Information Security Management Systems Lead Auditor

Learning Outcomes

After successful completion of this course you will understand:

• The principles and procedures of auditing
• Auditor roles and responsibilities
• The benefits of a risk-based audit programme
• How to plan an effective audit
• Timetabling
• Resource allocation
• Interpersonal skills and personal behaviours of an auditor
• How to conduct effective opening and closing meetings
• Preparing and distributing an audit report
• How to implement processes and controls within the Information Security management system
• How to identify gaps in an Information Security management system
• Understand the mandatory documentation requirements of an Information Security system
• How to improve your organisation’s conformance with ISO/IEC 27001:2022

Course Content

This course is divided into two flexible modules, enabling you to attend both modules in the one week, or spread across different sessions.The first 2-day module is equivalent to our ‘Becoming a Skilled Lead Internal/External Auditor’ course where you learn how to conduct an audit of any management system in accordance with ISO 19011. The remaining 3-day module covers the requirements of the updated information security management systems standard, ISO 27001:2022. 

Timetable

Monday

Management Systems Auditing – preparation

• What is auditing?
• Roles and responsibilities of an auditor and an audit team leader
• The 6 principles of auditing from ISO 19011
• Effective audit planning and timetabling
• Communication skills, interview techniques, and useful questioning methods
• Setting appropriate audit objectives, scope, and criteria
• Developing audit checklists

Tuesday

Management Systems Auditing – the audit

• Conducting an opening meeting
• Identifying objective evidence and taking good notes
• Reviewing auditing scenarios
• Writing audit findings including nonconformities and non-compliances
• Presenting a closing meeting
• Compiling a meaningful audit report

Wednesday

Information Security Management Systems

• Introduction to Information Security
• Context of Information Security
• Information Security management systems requirements
• Risk-based approach to information security
• Structure of Information Security controls and control attributes.

Thursday

Information Security controls

• Information Security controls – Organisational, people, physical, technological
• Information classification
• Documentation requirements of Information security management systems

Friday

Information Security application

• Statement of applicability
• Information security audit scenarios
• Course review

Qualification 

Upon successful completion of the course, you will receive a Certificate of Attainment which identifies the 3 Exemplar Global competencies below:

1. Exemplar Global IS – Information Security management systems
2. Exemplar Global AU – Management systems auditing
3. Exemplar Global TL – Leading management systems audit teams

Prerequisites

There are no prerequisites for this course.

Assessment

Throughout the course, you will complete a series of workshops which form part of the assessment. A short multiple-choice exam at the completion of each module assesses the knowledge and understanding gained throughout the training. You will receive continual assistance and feedback from the trainer and are given anecdotal examples of real world audit situations.

No homework or take-home assessment. 

Who should attend 

Designed to cater to a variety of people currently involved in the audit and Information Security Management System process, you should attend if you:

• want to become an internal ISMS auditor
• want to become a 3rd party IS auditor
• need to write and implement a ISMS
• are involved in the Information Security management process
• are a manager responsible for an ISMS and ISMS auditing
• wish to consolidate your existing knowledge into a formal qualification.

Prior experience in auditing and management systems is not essential.

Study Pathway – Where to from here?

If you wish to become a registered third-party or external Information Security Management Systems auditor with Exemplar Global, completing this course is the first step.

Once you have obtained the Exemplar Global competencies from this course, you can follow the qualification-based certification path to become a registered third-party or external auditor. A full explanation of the requirements to become certified with Exemplar Global can be found here or contact us for more information.

Additional Exemplar Global competencies for Quality Management Systems (Exemplar Global QM), Environmental Management Systems (Exemplar Global EM) and/or OH&S Management Systems (Exemplar Global OH 45001), and Food Safety Management Systems (Exemplar Global FS) may be attended separately.

How to enrol

PwC offers an easy, streamlined enrolment process – you can either enrol directly into your course online, or call us on 1300 95 96 92 to enrol over the phone.

Discounts for multiple attendees are available – Please call us to find out what discounts can be applied.

How to pay

We offer a variety of payment methods:

• Direct debit
• Credit card
• Cheque
• Payment plans

Payment plans

We are able to arrange flexible payment plans on an individual basis. Please be aware that your certificate will be held until full payment has been received.

Delivery

Public – Face-to-face

Our regular public courses are conducted at PwC offices in capital cities across Australia. You will enjoy an excellent learning experience in a premium training venue, and;

• We never cancel courses – book with confidence
• Class sizes are kept to manageable numbers – so everybody learns
• No homework or take-home assessment! All work is completed in course time – we know you’re busy
• No major exam – we assess you as you go

Public – Virtual/Online

We’ve developed an online digital classroom to deliver our courses virtually so you can attend from anywhere! Our purpose-built platform is engaging and interactive.

Our virtual training platform incorporates:

• Group exercises – facilitated by mini break out workshops amongst participants
• The ability to ask questions in real-time
• Built-in note taking and tracking of course materials
• Interaction with participants and trainer throughout the session through a chat functionality
• Online assessments providing a streamlined marking process

Our aim is to recreate the classroom experience in a safe, virtual environment, maintaining the fun and engaging experience our clients find useful and valuable.

Please note: Due to licensing restrictions, our virtual courses are open to participants from Australia and NZ only.

In-house – Face-to-face or virtual

In-house training can provide a cost-effective training solution for organisations with a number of staff who require training. We can also customise a course to suit your own individual needs, and include your own audit documentation. Call us on 1300 95 96 92 or complete the form below to request a quote. 

Request an In-house quote