Quick Search


Courses in Hong Kong

[WS16] CQI & IRCA Certified ISO/IEC 27001:2013 Information Security Management Systems Auditor/Lead Auditor Course

CQI & IRCA Certified
ISO/IEC 27001:2013 Information Security Management Systems Auditor/Lead Auditor Course


This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course is part of International recognized CQI/IRCA ISMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.  


Learning objectives

  • Learn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification

  • Learn how to explain the role of an auditor to plan, conduct, report, and follow-up an ISMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate

  • Learn how to plan, conduct, report and follow-up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  • Your organization will have an internal resource and process to be able to conduct its own audit of its ISMS to assessand improve conformance with ISO/IEC 27001

  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization

  • Successful auditing will improve the protection of an organization’s personal data and trade secret to meet market assurance and corporate governance needs

  • Understand how to identify gaps in an ISMS system

  • Accurately audit will be able to provide continuous improvement to a management system

  • Meet training requirements for CQI/IRCA auditor certification 

Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to the latest ISO/IEC 27001 in any organization. The suggested job functions and their teams including but not limited to the following:

  • Information security managers

  • IT and corporate security managers

  • Corporate governance managers

  • Risk and compliance managers

  • Information security consultants


  • You have successfully completed ISO/IEC 27001:2019 Information Security Management Systems - Understanding & application, Internal Auditor Training Course and/or equicalent to any working ecxperiences.

Course outline

Day 1 : Information security management systems knowledge (ISO 27001)

  • Management system structure (MSS) and process approach (PDCA)

  • Understand the organization's compliance risk

    • Understanding of organization, interested parties, and their requirements 

    • Management system scoping 

  • Leadership and commitment

    • Top management leadership, management system policy and objectives 

    • Support the management system and a documented management system

  • Compliance risk management and objectives

    • Information asset management (asset register, asset owner)

    • Information security risk management requirements and process

    • Risk assessment (identify the risk, risk owner, risk analysis and risk evaluation)

    • Risk treatment (treatment options, Statement of Applicability(SoA), risk treatment plan

Day 2: Guidelines for auditing management systems (ISO 19011 and ISO 17021) - Auditor, audit types and certification process

  • Management system operation

  • Management system performance evaluation and improvement processes

  • Auditor's role, responsibility, and competence

  • Different types of audit and certification process

Day 3: Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

  • Roles and responsibilities in an audit 

  • Management system performance evaluation and continual improvement requirements 

  • Different types of audit

  • Audit programme and purpose

  • Planning an audit (initiate the audit, feasibility analysis)

  • Conduct a Stage 1 audit (document review)

  • Preparation for Stage 2 (on-site) audit - audit plan

  • Preparation of audit work documents includes checklist and audit trails 

Day 4: Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting

  • Roleplay for audit scenarios 

  • Practice audit skills of collecting audit evidence

  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 

  • Prepare audit report 

Day 5: Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

  • Audit conclusion 

  • Closing meeting 

  • Audit follow-up

  • Evaluating correction, the corrective action including root cause analysis and audit finding closure

  • Management system certification 

  • Course summary and examination 

Delivery Method

  • This course will be conducted through a live virtual training. Delegates are required to attend the class in-person at our training venue.


Should you have any questions, please free feel to contact Ms. Joanne Chan at 6050 8153 during office hour (9 a.m. to 6 p.m.) on Monday to Friday / contact us by sending an email to ​


Remarks: “HKQAA reserves the right to cancel the course, change the trainer, content, date, time and / or venue as necessary. Please read the terms and conditions at the bottom of this page before enrolment.” Course time : 09:30 - 17:00 Early-bird price will be offered for applications with payment settlement 1 month before course start. Remarks:No group discount

Course Code Date Duration Course Fee Course Fee (Early Bird) Language Location
WS16E (Virtual class) TBA 5 days 10800 10300 English with English materials 19/F K Wah Centre 191 Java Road North Point Hong Kong

申請 條款及條件



Last Update: 2023-02-01   Disclaimer and Copyright
Copyright © 2009 Hong Kong Quality Assurance Agency. All rights reserved.