This Information Security Management System (ISMS) Lead Auditor training course provide information security professionals with the knowledge and skills required to assess the conformance of an organization's information security management system to ISO/ IEC 27001:2022.

This course is accredited by International Register of Certified Auditors (IRCA) with the instruction, course content, course duration, examination and administration regulated by IRCA. Delegates should note that evening work is required during the course and there will be a two and half-hour examination conducted on the final day of the course.

This course is specially created to help delegates understand the philosophy, and the motivation of ISMS program as well as provide an impartial view of the ISMS standards and requirements. In order to ensure effective learning, Maximus deploys some of the most advanced adult learning techniques including.

• Having pre-class reading material to gain initial understanding, in-class to provide an in-depth explanation with hands-on techniques and categorization of information and, post-class learning reinforcement.
• Having the material geared towards audit preparation, verification techniques as well as audit follow-up with information security risk management as the focus.
• Having 14 competency exercises and 8 competency tests – competency exercises allow delegates to gain confidence in performing a task while competency tests, a combination of skills learnt from competency exercises, allows delegates to validate the skills learnt from the training.

• Equipped with knowledge and skills required to perform audits of Information Security Management Systems (ISMS) against the ISMS standards.
• Satisfy the training requirements for initial certification as an IRCA ISMS auditor.
• Increase your credibility through gaining international recognition.
• Improve your resume and help to increase earning potential.

• Audit Programme Coordinators who wish to set-up a audit programme within their Organization as recommended by ISO 19011.
• Senior and Middle Managers who wish to better understand the philosophy and the requirements of Information Security Management Systems (ISMS), and strategizing the implementation.
• Managers and Professional Engineers who need to understand the implementation requirements of ISMS program and be equipped with the ability to select credible consultants.
• Existing auditors who wish to expand their auditing skills into the field of ISMS.
• Professionals who wish to provide advisory on the ISO 27001 ISMS certification expectation.

Before engaging in this course, delegates are expected to have the following prior knowledge:

1. Management systems

• Prior understanding of the Plan-Do-Check-Act (PDCA) cycle

Knowledge of the following information security management principles and concepts.

• Assignment of responsibility for information security.
• Incorporating management commitment and the interests of stakeholders.
• Enhancing societal values.
• Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk.
• Incorporating security as an essential element of information networks and systems.
• Active prevention and detection of information security incidents.
• Comprehensive approach to information security management.
• Continual reassessment of information security and making of modifications as appropriate.

Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.