Quick Search


Courses in Hong Kong

[WS26] CQI & IRCA Certified ISO/IEC 27001:2013 Information Security Management Systems Auditor/Lead Auditor Course


This CQI (Chartered Quality Institute) /IRCA (International Register of Certificated Auditors) certified Information Security Management Systems (ISMS) Auditor / Lead Auditor Training Course is part of International recognized CQI/IRCA ISMS Auditor Certification programme.

The successful completion of this course is pre-requisite and essential to becoming a CQI/IRCA ISMS Auditor.  

Learning objectives

  •         Learn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification
  •         Learn how to explain the role of an auditor to plan, conduct, report, and follow-up an ISMS audit in accordance with ISO 19011 (and ISO 17021) where appropriate
  •         Learn how to plan, conduct, report and follow-up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate)

Course benefits

  •         Your organization will have an internal resource and process to be able to conduct its own audit of its ISMS to assessand improve conformance with ISO/IEC 27001
  •         You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization
  •         Successful auditing will improve the protection of an organization’s personal data and trade secret to meet market assurance and corporate governance needs
  •         Understand how to identify gaps in an ISMS system
  •         Accurately audit will be able to provide continuous improvement to a management system
  •         Meet training requirements for CQI/IRCA auditor certification 

Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to the latest ISO/IEC 27001 in
any organization. The suggested job functions and their teams including but not limited to the following:
  •        Information security managers
  •        IT and corporate security managers
  •        Corporate governance managers
  •        Risk and compliance managers
  •        Information security consultants

You have successfully completed ISO/IEC 27001:2019 Information Security Management Systems - Understanding & application, Internal Auditor Training Course and/or equicalent to any working ecxperiences.

Course outline
Day 1 : Information security management systems knowledge (ISO 27001)
  • Management system structure (MSS) and process approach (PDCA)
  • Understand the organization's compliance risk
    • Understanding of organization, interested parties, and their requirements 
    • Management system scoping 
  • Leadership and commitment
    • Top management leadership, management system policy and objectives 
    • Support the management system and a documented management system
  • Compliance risk management and objectives
    • Information asset management (asset register, asset owner)
    • Information security risk management requirements and process
    • Risk assessment (identify the risk, risk owner, risk analysis and risk evaluation)
    • Risk treatment (treatment options, Statement of Applicability(SoA), risk treatment plan

Day 2: Guidelines for auditing management systems (ISO 19011 and ISO 17021) - Auditor, audit types and certification process

  • Management system operation
  • Management system performance evaluation and improvement processes
  • Auditor's role, responsibility, and competence
  • Different types of audit and certification process

Day 3: Guidelines for auditing management systems (ISO 19011) - Audit simulate the process of planning, preparation for an audit

  • Roles and responsibilities in an audit 
  • Management system performance evaluation and continual improvement requirements 
  • Different types of audit
  • Audit programme and purpose
  • Planning an audit (initiate the audit, feasibility analysis)
  • Conduct a Stage 1 audit (document review)
  • Preparation for Stage 2 (on-site) audit - audit plan
  • Preparation of audit work documents includes checklist and audit trails 

Day 4: Guidelines for auditing management systems (ISO 19011) - Audit simulate the opening meeting, on-site audit activities, and role-play

  • Opening meeting
  • Roleplay for audit scenarios 
  • Practice audit skills of collecting audit evidence
  • Prepare audit findings and results, includes conformance, non-conformity (NC), and opportunity for improvement (OFI) 
  • Prepare audit report 

Day 5: Guidelines for auditing management systems (ISO 19011) - Audit simulate the closing of on-site audit - close meeting and follow-up

  • Audit conclusion 
  • Closing meeting 
  • Audit follow-up
  • Evaluating correction, the corrective action including root cause analysis and audit finding closure
  • Management system certification 
  • Course summary and examination 

Delivery Method

This course will be conducted through a live virtual training.   Delegates are required to attend the class in-person at our training venue.

 Should you have any questions, please free feel to contact Ms. Joanne Chan at 6050 8153 during office hour (9 a.m. to 6 p.m.) on Monday to Friday. ​

Remarks: “HKQAA reserves the right to cancel the course, change the trainer, content, date, time and / or venue as necessary. Please read the terms and conditions at the bottom of this page before enrolment.” Course time : 09:30 - 17:00 Early-bird price will be offered for applications with payment settlement 1 month before course start. Remarks:No group discount

Course Code Date Duration Course Fee Course Fee (Early Bird) Language Location
WS16E/HK-11A (Virtual class) 22-26 Nov 2021 5 days 9800 9300 English with English materials
WS16E/HK-01A (Virtual class) 10-14 Jan 2022 5 days 9800 9300 English with English materials 19/F K Wah Centre 191 Java Road North Point Hong Kong

申請 條款及條件



Last Update: 2021-12-03   Disclaimer and Copyright
Copyright © 2009 Hong Kong Quality Assurance Agency. All rights reserved.