Course Outline
I. Introduction to Information Security
1. Principles of systemic information security management
2. Organizational benefits and value addition
II. Overview of ISO/IEC 27001 Requirements
1. Core requirements of the standard
2. Key areas requiring specific attention
3. Identification of documentation obligations
4. Overview of Annex A controls
III. Information Security Management System (ISMS) Compliance with ISO/IEC 27001
1. Components of the ISMS in accordance with ISO/IEC 27001
2. Exercises in interpreting and analyzing standard requirements
IV. Audit Fundamentals
1. Introduction to audit concepts
2. Conducting a complete audit
3. Establishing audit criteria
4. Classification of audit types
V. Audit Planning and Preparation
1. Defining audit scope and criteria
2. Selection of the audit team
3. Application of a process approach to internal audits
4. Key considerations in developing audit questionnaires
5. Execution of audits per ISO 19011:2018 guidelines
6. Practical application exercises
VI. Audit Execution and On-Site Procedures
1. Audit techniques and methodologies
2. Collection and evaluation of objective evidence
3. Identification and substantiation of non-conformities
4. Competency requirements for audit team members
5. Practical application exercises
VII. Documentation of Audit Findings
1. Precise formulation of observed deviations
2. Formal documentation of non-conformities
3. Identification and recording of improvement opportunities
4. Compilation of audit findings into an audit report
5. Practical application exercises
VIII. Post-Audit Follow-Up Activities
1. Responsibilities regarding the initiation of corrective actions
2. Importance of accurately determining root causes of non-conformities
3. Definition and implementation of corrective actions
4. Evaluation of action effectiveness
5. Follow-up procedures for identified improvement opportunities
6. Practical application exercises
IX. Discussion and Conclusion
The following text outlines the structured curriculum for the ISO/IEC 27001 Lead Auditor certification, formatted for web publication without tabular data.
PECB ISO/IEC 27001 Auditor Certification Prerequisites
All candidates seeking PECB ISO/IEC 27001 Auditor designations must successfully pass the PECB Certified ISO/IEC 27001 Lead Auditor examination (or an equivalent approved exam) and adhere to the PECB Code of Ethics.
Candidate eligibility for one of the four certification tiers is determined by their professional experience and documented history of management system audits:
1. Provisional Auditor
-
Credential Title: PECB Certified ISO/IEC 27001 Provisional Auditor
-
Professional Experience: No prior experience required.
-
Audit Experience: None required.
-
Target Audience: Professionals who have passed the examination but do not yet meet the experience criteria for higher-tier designations.
2. Auditor
-
Credential Title: PECB Certified ISO/IEC 27001 Auditor
-
Professional Experience: Two years of total professional experience, including a minimum of one year dedicated to Information Security Management.
-
Audit Experience: A minimum of 200 hours of documented management system audit activities.
3. Lead Auditor
-
Credential Title: PECB Certified ISO/IEC 27001 Lead Auditor
-
Professional Experience: Five years of total professional experience, including a minimum of two years focused on Information Security Management.
-
Audit Experience: A minimum of 300 hours of documented management system audit activities.
4. Senior Lead Auditor
-
Credential Title: PECB Certified ISO/IEC 27001 Senior Lead Auditor
-
Professional Experience: Ten years of total professional experience, including a minimum of seven years focused on Information Security Management.
-
Audit Experience: A minimum of 1,000 hours of documented management system audit activities.
Requirements
Intended Recipients
- Professionals pursuing qualification as ISO/IEC 27001:2023 Lead Auditors
- Stakeholders with a professional interest in information security auditing practices for government
Testimonials (1)
Speed of response and communication