Sorry, JavaScript required!

CQI IRCA Approved ISO/IEC 27001:2022 Lead Audit Workshop

Title CQI IRCA Approved ISO/IEC 27001:2022 Lead Audit Workshop
Course code MG17.2-05-2024-C
  • Explain the purpose and business benefits of an information security management system (ISMS), of ISMS standards, of management system audit and of third-party certification;
  • Explain the role of an auditor to plan, conduct, report and follow up an ISMS audit in accordance with ISO 19011:2018;
  • Plan, conduct, report and follow up an audit of an information security management system to establish conformity with ISO/IEC 27001:2013 (with ISO/IEC 27002:2013) in accordance with ISO 19011:2018;
  • This course is registered by the International Registrar of Certificated Auditors (IRCA Course ID 17518); exam paper in Chinese or English; you can choose to answer either in Chinese or in English.
Content This course incorporates presentations, workshops, role play and evening study, and takes a managerial perspective of the post of assessor. It culminates in practical (in-class performance and assignments) and written examinations:
  • General introduction
  • Information security management principles, vocabulary and ISO/IEC 27001:2013 requirements
  • Stage 1 audit (including document review)
  • Audit planning
  • Process auditing and audit skills
  • Writing NC reports and audit reporting
  • Audit follow up
Assessment In-class performance, assignments and written exam (see Remarks)
Target audience
  • Staff who are charged with the responsibility to develop and maintain a ISMS.
  • Information security management personnel involved with audit and assessment as an essential part of their work or wish to acquire an international recognized auditor qualification.
  • Personnel who wish to explore career opportunities in management system auditing.
Prerequisite CQI IRCA recommends students that they are expected to have the following prior knowledge:
  • Management systems: Understand the Plan-Do-Check-Act (PDCA) cycle;
  • Information security management principles and concepts (see Remarks 3);
  • The requirements of ISO/IEC 27001:2013 (with ISO/IEC 27002:2013) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000:2013, which may be gained by completing a CQI IRCA certified ISMS Foundation Training course or equivalent.
Students are subject to selection by CPTTM.
Class size 10
Instructor Lead Tutor from CQI IRCA Approved Training Partner
Instruction language Cantonese
Handout language Handouts in English
  • Session 1~8: 34 hours in 8 sessions
  • Session 9: 4 hours in 1 sessions
  • Exam: 2 hours in 1 sessions
  • Total: 40 hours in 10 sessions
  • Session 1~8: 09:00-13:00, 14:00-18:30, from May 23, 2024 to May 30, 2024 every Wednesday, Thursday, Friday.
  • Session 9: 09:00-13:00, May 31, 2024 (Friday).
  • Exam: 14:00-16:00, May 31, 2024 (Friday).
Fee Standard Fee: MOP11,000;
For employees of qualified organizations under the “Training Incentive Scheme for International Management System Certification” (see Remarks 1) : MOP5,500.
Venue CPTTM Head Office (Rua de Xangai 175, Edf. ACM 7 Andar, Macau)
Certificate Students who passed the continuous assessment and the one hour examination will be awarded a Certificate of Achievement by HKV Academy (requires 100% attendance), CQI IRCA Approved Training Partner 0118 5621.
PDAC code ---
  1. Local organizations sponsoring their employees to enroll in the above training course can apply for the "Training Incentive Scheme for International Management System Certification" if they meet the following criteria:
    • qualified applicants of the CPTTM certification subsidy scheme or
    • local organizations certified to specified ISO standards.
  2. The Training Incentive Application Form must be submitted together with the Course Enrollment Form.
  3. "Training Incentive Scheme for International Management System Certification" and "DSEJ's Continuing Education Development Program" cannot be used together
  4. Prerequisite (continue): awareness of the need for information security; the assignment of responsibility for information security; incorporating management commitment and the interests of stakeholders; enhancing societal values; using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk; incorporating security as an essential element of information networks and systems; the active prevention and detection of information security incidents; ensuring a comprehensive approach to information security management; continual reassessment of information security and making of modifications as appropriate.
Sorry, JavaScript required!