ISO 28000 Supply Chain Security Management System – Lead Auditor Training Courses
Experiencing security issues is usually not a matter of if but when. Organizations are continuously facing security risks that seriously threaten their operations. High-value products are prone to theft, confidential information is prone to hacking, and personnel are prone to injury. Such security incidents will not only cause financial and business losses, but may also lead to legal consequences and reputational damage. This is why security management has become a crucial aspect for organizations. In this regard, ISO 28000 provides organizations with a comprehensive approach to security management.
What is ISO 28000?
ISO 28000 specifies the requirements for establishing, implementing, maintaining, and improving a security management system (SeMS), including the aspects relevant to the security of the supply chain.
ISO 28000:2022 Security and resilience – Security management systems – Requirements replaces the ISO 28000:2007 Specification for security management systems for the supply chain. The title of the standard has been changed to emphasize the fact that ISO 28000 requirements are not only applicable to organizations in the supply chain, but to all organizations, regardless of the type, size, or industry.
The new edition of ISO 28000 follows the harmonized structure of ISO, where the requirements for the SeMS are outlined in clauses 4 to 10. This enables organizations to integrate the SeMS with other management systems based on ISO standards.
The new edition of ISO 28000 includes additional recommendations as well. In clause 4, recommendations on eight principles for security management have been added to ensure better alignment with ISO 31000 (the standard for risk management). In addition, clause 8 sets out recommendations related to security strategies, procedures, processes and treatments, and security plans that ensure consistency with ISO 22301 (the standard for business continuity management).
ISO 28000, Figure 2 – Principles
ISO 28000 Lead Auditor
Why should you attend?
The PECB ISO 28000 Lead Auditor training course enables you to develop the necessary competencies to perform security management system (SeMS) audits by applying widely recognized audit principles, procedures, and techniques. This training course integrates the ISO/IEC 17021-1 requirements, the ISO 19011 guidelines, and other best practices of auditing, in order to equip you with the necessary competencies for planning, conducting, and closing ISO 28000 conformity assessment audits successfully.
Besides the theoretical basis, the training course also provides a hands-on approach by providing examples, exercises, and quizzes to reinforce your understanding of the key aspects of ISO 28000 conformity assessment audits, including the interpretation of ISO 28000 requirements in the context of an audit, the principles of auditing, the application of audit methods and approaches to evidence collection and verification, leading an audit team, drafting nonconformity reports, preparing the audit report, and following up on nonconformities.
After completing the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certified ISO 28000 Lead Auditor” credential. The internationally recognized “PECB ISO 28000 Lead Auditor” certificate validates your professional expertise and demonstrates that you have the knowledge and skills to audit an SeMS based on ISO 28000.
Who should attend?
The ISO 28000 Lead Auditor training course is intended for:
- Auditors seeking to perform and lead SeMS audits
- Individuals responsible for maintaining conformity to the ISO 28000 requirements
- Technical experts seeking to prepare for an SeMS audit
- Professionals wanting to pursue a career in management systems conformity assessments
- Security management consultants
- Regulators responsible for ensuring compliance with security standards and regulations
- Management representatives seeking to master the SeMS audit process
Learning objectives
By the end of this training course, the participants will be able to:
- Explain the fundamental concepts and principles of a security management system based on ISO 28000
- Interpret the ISO requirements of 28000 for a SeMS from the perspective of an auditor
- Evaluate the SeMS conformity to ISO 28000 requirements by applying and utilizing widely recognized audit concepts and principles
- Plan, conduct, and close an ISO 28000 conformity assessment audit, in accordance with the requirements of ISO/IEC 17021-1, the guidelines of ISO 19011, and other best practices of auditing
- Manage an ISO 28000 audit program
Educational approach
This training course is participant centered and it:
- Elaborates theories, approaches, and best practices used in SeMS audits
- Provides practical exercises which are based on scenarios inspired by real-life events
- Encourages interaction between the trainer and participants by means of questions and suggestions
- Provides quizzes consisting of stand-alone and scenario-based questions, tailored to prepare the participants for the certification exam
Prerequisites
In order to fully benefit from this training course, participants should have a basic understanding of ISO 28000 and audit principles.
Course agenda
-
Day 1: Introduction to the security management system (SeMS) and ISO 28000
Day 2: Audit principles and the preparation for and initiation of an audit
Day 3: On-site audit activities
Day 4: Closing of the audit
Day 5: Certification exam
Examination
-
This course is taught in partnership with PECB. The “PECB Certified ISO 28000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:
Domain 1: Fundamental principles and concepts of a security management system
Domain 2: Security management system requirements
Domain 3: Fundamental audit concepts and principles
Domain 4: Preparing an ISO 28000 audit
Domain 5: Conducting an ISO 28000 audit
Domain 6: Closing an ISO 28000 audit
Domain 7: Managing an ISO 28000 audit program
For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certification
-
After successfully completing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate as soon as you fulfill all the requirements related to the selected credential.
For more information about the ISO 28000 certifications and the PECB certification process, please refer to the Certification Rules and Policies.
The table below presents the requirements for PECB ISO 28000 Auditor certifications:
Credential Exam Professional experience MS audit/assessment experience Other requirements PECB Certified ISO 28000 Provisional Auditor PECB Certified ISO 28000 Lead Auditor Exam or equivalent None None Signing the PECB Code of Ethics PECB Certified ISO 28000 Auditor PECB Certified ISO 28000 Lead Auditor Exam or equivalent Two years: One year of work experience in Supply Chain Security Management Audit activities: a total of 200 hours Signing the PECB Code of Ethics PECB Certified ISO 28000 Lead Auditor PECB Certified ISO 28000 Lead Auditor Exam or equivalent Five years: Two years of work experience in Supply Chain Security Management Audit activities: a total of 300 hours Signing the PECB Code of Ethics PECB Certified ISO 28000 Senior Lead Auditor PECB Certified ISO 28000 Lead Auditor Exam or equivalent Ten years: Seven years of work experience in Supply Chain Security Management Audit activities: a total of 1,000 hours Signing the PECB Code of Ethics Note: PECB Certified Individuals who do possess the Lead Implementer and Lead Auditor Credentials are qualified for the respective PECB Master Credential, given they have taken 4 additional Foundation Exams which are related to this scheme. For more detailed information about the Foundation Exams and the overall Master Requirements, please go to the following link: https://pecb.com/en/master-credentials.
To be considered valid, the audit activities should follow best audit practices and include the following:
- Planning an audit
- Managing an audit program
- Drafting audit reports
- Drafting nonconformity reports
- Drafting audit working documents
- Reviewing documented information
- Conducting an on-site audit
- Following up on nonconformities
- Leading an audit team
General Information
-
- Certification and examination fees are included in the price of the training course.
- PECB will provide training material of over 450 pages of information and practical examples.
- An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to participants who have attended the training course.
- In case of exam failure, the candidate can retake the exam once for free within 12 months following the initial exam date.
For additional information, please contact us at info@globalskillsfactory.fi
