All candidates pass the ISO 27001 lead auditor exam

| Sieuwert van Otterloo | Security

Congratulation to the candidates of our recent ISO 27001 lead auditor course. All candidates (Jan-Jasper, Joost, Floris, Sieuwert) that participate in this five day course have passed the exam. They can now call themselves IRCA certified information security auditors and are well equipped for key roles in information security teams.

This information security course was organized to provide officially recognized qualification for senior information security professionals. Standards such as ISO 27001 demand that all staff involved in information security have demonstratable knowledge, and also various privacy laws demand that security officers or digital privacy officers are properly qualified. The ISO 27001 lead auditor course is in our view one of the best available advanced courses. Unlike other courses it combines both security knowledge, legal and compliance skills and also practical auditing skills. The course is officially recognized by the International Register of Certified Auditors (IRCA, part of CQI) as the ISMS (ISO/IEC 27001:2013) Auditor / Lead Auditor Training Course.

In order to provide this course, ICT Institute worked with international expert Philip Ku, information security expert at Hermes Infotech, part of the Techknowledge Services Group. Mr. Ku who lives in Taiwan has trained people and audited information security management systems in more than 20 countries. He combines unique knowledge about setting up information security with many stories about working across different cultures. Philip will be back in The Netherlands in september 2017 for another CQI – IRCA certified course.

The four people who passed this course in May 2017 are (in alphabetical order):

The venue for the course was in The Hague and provided by BAS Consultancy. The course was organized by ICT Institute in the week of May 15-19. The course consisted of the following elements:

  1. Prior knowledge exam, focused on the international standards ISO 27001, ISO 27002 and 19011
  2. The ISO view of quality and management systems for controlling quality andĀ information security
  3. Information security risk management and treatment
  4. Creating an audit programme and plan
  5. Conducting an audit opening meeting, interviews and debrief
  6. Identifying and classifying audit findings
  7. Practical cases of information security weaknesses
  8. Official written CQI – IRCA exam
Author: Sieuwert van Otterloo
Dr. Sieuwert van Otterloo is a court-certified IT expert with interests in agile, security, software research and IT-contracts.