ISO 27001:2022 Internal Auditor (ISMS) – CQI and IRCA Certified

Home / Auditing / ISO 27001:2022 Internal Auditor (ISMS) – CQI and IRCA Certified
This course is delivered in association with CQI and IRCA Approved Training Partner Antaris. ISO 27001 helps organisations keep information assets secure.  Using this standard will help your organisation to manage the security of assets such as fina... Read More

This course is delivered in association with CQI and IRCA Approved Training Partner Antaris.

ISO 27001 helps organisations keep information assets secure.  Using this standard will help your organisation to manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties such as customers.

ISO 27001 is the best-known standard providing requirements for an information security management system (ISMS).

As the world is facing new evolving security challenges, ISO/IEC 27001:2022, which aims to protect the confidentiality, availability, and integrity of organisations’ information assets was updated in October 2022. The part that has undergone the most significant changes is Annex A, Information security controls reference, which is aligned with ISO/IEC 27002:2022 Information security controls, which itself was published in February 2022.

Annex A of ISO/IEC 27001:2022 contains changes in both the number of controls, and their listing in groups. The title of this Annex has also changed from Reference control objectives and controls to Information security controls reference. Therefore, the reference objectives of each control group that were present in the previous version of the standard, have now been removed.

The number of Annex A controls decreased from 114 to 93. The decrease in the number of controls has mostly come from merging many of them. 35 controls have remained the same, 23 controls were renamed, 57 controls were merged into 24 controls, and one control has been divided into two. The 93 controls have been restructured to four control groups or sections.


What's covered?

Expand/Collapse Expand/Collapse
  • An introduction to ISO 27001 and Annex A
  • Understanding Annex A Information security controls
  • Exploring terms and definitions as outlined in the standard
  • Understanding the clauses and requirements including the organisational context, leadership, planning, support, and operation
  • Understanding the statement of applicability
  • Understanding risk awareness, assessment, and treatment
  • Understand training, awareness, and continuous improvement
  • The audit process
  • Competencies and responsibilities of internal auditors
  • Audit preparation - pre-audit activities
  • Audit checklists
  • Conducting the audit – gathering evidence
  • Interview techniques/questioning skills
  • Reporting the audit and follow-up
  • Corrective action
  • Courses include a practical ISMS internal audit.

If you have access to a copy of ISO 27001, please bring a copy of the standard with you. If you don’t have access, a copy will be provided for you and will be collected at the end of the course.

Who should participate?

Expand/Collapse Expand/Collapse
  • Any person with responsibility for conducting internal ISO 27001 audits

What will I learn?

Expand/Collapse Expand/Collapse

Participants achieve the following learning outcomes from the programme:

  • Understand the requirements of ISO 27001:2022
  • Describe the responsibilities of an internal auditor and describe the role of internal auditing in the maintenance and improvement of management systems
  • Plan, conduct and report and follow-up an internal audit as part of an ISO 27001 management system in accordance with ISO 19011

Who are the tutors?

Expand/Collapse Expand/Collapse

What are the entry requirements?

Expand/Collapse Expand/Collapse

CQI IRCA recommend all delegates have the following prior knowledge:

  • Understand the Plan-Do-Check-Act (PDCA) cycle.
  • Have a basic knowledge of the concepts of information security management (see ISO 27001).
  • Understand the requirements of ISO 27001 and the commonly used information security management terms and definitions.

How will I be assessed?

Expand/Collapse Expand/Collapse

A variety of exercises will be carried out throughout the course using role-plays, case studies and sample documentation. Delegates are assessed throughout the course by continual assessment and an end of course multiple-choice assessment. Continual assessment is based upon the student’s participation and performance during the exercises, role-plays and question & answer sessions. It is essential that delegates take an active part in all course activities during the course in order for the Tutor to make a full assessment of the student’s performance. Please note it is essential for students to be in attendance for the full course.

How do we train and support you?

Expand/Collapse Expand/Collapse

In-House Courses
For In-House courses, the Tutor will contact you in advance to discuss the course programme in more detail in order to tailor it specifically for your organisation. Course exercises can be carried out using the company’s own Information Security Management System culminating in a supervised internal audit.

Course Manual
Delegates will receive a very comprehensive course manual.

Programme accreditation

Expand/Collapse Expand/Collapse

This course is certified by CQI IRCA (Course ID Number: 2140).  The International Register of Certificated Auditors (CQI IRCA) is the world's original and largest international certification body for auditors of management systems.

Share this Programme



This Programme (PT218) is presented by Antaris (01185832)

CQI and IRCA Certified - Programme Ref 2140

Course Code
2 training days
Public Price

+ €31 for CQI IRCA Course Certification
(includes course documentation)

Delivery Mode
This programme is delivered by or In-Company training
stdClass Object
    [primary_category] => Information Security
    [primary_slug] => information-security
    [categories_slugs] => Array
            [0] => information-security
            [1] => auditing

    [parent_categories_slugs] => Array
            [0] => compliance-standards-auditing
            [1] => quality-training-courses


News & UpdatesNews & Updates

Why Your Business Needs ISO 27001:2017 Internal Auditor Training

The last thing you want to do in this climate is to neglect your responsibilities when it comes to GDPR. Read our interview where Gemma Creagh from Careers Unli...

Read More

ISO 27001:2022 Internal Auditor (ISMS) – CQI and IRCA Certified


ISO 27001:2022 Internal Auditor (ISMS) – CQI and IRCA Certified

Duration: 2 days