Internal Information Security Management

Systems Auditor Training Course

Certifcation criteria for
[Link]
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page1of14
IRCA/2160/07/1Jan07
CONTENTS
1. INTRODUCTION
2. LEARNINGOBJECTIVES
3. ENABLINGOBJECTIVESKNOWLEDGE&SKILLS
4. TRAININGMETHODS
5. COURSECONTENT
6. COURSEDURATION
7. TUTORSANDSTUDENTS
8. VARIATIONS
9. STUDENTASSESSMENT
10. COURSEPUBLICITYANDADVERTISING
APPENDIX1:INTERNALAUDITORSTUDENTASSESSMENT:GUIDANCEAND
EXAMPLES
CopyrightIRCA2006
[Link],storedinaretrievalsystemor
transmitted in any form or by any means electronic, mechanical, photocopying, recording or
otherwise without prior permission of the CQI International Register of Certificated Auditors
(IRCA)
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page2of14
IRCA/2160/07/1Jan07
1. INTRODUCTION
1.1 We,theInternationalRegisterofCertificatedAuditors(IRCA),havedevelopedthis
documenttohelpyou,theapprovedTrainingOrganization,achievecertificationof
yourInternalInformationSecurityManagementSystems(ISMS)Auditor
trainingcourse.
1.2 BeforedesigninganInternalISMSAuditortrainingcoursetomeetthe
requirementsofthisdocumentyoushouldconsiderthefollowing:
1.2.1 [Link]/IEC27001:2005providesindustrywithauseful
specificationformanagingandimprovinginformationsecuritywithin
[Link]
providestudentswiththeskillsandknowledgetoperforminternalaudits
andtocontributetothecontinualimprovementofthemanagement
system.
1.2.2 ISMSAuditorCertification(IRCA/802).Forstudentswhowantto
becomeIRCAcertifiedInternalISMSAuditorsthiscoursesatisfiesonlypart
ofthetrainingrequirementofIRCA/[Link]
requirementforInternalISMSAuditorfullystudentswillneedtocomplete
the1dayISMSFoundationcourse(IRCA/2161)inadditiontothiscourse.
1.2.3 [Link]
informationsecuritymanagementsystemsandISO/IEC27001before
attendingthecourse(thiscanbegainedbycompletingtheIRCA/2161
ISMSFoundationcourse).
1.2.4 [Link]
ISO/IEC27001theinternationalstandardISO17799:2005andISO/IEC
13335Parts1and2(MICTS)andISO/IECTR18044:[Link]
otherwiseindicated,allreferenceswithinthisdocumenttoISO/IEC27001
willindicatetheISO/IEC27001:[Link]
haveadetailedknowledgeofISO/IEC27001beforethiscourseandwe
recommendthattheInternalISMSAuditorcourseispresentedin
conjunctionwiththeISMSFoundationCourse,(IRCA/2161).
1.2.5 [Link]
basedonthesecriteria:
a) Effectivetrainingtohelpstudentsdeveloptheknowledgeandskills
definedinthisdocument.
b) Effectiveassessmentofeachindividualstudentsachievementofthe
learningobjectivesthroughobjectivetestingbasedondefined
outputs.
1.2.6 [Link]
deliveredinaccordancewiththecriteriainthisdocument,althoughyou
mayexerciseflexibilityintheinclusionofadditionallearningobjectives,
additionalmaterial,andinthestructureandselectionofspecifictraining
[Link]
commontothemanagementandcontrolofcoursesaredetailedin
IRCA/[Link]
requirementsareinadditiontotherequirementsofIRCA/2160andare
[Link],therefore,thatyouarefamiliarwiththe
requirementsofIRCA/2000.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page3of14
IRCA/2160/07/1Jan07
1.2.7 [Link]
varietyofways:
a) Classroombasedover2daysfulltime([Link]
workingdays).
b) Classroombasedasaseriesofparttimemodulesoveralonger
period.
c) Blendedasacombinationofselfstudy([Link],
correspondencecourseetc)andclassroombasedlearning.
Howeveritisdesigned,studentsmustcompletethewholecourseof
[Link]:wewillnotacceptcoursesthatare
whollybasedonselfstudylearning.
