1. Objective
Candidates can expect to gain knowledge and understanding in the following upon successful completion
of the education and examination components related to this certification.
problems and measure ROI based on performance metrics. The outcomes of this program include:
• • Understanding and effectively auditing the intent of ISO 27001 in the new Annex SL format
• • Understanding the organization and its context & Issues
• • Understanding the needs and expectations of interested parties
• • Identifying issues
• • Leadership and commitment for the quality management system
• • Understanding risks and opportunities
• • Determination of security requirements for products and services and selection of controls
• from Annex A
• • Performance evaluation
• • Identification and reporting of non-conformances in the process audit
• • Evaluating corrective actions for root cause and effectiveness
• • Auditing techniques including effective auditing of management
LEAD, PLAN, MANAGE AND IMPLEMENT AN AUDIT PLAN
ISO27001: Lead Auditor
Program Overview
ISO 27001:2013 Lead Auditor is a 5-day course that offers an in-depth understanding of the concepts of the
ISO 27001:2013 standard and the principles and practices of performing and reporting on effective
information security management system audits in accordance with ISO 19011 standard.
Experienced instructor with over 15 years in ISMS explain the clauses of ISO 27001:2013 in detail and guide
students through the audit process, which is required for creating and maintaining an Information Security
Management System based on ISO 27001:2013.
Students will gain auditing skills and knowledge through a balance of classroom training, practical role-
playing, group workshops, case studies and open forum discussions. This is currently one of the most
dynamic ISO 27001 courses available due to its progressive, hands-on and workshop oriented approach.
This course does not require any IT technical skills as this is a management system standard.
2. Workshop Chronology
Day 1: 9:00am – 5:00pm
Day 2: 9:00am – 5:00pm
Day 3: 9:00am – 5:00pm
Day 4: 9:00am – 5:00pm
Day 5: 9:00am – 5:00pm
• There will be an online training followed by
multiple choice exam of 100 marks.
• You need to acquire 60+ marks to clear the
exam.
• If you fail, you can retake the exam after one
day.
• Incase Participant do not score passing % then
they will be granted a 2nd attempt at no
additional cost. Re-examination can be taken
up-to 30 days from date of 1st exam attempt.
Target Audience:
• Project managers.
• Project Board members
• Senior Responsible Owners
• Team Managers
• Product Delivery Managers
• Project Assurance
• Business Change Analysts
• Project Support
• Project and Program Office personnel
• Operational line managers/staff
LEAD, PLAN, MANAGE AND IMPLEMENT AN AUDIT PLAN
ISO27001: Lead Auditor
Prerequisites:
There are no mandatory pre-requisite for ISO
27001 but below are few recommendations.
• Recommended to have training on ISO 27001
through a qualified training institution.
• Recommended to have work experience in
quality and security.
Course Benefit
This course will help you:
• Identify the aims and benefits of an ISO 27001:2013 audit
• Interpret ISO 27001:2013 requirements for audit application
• Learn to conduct and audit a risk assessment process and learn the methodology of risk
assessments
• Learn how suitable controls are chosen based on Annex A
• Plan, conduct and follow-up auditing of the risk register and the selection of controls
• Grasp the application of risk-based thinking, leadership and process management
• Access the latest auditor techniques and identify appropriate use
• Build stakeholder confidence by managing processes in line with the latest requirements
3. Workshop Outline
DAY 1
Auditing a Security Management System
Module 1: Information Security Management
Systems
Activity 1 – Understanding Information Security
Module 2: Information Security Concepts
Module 3: The Audit Process for ISMS
