Cyber cover image (c) Canva


ISMS ISO/IEC 27001:2022 Lead Auditor (IRCA) - Information Security Management System Lead Auditor Training: 

In the training, you will learn about auditing for information security systems in accordance with the ISO 27001-standard. The training is IRCA certified and meets the criteria for the training required for the international IRCA auditor qualification.

The training fee includes teaching, training materials and a course certificate. It also includes morning coffee, lunch and afternoon coffee for every training day.


On successfully completing the course, students will be able to :

  • Audit as per the requirements of ISO/IEC 27001:2022 standard

  • Understand key elements of ISO 19011 and ISO/IEC 17021Standards

  • Understand key information security issues

  • Plan an audit against a set of audit criteria

  • Successfully execute an Information Security Management system audit

  • Create clear, concise and relevant audit reports

  • Communicate the audit findings to a client

The course uses a mixture of taught sessions, interactive group discussions, exercises, continuous assessment and examination to achieve its aims. The practical exercises are based upon a fictional company. However, the procedures, work instructions and data are typical and could relate to many different enterprises equally. The practical exercises have been carefully designed to focus upon issues that commonly arise during Information Security Management system audits.

Who the course is for

IT Security Managers, Internal Auditors, Management Representatives & Members of IT teams. Employees already working in ISMS certified organizations or organizations planning to achieve certification. Individuals working as a consultant or subject matter experts on ISO 27001 or other management systems. Any individual aspiring to pursue their career in the field of IT Security & Management System Auditing.


  • Information Security Management System overview

  • Auditing Information Security Management System against requirements of ISO/IEC 27001:2022

  • Audit techniques

  • Accreditation issues

  • Auditor competence

  • Practical Exercises and Feedback

The language of the training and the materials used in it is English. The training includes two preliminary tasks that the participants complete before arriving at the training. The maximum number of participants in the course is 10 and the minimum number is 4 people. IRCA certification of the training requires participation in all training days. The exact program of the training days is provided with the preliminary material, but the duration of the days is as follows:                           

  • Monday, 8:45-18:30

  • Tuesday, 9:00-17:45

  • Wednesday, 9:00-18:15

  • Thursday, 9:00 -17:45

  • Friday, 9:00-17:30

Trainer: Peter Ellis

CQI-IRCA Certified PR373: ISMS ISO/IEC 27001:2022 Lead Auditor Training Course


Delegates are expected to have prior knowledge of the following

Management system:

  • Understand the Plan-Do-Check-Act (PDCA) cycle

Information Security Management:

Knowledge of the following information security management principles and concepts:

  • Awareness of the need for information security;

  • The assignment of responsibility for information security;

  • Incorporating management commitment and the interests of stakeholders;

  • Enhancing societal values; 

  • Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;

  • Incorporating security as an essential element of information networks and systems;

  • The active prevention and detection of information security incidents;

  • Ensuring a comprehensive approach to information security management;

  • Continual reassessment of information security and making of modifications as appropriate.

ISO/IEC 27001

  • Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing ISO 27001 standard requirements course.

  • DATE


    (5 day course)


    Classroom teaching


    Sokos Hotel Tripla, Helsinki


    € 3175 +VAT



Cancellation of participation is possible free of charge no later than 14 days before the start of the event. The place can be given to a person working in the same organization, if the registered person is prevented from participating. We reserve the right to cancel the event due to the low number of participants no later than 7 days before the start of the event.