2. LEARNINGOBJECTIVES
2.1 LearningObjectivesdescribeinoutlinewhatsuccessfulstudentswillknowandbe
[Link]
to:
Knowledge
2.1.1 DescribewithreferencetothePlan,Do,Check,Act(PDCA)cycle,the
purpose,structureandrequirementsofISO/IEC27001fromthepointof
viewofaninternalauditor(see3.1).
2.1.2 Describetheresponsibilitiesofaninternalauditoranddescribetheroleof
internalauditinthemaintenanceandimprovementofmanagement
systems(see3.2)
Skills
2.1.3 Plan,conductandreportaninternalauditofpartofaninformationsecurity
managementsysteminaccordancewithISO19011(see3.3).
3. ENABLINGOBJECTIVES SKILLS&KNOWLEDGE
InorderforstudentstoachievetheoverallLearningObjectives,theywillneedtoacquire
anddevelopspecificknowledgeandskills. ThesearespecifiedbelowasEnabling
ObjectivesandcanbeconsideredasstepstotheachievementofLearningObjectives.
3.1 DescribewithreferencetothePlan,Do,Check,Act(PDCA)cycle,the
purpose,structureandrequirementsofISO/IEC27001fromthepointof
viewofaninternalauditor
KnowledgeofISO/[Link]
beingruninisolationfromtheISMSFoundationcourse(IRCA/2161),areviewof
thestandardshouldbeincluded.
3.1.1 ExplainwhyorganizationsuseISO/IEC27001,including:
a) ThepurposeandstructureofISO/IEC27001,withreferencetothe
PDCAcycleandtheprocessapproachtoaninformationsecurity
managementSystem.
b) TheISO/IEC27001requirementforContinualImprovementand
theimplicationsofthisforinternalauditors.
c) Theprocessesinvolvedinestablishing,implementingand
operating,monitoringandreviewingandimprovinganISMS.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page4of14
IRCA/2160/07/1Jan07
3.1.2 ExplaintherequirementsforInternalAuditasdescribedinISO/IEC27001.
3.1.3 Explainhowauditscanbeusedasatoolforthemaintenanceand
improvementofmanagementsystems.
3.2 Describetheresponsibilitiesofaninternalauditoranddescribetheroleof
internalauditinthemaintenanceandimprovementofmanagement
systems.
Knowledge
3.2.1 Defineaninternalaudit,including:
a) Thetermsanddefinitionsusedinauditing,referencing19011and
ISO/IEC27001.
b) Typicalobjectivesforaudits,includingconformance,effectiveness
andimprovement,andsuggesthowthesedifferenttypesofaudit
canaddvaluetoanorganization.
c) Theauditcycle.
d) Theresponsibilitiesofauditors,andprinciplesofauditing.
3.2.2 Planning,conductingandfollowingupanaudit:
a) Explainthesignificanceofauditcriteriaandgiveexamplesoftypes
ofdifferentauditcriteria.
b) Explaintheneedforpreauditcontactwiththeauditee.
c) Suggestapproachesandmethodsfor:
o Planninganinternalaudit,includingarrangementsfor
openingandclosingtheaudit.
o Gatheringobjectiveevidencetomeetdifferentaudit
objectives,includingconformance,improvementand
effectivenessaudits.
d) Explainthepurposeandtypicalcontentofaninternalauditreport.
e) Explainthepurposeofandmethodsforfollowupofauditfindings.
3.2.3 ExplaintheroleofIRCAinthecertificationofauditors.
3.3 Plan,conductandreportaninternalauditofpartofqualitymanagement
systeminaccordancewithISO19011.
Skills
3.3.1 Establishthepurposeandobjectivesoftheaudit,definetheauditscope
andidentifythedocumentstobereviewedandinformationtobeobtained
beforetheaudit.
3.3.2 Produceanoutlineplanforauditingtheconformanceandeffectivenessofa
process,including:
a) Whattoaudit(documents,records,activities).
b) Whotoselectforinterview.
c) Whereandwhentoaudit(includinglocations,sequence,audittrails
etc).
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page5of14
IRCA/2160/07/1Jan07
d) Whatmethodstouseforgatheringobjectiveevidence(e.g.
interview,observation,reviewofdocumentsandrecords).
