Quick Search


Courses in Hong Kong

[WS16] CQI & IRCA Certified ISO/IEC 27001:2022 Information Security Management Systems Auditor/Lead Auditor Course

CQI & IRCA Certified
ISO/IEC 27001:2022 Information Security Management Systems Auditor/Lead Auditor Course


Delivery Method 

  • This course will be conducted through an online platform training (ZOOM). 

  • Our e-learning system will send email notification to your registered e-mail address.  Make sure to provide the e-mail address that you can access the e-mails anytime.  We recommend to use personal email address, instead of company email address. 

  • Equipment configuration requirements: During the class, candidate is required to turn on the microphone (Microphone) and video camera (Webcam) to interact with the instructor and classmates.



This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course is part of International recognized CQI/IRCA ISMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.  


Learning objectives

  • Learn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification

  • Learn how to explain the role of an auditor to plan, conduct, report, and follow-up an ISMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate

  • Learn how to plan, conduct, report and follow-up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  • Your organization will have an internal resource and process to be able to conduct its own audit of its ISMS to assessand improve conformance with ISO/IEC 27001

  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization

  • Successful auditing will improve the protection of an organization’s personal data and trade secret to meet market assurance and corporate governance needs

  • Understand how to identify gaps in an ISMS system

  • Accurately audit will be able to provide continuous improvement to a management system

  • Meet training requirements for CQI/IRCA auditor certification 

Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to the latest ISO/IEC 27001 in any organization. The suggested job functions and their teams including but not limited to the following:

  • Information security managers

  • IT and corporate security managers

  • Corporate governance managers

  • Risk and compliance managers

  • Information security consultants


  • You have successfully completed ISO/IEC 27001:2022 Information Security Management Systems - Understanding & application, Internal Auditor Training Course and/or equicalent to any working ecxperiences.

Course outline

Day 1 : Information security management systems knowledge (ISO 27001)

  • Management system structure (MSS) and process approach (PDCA)

  • Understand the organization's compliance risk

    • Understanding of organization, interested parties, and their requirements 

    • Management system scoping 

  • Leadership and commitment

    • Top management leadership, management system policy and objectives 

    • Support the management system and a documented management system

  • Compliance risk management and objectives

    • Information asset management (asset register, asset owner)

    • Information security risk management requirements and process

    • Risk assessment (identify the risk, risk owner, risk analysis and risk evaluation)

    • Risk treatment (treatment options, Statement of Applicability(SoA), risk treatment plan

Day 2: Guidelines for auditing management systems (ISO 19011 and ISO 17021) - Auditor, audit types and certification process

  • Management system operation

  • Management system performance evaluation and improvement processes

  • Auditor's role, responsibility, and competence

  • Different types of audit and certification process

Day 3: Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

  • Roles and responsibilities in an audit 

  • Management system performance evaluation and continual improvement requirements 

  • Different types of audit

  • Audit programme and purpose

  • Planning an audit (initiate the audit, feasibility analysis)

  • Conduct a Stage 1 audit (document review)

  • Preparation for Stage 2 (on-site) audit - audit plan

  • Preparation of audit work documents includes checklist and audit trails 

Day 4: Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting

  • Roleplay for audit scenarios 

  • Practice audit skills of collecting audit evidence

  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 

  • Prepare audit report 

Day 5: Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

  • Audit conclusion 

  • Closing meeting 

  • Audit follow-up

  • Evaluating correction, the corrective action including root cause analysis and audit finding closure

  • Management system certification 

  • Course summary and examination 

Should you have any questions, please free feel to contact Ms. Joanne Chan at 6050 8153 during office hour (9 a.m. to 6 p.m.) on Monday to Friday / contact us by sending an email to ​


Remarks: “HKQAA reserves the right to cancel the course, change the trainer, content, date, time and / or venue as necessary. Please read the terms and conditions at the bottom of this page before enrolment.” Course time : 09:30 - 17:00 Early-bird price will be offered for applications with payment settlement 1 month before course start. Remarks:No group discount

Course Code Date Duration Course Fee Course Fee (Early Bird) Language Location
WS16E/HK-02A (E-learning) 26 February - 1 March 2024 5 days *10800 (Special offer) English with English materials Online Platform (ZOOM)
WS16E (E-learning) TBA 5 days 12000 English with English materials Online Platform (ZOOM)

申請 條款及條件



Last Update: 2024-02-21   Disclaimer and Copyright
Copyright © 2009 Hong Kong Quality Assurance Agency. All rights reserved.