This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course is part of International recognized CQI/IRCA ISMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.  

 

Learning objectives

• Learn how to explain the purpose and business benefits of a BCMS, of BCMS standards, of management system audit and of third-party certification
• Learn how to explain the role of an auditor to plan, conduct, report, and follow-up a BCMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
• Learn the how to plan, conduct, report and follow-up an audit of a BCMS to establish conformity (or otherwise) with ISO 22301 in accordance with ISO 19011 (and ISO 17021 where appropriate)

 

​Course benefits​

• Your organization will have an internal resource and process to be able to conduct its own audit of its BCMS to assess and improve conformance with ISO 22301
• You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of a BCMS in any organization
• Successful auditing will improve the business continuity capability and quality to meet market assurance and corporate governance needs
• Understand how to identify gaps in a BCMS system
• Accurately audit will be able to provide continuous improvement to a management system
• Meet training requirements for IRCA auditor certification

 

​Who should attend?

This course is intended for those who will be involved in leading audits of a BCMS that conforms to ISO 22301:2012 in any organization. Suggested job functions and their teams include:​

• Those wishing to implement a BCMS in accordance with ISO 22301
• Management professionals who operate emergency response services, i.e. data center, help desk, problem management
• The existing auditor who wants to expand their auditing skills 
• Consultants who wish to provide advice on ISO 22301 implementation
• IT and corporate security managers
• Corporate governance managers
• Risk and compliance managers

Day 1: Business continuity management systems knowledge (ISO 22301)

• Terms and definitions 

• Management system structure (MSS) and process approach (PDCA)

• Understanding of organization, interested and their requirements 

• Management system scoping 

• Top management leadership, management system policy and objectives 

• Support the management system 

Day 2: Business continuity risk management

• Business risk management requirements and process (BIA, business impact analysis)

• Risk assessment (identify the risk, risk analysis, and risk evaluation)

• Risk treatment (business continuity strategy)

• Incident management process

• Business continuity management and plans (BCPs) 

• BCM exercising and testing

• Documented management system (standard requirements and from the organization)  

Day 3: Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

• Roles and responsibilities in an audit 

• Management performance evaluation and continual improvement requirements 

• Different types of audit

• Audit programme and purpose

• Planning an audit (initiate the audit, feasibility analysis)

• Conduct a Stage 1 audit (document review)

• Preparation for Stage 2 (on-site) audit - audit plan

• Preparation of audit work documents includes checklist and audit trails 

Day 4: Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

• Opening meeting

• Roleplay for audit scenarios 

• Practice audit skills of collecting audit evidence

• Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 

• Prepare audit report 

Day 5: Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

• Audit conclusion 

• Closing meeting 

• Audit follow-up

• Evaluating correction, corrective action including root cause analysis and audit finding closure

• Management system certification 

• Course summary and examination