3.3.3 Produceanauditplanandauditchecklist(oralternative)appropriatefor
thescope,objectiveandauditcriteriaforuseinthepracticalaudit
exercise(s).
3.3.4 Applytheauditchecklist(oralternative)inapracticalauditsituationto:
a) Gatherobjectiveevidencetoachievetheauditobjectivesthrougha
structuredauditinterviewandthesamplingofdocumentsand
records.
b) Followaudittrailstodeterminetheeffectivenessofprocesses.
c) Takeappropriatenotes.
d) Demonstrateeffectivequestioning,listening,observationand
feedbackskillsingatheringofobjectiveevidenceinanaudit
situation.
3.3.5 Reviewauditevidenceagainstcriteriaanddetermine:
a) Theeffectivenessoftheactivity/processinachievingplanned
results.
b) Conformancetodefinedauditcriteria.
c) Opportunitiesforimprovement.
3.3.6 Linkauditfindingstoestablishrootcauseofnonconformance.
3.3.7 Writeclear,actionableauditreports.
3.3.8 Plan a followup audit including methods to be used to obtain objective
evidencethatcorrectiveactioniseffective.
3.3.9 Determinetheeffectivenessofcorrectiveactionstakeningivensituations.
4. TRAININGMETHODS
4.1 Yourcoursemaybepresentedasawhollyclassroombasedcourseorasablended
course(inotherwordspartselfstudyandpartclassroombased).Youmayalso
presentthecourseasaseriesofseparatemodules,eitherasfulltimeorparttime
study.
4.2 Classroombasedtraining
4.2.1 Youmustprovideforstudentsanenvironmentconduciveto
[Link]
thestudentswithadescriptionofthelearningobjectives,course
structure,formatandprogramme,studentresponsibilitiesandthe
assessmentprocessesandassessmentcriteria,andyoumustdealwith
anyconcernsorworriesthatstudentsmayhave.
4.2.2 Yourcoursemustbebasedonthelearningcycle(seeguidancein
Appendix1)andincludeopportunitiesforstudentsto:
Experiencenewideasandskills.(Notethattutorledslide
presentationsasasolemethodtohelpstudentslearnnew
knowledgeisnotacceptable).
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page6of14
IRCA/2160/07/1Jan07
Reflectontheirlearningandidentifystrengthsandweaknesses.
(Notethatyourcoursemustincludemethodsformonitoringand
providingtimefortutorsandstudentstoreviewtasksand
activitiesandeachstudentsachievementofthelearning
objectives).
Addressandimproveonareasofweakness.(Notethatyour
coursemustincludeprovisionforreviewandremedialwork,and
individualcoaching,wherenecessary.)
4.2.3 Yourcoursemustincludeavarietyoflearningmethodstosuitthe
rangeoflearningstyles(seeguidanceinAppendix1).
4.2.4 Yourcoursemustnotrelyontutorpresentationsandtutorled
[Link]
expecttoseestudentslearningtheseelementsmostlythrougha
processthatrequiresstudentstocompleteataskoractivities,oftenin
teams,andtoproduceadefinedoutput.
4.2.5 Allstudentsmustpractisetheskillbasedlearningobjectivesofthe
course(learningobjective2.1.3)throughparticipationinappropriate
tasksandactivities(roleplay,simulationetc).
4.2.6 Timekeeping,planningandprogrammemanagementareessential
elementsintheperformanceofanauditand,althoughwerecognise
thateffectivetrainingisresponsivetostudentsneeds,deviationsfrom
thetimetablemustbemanagedsothatalllearningobjectivesare
adequatelycoveredandstudentsarekeptinformedofsignificant
changestotheprogramme.
4.2.7 Youmustsubmitsessionplansortutornotesforeachindividualtraining
[Link]:
learningobjectivesanddurationforthesession
natureoftheactivityandtrainingmethodtobeused
organizationalarrangements,tutorandstudentbriefingdetails
deliverablesrequiredfromstudentsforpracticalsessions
materials,exercisesandequipmentrequiredtorunthesession
[Link],this
mustbeclearlyindicatedinsessionplans.
Notethattheformatofyoursessionplanswilldependonyourapproach
totutorcompetenceandtrainingandthesizeandcomplexityofyour
[Link](see
IRCA/3000appendix)willrequiremorecomprehensivetutornotesto
ensurethattraininginnewandamendedmaterialsiscontrolledand
effective.
