typical and could relate to many different enterprises equally. The practical exercises have been carefully designed to focus upon issues that commonly arise during Information Security Management system audits.

Benefits

    On successfully completing the course, students will be able to :
  • Audit as per the requirements of ISO/IEC 27001:2013 standard
  • Understand key elements of ISO 19011 and ISO/IEC 17021Standards
  • Understand key information security issues
  • Plan an audit against a set of audit criteria
  • Successfully execute an Information Security Management system audit
  • Create clear, concise and relevant audit reports
  • Communicate the audit findings to a client
CONTENTS
  • Information Security Management System overview
  • Auditing Information Security Management System against requirements of ISO/IEC 27001:2013
  • Audit techniques
  • Accreditation issues
  • Auditor competence
  • Practical Exercises and Feedback
There is a two-hour examination for this course. Electronic devices, including laptops and mobile phones, are not permitted into the examination room. Delegates will also be continuously assessed on the basis of their progress throughout the course. Delegates who successfully complete both the examination and the continuous assessment will be awarded a certificate of Successful Completion and will satisfy the formal training requirements for IRCA ISMS Auditor Certification scheme.


ISMS-IRCA Course Prerequisite


Management system:

  • Understand the Plan-Do-Check-Act (PDCA) cycle
Information Security Management:
  • Knowledge of the following information security management principles and concepts:
  • awareness of the need for information security;
  • the assignment of responsibility for information security;
  • incorporating management commitment and the interests of stakeholders;
  • enhancing societal values;
  • using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
  • incorporating security as an essential element of information networks and systems;
  • the active prevention and detection of information security incidents;
  • ensuring a comprehensive approach to information security management;
  • continual reassessment of information security and making of modifications as appropriate.
ISO/IEC 27001
  • Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.


Course Outline of ISMS-IRCA

Day 1

Time Description / Objectives
08:45 Registration
09:00 Chapter 1 - Course Introduction
09:30 Exercise 1 - Delegate introduction
10:30 Coffee break
10:45 ISO 27001 Quiz
11:30 Exercise 2 - Information security jargon
12:00 Chapter 2 - Introduction to information security management
12:30 Chapter 3 - ISO/IEC 27001:2013 overview
13:00 Lunch break
14:00 Exercise 3 - Context of the organization
15:00 Exercise 4 - Leadership
16:00 Coffee Break
16:15 Exercise 5 - Planning
17:15 Exercise 6 - Support
18:15 Summary of Day 1

Day 2
Time Description / Objectives
09:00 Recap day 1 + Questions and Answers
09:30 Exercise 8 - Performance evaluation
10:15 Coffee break
10:30 Exercise 9 - Improvement
11:15 Exercise 10 - Annexure A controls
12:30 Exercise 11 - Stage 1 audit - documentation review
13:15 Lunch break
14:15 Chapter 4 - Accreditation and certification process
15:00 Coffee Break
15:15 Workshop 1 - Planning for Stage 2 audit
16:45 Chapter 5 - Audit management
17:30 Summary of day 2, issue of specimen paper, allocation of homework (section 1 of specimen paper) and close of the day

Day 3
Time Description / Objectives
09:00 Recap day 2 + Questions and Answers
Feedback of Specimen paper Section no 1
09:30 Exercise 12 - Nonconformity reports
10:30 Coffee break
10:45 Exercise 12 - Nonconformity reports (Continued – Including Feedback)
11:45 Chapter 6 A - NCRs and corrective actions
12:15 Exercise 13 - Reviewing Corrective Actions
13:00 Lunch break
14:00 Chapter 6 B - NCRs and corrective actions
14:15 Workshop 2 - Checklist
16:00 Coffee Break
16:15 Chapter 7 - Approach to the audit
17:15 Exercise 14 - Communication
17:30 Chapter 8 - Performing an audit
18:00 Summary of day 2, allocation of homework (section 4 of specimen paper)

Day 4
Time Description / Objectives
09:00 Recap day 3 + Questions and Answers
Feedback of Specimen paper Section no 4
09:45 Coffee break
10:00 Workshop 3 - Role play - Opening Meeting (including feedback)
11:00 Chapter 9 - Reporting
11:30 Discussion on Sections 2 and 3 of the specimen paper
12:30 Lunch break
13:30 Workshop 4 - Role play - Interviews (including feedback)
16:30 Coffee Break
16:45 Workshop 5 - Preparation for closing meeting
17:30 Summary of Day 4

Day 5
Time Description / Objectives
09:00 Recap day 4 + Questions and Answers
09:30 Workshop 5 - Preparation for closing meeting (continued including feedback)
10:00 Chapter 10 - Auditor certification
10:30 Coffee break
10:45 Workshop 6 - Role play - Closing meeting (including feedback)
12:30 Lunch break
13:30 Examination rules
14:00 Examination
16:00 End of course summary/ appraisal forms

6-10 May 2019

Course Level

Advance

Duration

5 Days

Tuition Fee

35,000.00 THB

Speaker

ACIS Certified Professional Instructor