Activity 2 – Audit Planning Considerations
Module 4: Auditing the ISO 27001 Standard
Activity 3 – Security Terminology
Module 5: Context of the Organization
Activity 4 – Auditing Organizational Context
Module 6: Leadership
Activity 5 – Auditing Security Policy
DAY 2
Auditing a Security Management System
ReCap Day 1
Module 7: Planning
Activity 6 – Auditing Security Objectives
Activity 7 – Conducting and auditing a Risk
assessment process, Risk register and selection of
controls from Annex A
Module 8: Support
Activity 7 – Competence and Awareness
Module 9: Operation
Activity 8 – Operational Controls
Module 10: Performance Evaluation
Activity 9 – Security Performance Evaluation Method
Module 11: Improvement
Activity 10 – Effectiveness of the Security
Management System
Tepat Training & Consultancy PLT
Unit 2-2-22 1 Square, Tingkat Mahsuri, The One 11950 Bayan Baru, Penang
Tel - 04 619 2792 Fax - 04 619 2699 Email- khairul@tepatllc.com
ISO27001: Lead Auditor
DAY 3
Conducting and Leading Management System
Audits
ReCap Day 2
Module 1: ISO 19011 Overview
Activity 1 – Successful Auditing
Module 2: Managing an Audit Program
Activity 2 – Scheduling Considerations
Activity 3 – Audit Objective, Scope and Criteria
Activity 4 – Auditor Competencies
Activity 5 – Selecting the Audit Team
Module 3: Audit Planning and Preparation
Activity 6 – Additional Information Required for an
Audit
Activity 7 – Determining Sources of Objective
Evidence
Activity 8 – The Audit Plan
Activity 9 – Audit Work Documents
DAY 4
Conducting and Leading Management System
Audits
ReCap Day 3
Module 4: Performing the Audit
Activity 10 – Develop 5 Strategies to Build
Relationships
Activity 11 – Personality Types
Activity 12 – Opening Meeting
Activity 13 – Audit Interviews
Activity 14 – Nonconformity Report
Activity 15 – Closing Meeting
Module 5: Reporting Audit Outcomes
Activity 16 – Draft Audit Report
Activity 17 – Corrective Action
4. Workshop Outline
DAY 5
Case Study & Examination
ReCap Day 4
Case Studies – Live Case & Group Discussion
Exam
Tepat Training & Consultancy PLT
Unit 2-2-22 1 Square, Tingkat Mahsuri, The One 11950 Bayan Baru, Penang
Tel - 04 619 2792 Fax - 04 619 2699 Email- khairul@tepatllc.com
ISO27001: Lead Auditor
5. Trainer Profile
Capt. A. Rajkumar CISP, CISA, BCMS IRCA Lead Auditor ISO 9001 & ISO 14001, OSHAS, ISO 27001,
ISO 22301, SA 8000
Capt. Rajkumar holds a degree in Physics and Computer Science and advanced diploma in
applied sciences. He is a certified Master Mariner in the merchant marine with a career at
sea spanning over 16 years. After his retirement from a sea career, for the last decade, he
has implemented and trained over 100 MNC’s & GLC’s for various standards and regulatory
compliances in the ASEAN region and Asia.
He was a primary player in bringing ISO 20000-1 IT Service Management to Malaysia and
had assisted Kompakar Inc, an MSC status company, Certified to ISO 20000-1, the first 20000
certificate in ASEAN region. He has also consulted trained and helped certify Pentasoft
Malaysia, a CMMI Level 5 company in IT Service Management ISO 20000, one of the very
few software development companies in the world to achieve this standard.
His experience in Telco goes back to 2004 when he did work for Telekom and GITN. He also
was engaged with Greenpacket, Macrokiosk, NTT, Redtone, Hitachi Sunway, AIMS, Strateq
DC and other Telco players in setting up their QMS and Information Security, Business
Continuity standards.
He was one of the first batch of BS 7799 (Old Version of ISO 27001) qualified auditors in
Malaysia. He has worked with companies like Petronas, Charigalli Gas, Sapura Crest,
Kanchana Oil, PT Pertamina in Risk Assessments, GITN Telekom Malaysia, DigiCert POS
Malaysia in Information Security management & Project Management Implementation &
training.
Tepat Training & Consultancy PLT
Unit 2-2-22 1 Square, Tingkat Mahsuri, The One 11950 Bayan Baru, Penang
Tel - 04 619 2792 Fax - 04 619 2699 Email- khairul@tepatllc.com
ISO27001: Lead Auditor