4.3 Blendedcourses(acombinationofselfstudy,includingelectronicmedia,and
classroombasedlearning)
4.3.1 Onlyknowledgebasedlearningobjectives2.1.1and2.1.2maybe
coveredbyselfstudymethods.
4.3.2 Learningobjective2.1.3(auditingskills)mustbecompletedina
classroomenvironmentintermsofpracticeandstudentassessment.
Seeclause4.2ofthisdocumentforrequirementsfortheclassroom
elementofblendedlearningcourses.
4.3.3 Trainingmethodsselectedshouldseektoinvolveandengagestudents
throughoutthedurationofthecourse. Simplyprovidingstudentswitha
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page7of14
IRCA/2160/07/1Jan07
[Link]
mustbedesignedaroundaclearlystructuredlearningprocesswith:
Theory.
Examples(scenarios,casestudiesetc).
Practice(activities,casestudies,progresstestsetc).
Feedback/selfassessmentonactivitiesandtestswhererelevant,to
ensurestudentscanselfassesstheirunderstandingand
achievementofthelearningobjectivesandidentifyanyareas
requiringfurtherwork.
4.3.4 Selfstudycoursematerialsmustbeclearlypresentedandstructuredfor
easeofuse,[Link]
followingcleartostudentstohelpthemmanagetheirlearning:
Thelearningobjectivesfortheoverallselfstudyelementofthe
course.
Thelearningobjectivesforeachsectionwithinthecourse.
Howtheselfstudyelementofthecourselinkswiththeclassroom
component
Thestructureandsuggestedorintendedsequenceofthematerials.
Instructionsforthestudentsuseofthematerials,including
realistictimescales.
Examplesoftypicaldocuments,reports,formsetc.
How,whenandhowoftenstudentsmaycontacttutorsforhelp,
guidanceandfeedback.
Methodsforstudentstoassesstheirlearningandtoseektimely
feedbackandcoachingfromthetutor(s).
4.3.5 Youmustensurethateachstudenthastimelyaccesstoacoursetutor
toanswerquestionsandqueries.
Note:asaguide,aresponsetocommunicationsfromstudentswithin24
hourswouldbeacceptable.
5. COURSECONTENT
5.1 Atthebeginningofthecourseyoumustprovidethestudentswithadescriptionof
theLearningObjectives,coursestructure,format,theirresponsibilities,student
assessmentprocessesandcriteria.
5.2 Thecoursemustcoverallaspectsdefinedinclause2,LearningObjectives,and
clause3,EnablingObjectives.
5.3 ThecoursemustcoverthebenefitsofcertificationasanIRCAInternalISMS
Auditor,includingbriefdetailsoftheIRCAISMSauditorcertificationprogramme,
andprovidestudentswithdetailsofhowtocontactIRCAandapplyfor
[Link]/190andIRCA/167(orequivalents)forthis
purpose.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page8of14
IRCA/2160/07/1Jan07
6. COURSEDURATION
6.1 Classroombasedlearning
6.1.1 Wherethecourseiswhollyclassroombased,thetotalcoursemustbeat
least14hoursnet,calculatedasdetailedinIRCA/2000.
6.1.2 Thiscoursemaybepresentedoveraminimumof2consecutivedaysfull
timeoronaparttime(modular)basisoveramaximumof4weeks.
Note:althoughnotmandatory,werecommendthatthiscourseberesidentialif
presentedoverconsecutivedays.
6.2 Blendedlearning
6.2.1 Elementsofthecoursesthataredeliveredthroughselfstudywillallow
studentsthreetimeslongerthanclassroomtraining(i.e.approximately18
hoursforlearningobjectives2.1.1&2.1.2).
6.2.2 Theclassroomelement(i.e.theskillslearningobjective2.1.3asa
minimum)mustbetimedtoalloweachstudenttopractiseandbe
[Link]
classroomelementwilldependonthelearningobjectivesbeingcovered.
Asaguideweexpectaminimumof7hoursover1daytobespentonthe
[Link]
reductioninclassroomtimemaybeallowedifagreedinadvancewith
[Link]
classroomtimemaybeallowed.
