ISO/IEC 27001:2022 (ISMS) Auditor Continuing Professional Development (CPD) Training Course


This course is for the professionals who has successfully completed the CQI / IRCA ISO/IEC 27001:2013 Lead Auditor Training Course, to understand the changes on ISO/IEC 27001:2022 for update their knowledge and skills to fulfill the CQI / IRCA continuing professional development (CPD) requirements. 

Recommended Prior Knowledge

To participate in this training course, the following prior knowledge was expected: 

a) Management systems

    • Understand the Plan-Do-Check-Act (PDCA) cycle
    • The core elements of a management system and the interrelationship between top management responsibility, policy, objectives, planning, implementation, measurement, review, and continual improvement.

b) Information security management

Knowledge of the following information security management principles and concepts:

    • awareness of the need for information security;
    • the assignment of responsibility for information security;
    • incorporating management commitment and the interests of stakeholders;
    • enhancing societal values;
    • using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
    • incorporating security as an essential element of information networks and systems;
    • the active prevention and detection of information security incidents;
    • ensuring a comprehensive approach to information security management;
    • continual reassessment of information security and making of modifications as appropriate.

c) ISO/IEC 27001

    • Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.

Note. You are advised that course examination questions can relate to any requirement of ISO/IEC 27001 and the expected prior knowledge. 

Who should attend?

This is intended for those who will be involved in leading audits of an ISMS that conforms to the latest ISO/IEC 27001 in any organization. 

The suggested roles and their team members including but not limited to the following:

    • Information security managers
    • IT and corporate security managers
    • Corporate governance managers
    • Risk and compliance managers
    • Information security consultants

Learning objectives

    • Understand the changes on ISO/IEC 27001:2022 management system requirement. 
    • Understand the changes on ISO/IEC 27001:2022, Annex A, Information security controls 

Course benefits

    • Understand the latest ISMS requirements.
    • Understand how to identify gaps between the organization and latest ISMS requirements. 

Course outline

Day 1, Information security management systems update (ISO 27001:2022)

    • Changes on management system requirements: 
      • Organization context 
      • Leadership
      • Support
      • Risk and opportunity management 
      • Management system operation 
      • Management system performance evaluation
      • Management system improvement
    • Changes on information security controls (Annex A)
      • Personnel related information security controls
      • Physical related information security controls
      • Technical related information security controls
      • Organization related information security controls
    • Course summary and examination 

What's included?

    • Course material
    • Online course exam
    • Course e-certificate (PDF format)

Organizational information

    • This is NON-CQI / IRCA registered course. 
    • Course duration: 8 hours
    • Minimum 4 delegates and maximum 20 delegates per course. 

Please contact us for more information or support 

Last modified: Wednesday, 28 December 2022, 11:58 AM