Your Knowledge Partner

in Training, Consulting
and Qualification

Auditor / Lead Auditor Training Course on Information Security

Management System based on ISO / IEC 27001:2013
CQI-IRCA Approved Course Reference No: 17829
Course introduction:
Information being a valuable asset and a building block and key to
the growth of any organization needs to be suitably protected like
any other important business asset. In the modern world this asset
becomes crucial for success and maintaining credibility.

If this asset is compromised then the organization may have to face various threats and risks like brand
image erosion, business disruption, financial and productivity loss etc. Information security is the
protection of information from a wide range of threats in order to ensure business continuity, minimize
business risk, maximize return on investments and increase business opportunities.

The course will be conducted by our experienced lead auditors, who have audited numerous
organizations. This intensive course is a key requirement in becoming a registered auditor / lead auditor.
The course is structured to provide the knowledge and skills required to assess the Information Security
Management System of an organization with respect to the requirements of the ISO 27001:2013
TSA-AC-M103 | Iss: 01, Rev: 01 | Dt: 24.05.2016

standard.

This comprehensive five-day course comprises of case studies, training, role-plays to ensure that the
participant thoroughly understands the role of an auditor / lead auditor and acquires the expertise needed
to perform effective audits. Participants who successfully complete the course will be presented with an
CQI-IRCA (International Register of Certificated Auditors) registered Certificate Of Successful
Completion.

TV SD South Asia Private

TVLimited
SD South Asia Pvt. Ltd.
www.tuv-sud.in
 Course objectives:
Understanding the purpose of an Information Security Management System and the
processes involved in establishing, implementing, maintaining and continually improving
an ISMS.
Applying PDCA approach to information security management processes.
Understanding the role and skills required by an auditor / lead auditor.
Understanding auditing concepts and principles. Planning, conducting and reporting
audits in accordance with ISO 19011.

Course contents:

1. ISMS concepts and ISO 27001 standard 5. Conducting an audit

ISMS concepts and benefits
Risk assessment and management
ISO 27001 process framework
requirements
ISO 27001 standard requirements
ISMS documentation
2. Auditing principles
Auditing objectives
Types of audits
Process approach
3. Roles and responsibility of auditors
Auditors and lead auditors
The auditors responsibilities
The lead auditors responsibilities
Auditors qualification and certifications
Opening meeting
Collecting objective/audit evidence
Effective interviewing techniques
Identifying and recording
nonconformities
Preparing for the closing meeting
Dos and Donts of auditing
6. Reporting audit results
Conducting the closing meeting
Preparing the audit report
Distributing the audit report
7. Corrective actions
Corrective action responsibilities
Follow up scheduling
Monitoring corrective action

4. Planning an audit 8. ISO 27001 registration

Pre-audit planning Choosing a registrar
00 | Dt: 30.07.2015

Reviewing documentation The registration process

Developing an audit plan Surveillance audits
24.05.2016

Preparing checklists or working

documents 9. Exercises / Roleplay (50% of course
Rev:

time)
| Dt:

Communication factors
0101,

10. Written examination

T TSA-AC-M103
TSA-AC-M103 | Iss:
| Iss: 01, Rev:

TV SD South Asia Private

TVLimited
SD South Asia Pvt. Ltd.
www.tuv-sud.in
 Evaluation:
Participants will be assessed throughout the course for punctuality, presentation skills,
interactive approach, involvement, role-play, daily tests etc. and finally through a written
examination at the end of the course. The The examination is closed book and only reference
material allowed in the examination is a copy of the standard ISO 27001:2013 .
The passing criteria: 70%.

CQI-IRCA Registered Certificate:

TUV SUD South Asia as Approved Training Partner of CQI IRCA fulfills all compliances
of the course PR 320 : ISMS ISO 27001:2013 Lead auditor holding training course
reference No. 17829
Participants who scores 70% and above in both the continuous assessment and written
examination will be issued an CQI (Charted Qaulity Institute) & IRCA (International
Register of Certificated Auditors) registered certificate of successful completion of the
course.
Unsuccessful candidates will be issued a certificate of attendance from TV SD South
Asia.

Duration: 5 days ( 40 Hrs)

Target group
Information Security Practitioners, Head - IT
Chief Information Security Officer
Information Security Management System Consultants
Information Security Management System Management Representative
Information Security Managers and core group members responsible for establishing,
implementing, maintaining, auditing and improving Information Security Management
Systems
Professionals who have a role to play in the implementation of Information Security
Management System

Important Note:*
The participants those who are interested to attend this course must have prior Knowledge for
TSA-AC-M103 | Iss: 01, Rev: 01 | Dt: 24.05.2016

management system and principles and concepts of Information security Management..

Participants are expected to have the following prior knowledge:

a) Management systems
Understand the Plan-Do-Check-Act (PDCA) cycle

b) Information security management

TV SD South Asia Private

TVLimited
SD South Asia Pvt. Ltd.
www.tuv-sud.in
 knowledge of the following information security management principles and concepts:
awareness of the need for information security,
the assignment of responsibility for information security;
incorporating management commitment and the interests of stakeholders;
enhancing societal values;
using the results of risk assessments to determine appropriate controls to reach
acceptable levels of risk;
incorporating security as an essential element of information networks and systems;
the active prevention and detection of information security incidents;
ensuring a comprehensive approach to information security management;
continual reassessment of information security and making of modifications as
appropriate.

c) ISO/IEC 27001

Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the
commonly used information security management terms and definitions, as given in
ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation
Training course or equivalent.

*Relevant proofs to be submitted

This course is not for filling gaps in the knowledge about the standard; but for enhancing the
knowledge about the same with regards to audit context.
.
Contact us
For registration or any other queries, you may write to us at academy@tuv-sud.in or info@tuv-
sud.in or call our toll free number 1800-210-1000
TSA-AC-M103 | Iss: 01, Rev: 01 | Dt: 24.05.2016

TV SD South Asia Private

TVLimited
SD South Asia Pvt. Ltd.
www.tuv-sud.in