6.2.3 Eachstudentmustcompletetheboththeselfstudyandtheclassroom
partofthetrainingcourseinnomorethan90days.
6.2.4 Studentsmustcompleteeachelementofblendedcoursesinthecorrect
[Link],forcoursesdesignedwithaselfstudyelement
thatistobefollowedbyaclassroomelement,youmustensurethat
studentswhodonotcompletetheselfstudyelementofthecoursearenot
[Link]
recordingandvalidatingeachstudentscompletionofeachelementof
blendedcoursestoensurestudentscompletethecourseinthecorrect
order.
6.3 Translators
6.3.1 Ifthecourseisgiventhroughtranslators,thetimemustbeincreasedas
necessarytosatisfythelearningobjectives.
7. TUTORSANDSTUDENTS
7.1 Studentnumbers:
7.1.1 Themaximumnumberofstudentspercourseis20.
7.1.2 Theminimumnumberofstudentspercourseis4.
7.2 Thecoursemustberunwithatleastonetutor,whomustbepresentforthefull
durationofthecourse.
7.3 Selfstudybasedlearning:tutorswhoprovideeducationalsupportonselfstudy
elementsofblendedlearningmustbecompetenttooperateanymediarequired.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page9of14
IRCA/2160/07/1Jan07
7.4 Tutorsforthiscoursemustdemonstratecompetenceinkeyattributes:
7.4.1 CompetenceinTrainingbysatisfyingtheTutorrequirementsas
appropriate(seeIRCA/2000).
7.4.2 CompetenceinAuditingagainstqualitymanagementsystemsby
demonstratingauditingcompetenceasacurrentlycertifiedInternalISMS
AuditorasdescribedinIRCA/802ormeetingtherequirementsforsuch
certification.
7.4.3 Competencetodelivertrainingandstudentassessmentonyourspecific
course.
7.4.4 Knowledgeofthespecificlocalregulatoryrequirementsinwhichthecourse
ispresentedorhavealocalexpertattendingatthenecessarytimes.
7.5 Youmustspecifythetutorresourceforallpartsofthecourse,andbeableto
demonstratetousthatthisisadequatefortheeffectivedeliveryoftheCourse
Content(clause4)andtheeffectiveimplementationoftheStudentAssessment
(clause9).
Althoughwehavenotprescribedstudent:tutorratiosforelementsofthecourse
wherestudentsauditskillsareassessed/tested(seeclause9),weconsiderit
unlikelythatonetutorwouldbeabletoassesseffectivelytheperformanceofmore
[Link],forgroupslargerthan12,youareadvisedtoprovide
additionaltutorresourceduringelementsofthecoursewhereauditskillsare
[Link]
duringtheapplicationprocess,andreviewitseffectiveimplementationduringthe
surveillanceprocess.
8. VARIATIONS
8.1 Wewillconsiderrequestsforvariationstoanyofthesecriteria,orinrespectofany
[Link]
immediatelytherequirementforthevariationbecomesapparent.
8.2 Wewillconsiderthefollowingwhenevaluatinganyrequestforvariation:
Reasonsfortherequestedvariation.
Proposedmodificationstothetraining.
Theimpactonthelearningandassessmentprocessesandhowthiswill
bemanaged.
9. STUDENTASSESSMENT
9.1 Inordertosatisfactorilycompletethecourseeachstudentmust:
9.1.1 Completeallelementsofthecourse,coveringallLearningandEnabling
Objectives.
9.1.2 Passthestudentassessment.
9.2 Studentassessment:
9.2.1 StudentsmustdemonstrateacceptableperformanceintheLearning
Objectives(clause2)tosuccessfullycompletethecourse.
9.2.2 Youmustprovideeachstudentwithfeedbackonhisorherachievementof
theselearningobjectivesasdescribedinIRCA/2000.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page10of14
IRCA/2160/07/1Jan07
9.2.3 YoumustspecifyhoweachLearningObjectivewillbeassessedwithinthe
followingminimumrequirements:
a) Objectives2.1.1and2.1.2mustbeassessedthroughwrittenquiz
orexamination,forwhicheachstudentisawardedanindividual
mark.
b) Objectives2.1.3mustbetestedthroughrelevantpracticalactivity
withwrittenoutput,undertakenbystudentsindividuallyorinsmall
groupsandthrougheachstudentsindividualperformanceina
[Link],youmust
specifyarrangementsforensuringtheunderstandingandactive
contributionofeachstudent.
