ISO/IEC 27001 Lead Auditor - HKPC Academy
ISO/IEC 27001 Lead Auditor
10013740-01
HKPC Building 78 Tat Chee Avenue Kowloon
2023-03-21
Ms LEE, Tel: +852 27885704

Information security threats and attacks grow and evolve continuously. As such, organisations are increasingly concerned about how their valuable information is handled and protected. The best form of defense against threats and attacks is the proper implementation, auditing, and management of information security controls and best practices. Information security is a key expectation and requirement of customers, legislators, and other interested parties.

ISO/IEC 27001 Lead Auditor training course is designed to prepare you to audit an information security management system (ISMS) based on ISO/IEC 27001. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits.

The training content is comprised of practical exercises and case studies which bring you real-world expertise that you can apply to your day-to-day operations and activities. Through practical exercises, you will be able to master audit techniques and become competent to manage an audit programme, audit team, communication with customers, and conflict resolution.

What is ISO/IEC 27001 ?

ISO/IEC 27001 provides requirements for organisations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organisation.

Course Outline

Day 1 – Introduction to the information security management system (ISMS) & ISO/IEC27001

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Certification process
  • Fundamental concepts and principles of information security
  • Information security management system (ISMS)

Day 2 – Audit principles, preparation, and initiation of an audit

  • Fundamental audit concepts and principles
  • The impact of trends and technology in auditing
  • Evidence-based auditing
  • Risk-based auditing
  • Initiation of the audit process
  • Stage 1 audit

Day 3 – On-site audit activities

  • Preparing for stage 2 audit
  • Stage 2 audit
  • Communication during the audit
  • Audit procedures
  • Creating audit test plans

Day 4 – Closing the audit

  • Drafting audit findings and nonconformity reports
  • Audit documentation and quality review
  • Closing of the audit
  • Evaluation of action plans by the auditor
  • Beyond the initial audit
  • Managing an internal audit program
  • Closing of the training course

Certification Examination

  • Duration: 3 hours
  • Online examination to be booked after completion of the training course.

Who Should Attend

    • Individuals who are interested in mastering the audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001
    • Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
    • Managers or consultants seeking to master an Information Security Management System (ISMS) audit process
    • Individuals responsible for maintaining conformance with Information Security Management
    • System (ISMS) requirements
    • Technical experts seeking to prepare for an Information Security Management System (ISMS) audit
    • Expert advisors in Information Security

Medium

Cantonese with English terminology

Course Fee

HK$16,800 per person

RTTP Training Grant Application

This course is applying Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details: https://rttp.vtc.edu.hk.

Companies should submit their RTTP training grant application for their employee(s) via https://rttp.vtc.edu.hk/rttp/login at least two weeks before course commencement. Alternatively, application form could be submitted by email to rttp@vtc.edu.hk along with supporting documents.

Tutors 

Mr Poon Wai Tung, Keith

Mr Poon Wai Tung, Keith is the Principal Consultant of an IT security consultancy company. Mr Poon has been instrumental in developing professional consulting solutions, auditing and training courses in the increasingly vital areas of business risk assessment, business continuity management, information security and IT service management with a particular focus on services companies and manufacturing.

Mr Leung Wai Leung, Terry

Mr Lau Wai Leung, Terry is the Senior Consultant of an IT security consultancy company. Mr Lau has conducted many IMS audit in Hong Kong, Macau and China and provided various in-house and public ISO training to ensure the clients meet the standard requirements and achieve certification. The clients focus on MNC and SME.

Mr Chung Tin Cheuk, Aidan

Mr Chung Tin Cheuk, Aidan is the Senior Consultant of an IT security consultancy company. Mr Chung has implemented ISO 14000, ISO/IEC 20000, ISO/IEC 27001 & ISO 50001 certification for a professional data centre companies in Hong Kong, designed and delivered training course on information security management system, service management system and quality management system.

Mr Lo Hok Sik, OK

Mr Lo Hok Sik, OK is the Senior Consultant of an IT security consultancy company. Mr Lo has conducted many risk assessment and business continuity management in government sector in systems integrator industry and IT infrastructure virtualisation and VDI project in local and countries in overseas.

Certificate of Training

Participants who have attained at least 75% attendance of lecture will be awarded an Attestation of Course Completion for claiming Continuing Professional Development (CPD) credits.

Download Full Course Detail