Anexampleofhowyoucouldapproachstudentassessmentisgivenin
Appendix1.
10. COURSEPUBLICITY&ADVERTISING
10.1 Yourtrainingcourseadvertisingandpromotionalmaterialmustnotstatenorimply
thatthiscoursefulfilsmorethanpartofthetrainingrequirementsforcertification
asanISMSInternalAuditor.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page11of14
IRCA/2160/07/1Jan07
APPENDIX: NOTESFORGUIDANCE
CoverageofISO/IEC27001
Thisdocumentrequiresthatstudentsbeabletoexplaintheintentandrequirementsofeach
[Link]
establishingtheirknowledgeshouldbeimplemented.
ThisdocumentalsorequiresstudentstointerpretandapplyISO/IEC27001requirementsinthe
[Link]
itisrecognisedthatstudentswillonlybeabletogainthispracticalexperienceoflimitedparts
ofISO/[Link]
toconcentrateoninsuchpracticalactivities.
ProcessAuditing
Themovetoaprocessapproachtoauditingwillhaveparticularimpactontheplanningand
[Link]
mayneedtotakeintoaccountwhenplanningandconductingprocessaudits.
Planningtheonsiteaudit:
Auditplanincludesallactivitiesapplicabletothescopeofauditandtheauditstandard
(e.g.,ISO/IEC27001orthecontract).
AudittrailsareestablishedfromtoplevelISMSpolicytoallrelevantfunctionsand
levelsintheorganization.
Auditprogrammeenableslinksbetweenpolicy,objectives,targets,monitoringand
continualimprovementtobeestablished.
Auditprogrammereflectsthestructure,sequenceandinterrelationshipofprocessesin
theorganization.
Auditprogrammeissufficientlyflexibleandenablesobjectiveevidencetobegathered
toverifyactivitiesandresults.
Auditprogrammereflectstheorganization'sgoalsandpriorities.
Conductingtheaudit:
The purpose, inputs, outputs, controls and resources applicable to each process are
clear.
LinksareestablishedbetweenprocessesandhighlevelandlocalISMSobjectives.
The outputs of the process are compared with desired outcomes, the purpose of the
processandanyspecificqualityobjectives.
The steps in the process and associated responsibilities are determined, where
necessary.
Interrelatingprocessesareidentified.
Processmeasuresareidentified.
Evidenceofcontinualimprovementissought.
Needsofinternalandexternalcustomersareclear.
DocumentReview
Changesintheyear2005issueversionofISO/IEC17799haveimplicationsfortheprocessof
[Link]/IEC27001
requirementsaresatisfiedinprinciplefromlookingonlyattheinformationsecuritypolicy
[Link]
adequacyofsystemdocumentation(notjustprocedures)andmayperformpartorallofthis
[Link]
andexercises.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page12of14
IRCA/2160/07/1Jan07
Helpingstudentslearnnewknowledge&skills
Wepromotetheuseofacceleratedlearningapproachesbecausetheyaremoreefficient,interms
ofspeedanddepthofcomprehension,andmoreeffective,intermsoflongtermretentionofnew
[Link],youshouldemploypracticaltasksandactivitiestohelpstudentsto
[Link]/presentationto
transfernewideasandconcepts.
[Link]
ThereisaclearlinkbetweenDeming'sfamiliarPlanDoCheckActandthelearningcycle:
a. studentsexperiencesomething([Link]
requirementsofISO9001)
b. studentsreflectonwhattheydid&identifywhattheylearnedandwhat
theystilldon'tfullyunderstandorcan'tdo([Link]
answerstootherstudentsanswersand/ormodelanswers,andidentifyany
problems)
c. studentstakeactiontoaddressweakareas.([Link]
task/activityagainorcompleteanothertask)
Ensuringthatyourtrainingsessionsfollowthissimplemodelwillmakestudents'learning
[Link]
thesecriteriaandyoumightfinditusefultoconsiderthiswhendevelopingyourcourse.
[Link]
[Link]
differentwayssoyoursessionsshouldfollowthelearningcycleandyourcourseshould
includeavarietyofdifferentlearningactivitiestocaterforallneedsasfaraspossible.
HoneyandMumford(LearningStyleQuestionnaire,PeterHoneyPublications,ISBN1
902899075)provideonemodelfordescribingdifferentlearningstylesthatyoumayfind
usefulasabasis.
[Link]
Developingsessionplansisanaturalpartofdesigninglearningandtrainingprocesses.
Sessionplansshouldbesimpleandeasytouseworkingdocumentstohelpyourtutors
[Link],outlinesessionplans
[Link],and
theconsequentnumberandturnoveroftutors,wewillrequiremorecomprehensive
[Link].
[Link]
Continuousassessmentshouldhaveaclearlinkbetween:sessionplans(fortutors),clear
task/activityinstructionswithdefinedandmeasurableoutputs(forstudentsandtutors),
activitymarkingschemes/modelanswers(fortutors),modelanswers(forstudents),
individualstudentcontinuousassessmentrecord(forrecordingstudentperformance).
BlendedLearningcourseduration&tutor:studentratios
Wewillconsidercoursesdesignedwithlessthan60%ofthecourseduration(ascalculatedin
IRCA/2000)devotedtoclassroomactivityincircumstanceswhere,forexample,thereisasmaller
tutor:studentratio:forexample2tutorsandamaximumof6students.
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page13of14
IRCA/2160/07/1Jan07
SelfStudy
Werecommendthatyouconsiderthefollowingdocumentswhendevelopingtrainingbasedon
informationtechnologysolutions:
BS7988:2002ACodeofPracticefortheuseofinformationtechnologyforthedeliveryof
assessments
BS8426:2003ACodeofPracticeforesupportinelearningsystems
CERTIFICATIONCRITERIAFORTHEINTERNALISMSAUDITORTRAININGCOURSE
________________________________________________________________________________________
Page14of14
IRCA/2160/07/1Jan07
Examplecontinuousassessmentoptions
The following tableprovides examples of how you could assess/test student achievement of the
Learning Objectives and how feedback and followup work could be approached: the items in
whiteboxesareexamplesonly.
LearningObjective IRCA
requirement
fortesting
Example
arrangementfor
testing
ExamplePass
Criteria
ExampleFeedback
tostudents
Describethe
responsibilitiesofan
internalauditorand
describetheroleof
internalauditinthe
maintenanceand
improvementof
managementsystems.
Written(Quiz/
exametc)
Quizattheendof
themorningof
day1.
Minpassmark70% Verbalduringreview
ofquiz.
Writtennotificationof
mark.
Explainwithreference
tothePDCAcycleand
modelofaprocess
basedmanagement
systemthepurpose
andstructureof
ISO/IEC27001
Written(Quiz/
exametc)
Quizattheendof
day1.
Minpassmark70% Verbalduringreview
ofquiz.
Writtennotificationof
[Link]
withanyfailures.
Planandpreparefor
aninternalaudit,
includingpreparinga
checklist
Practicalactivity
withwritten
output.
Day1:preparation
ofchecklist
exercise.
Seemarking
[Link]
7outof10
Tutorstoreview
progressandcoach
studentsas
appropriateduringthe
exercise.
Writtencommentsand
scoretobeprovided
day2a.m.
Gatherobjective
evidencethrough
interviewand
samplingof
documents.
Observed
practical
activity.
Day2:auditrole
play.
Tutorstoallocatea
competentornot
yetcompetent
marktoeach
studentforeachof
theenabling
objectivesin
section3.4
Verbalfeedback
followingtheexercise.
Remedialworkwith
anyfailures.
Markstobeallocated
attheendofthe
course.
Writefactualaudit
reportsthathelpto
improvethe
effectivenessofthe
managementsystem
Practicalactivity
withwritten
output.
Day2:reporting
ontheauditrole
playexercise.
Seemarking
[Link]
7outof10
Verbalfeedback
followingtheexercise.
Remedialworkwith
[Link]
benotifiedtostudents
attheendofthe
course.
Suggestwaysin
whichthe
effectivenessof
correctiveactions
mightbeverified.
Quiz/exam ShortTestday2. Minpassmark7
outof10
Paperstobemarked
afterthecourseand
resultnotifiedto
studentsafterthe
course.