QMII’s Maritime Cyber Security Auditor training gives students an understanding of the requirements of ISO/IEC 27001:2013 and how to relate the requirements to your Information Security Management System.  Understand how process-based management systems conforming to ISO/IEC 27001:2013 ensure that Information Security (infoSec) requirements are accurately determined and consistently fulfilled.

Gain the tools necessary to conduct and lead maritime cyber security audits to determine conformity to requirements.

Information security has come to the forefront recently because of risks stemming from ever-improving technology and growing concerns of global threats.  In order to effectively manage the challenges, organizations need an effective information security management system or ISMS. The ISMS is the collection of objectives, policy, organizational structure, processes and data used to safeguard information. For many organizations today, information is its most valuable and least tangible asset. MSC-FAL.1/Circ.3 refers to ISO 27001:2013 as one of the industry best practices that may be applied to maritime organizations to address cyber threats.

As a system standard, ISO/IEC 27001:2013 provides basic, agreed requirements for good management practices, in particular the process controls common to all information security management systems. However, these minimal requirements only establish a framework for exceptional organizational performance, they do not guarantee it. Learn how to easily integrate the requirements for ISO/IEC 27001:2o13 into your Safety Management System (SMS). QMII also offers an ISM Auditor course.

The Maritime Cyber Security Auditor training in Houston is one option for the training.

QMII’s Maritime Cyber Security Auditor training enables candidates to:

  • Plan and execute ISMS development based on ISO/IEC 27001:2013 and align with the SMS.
  • Identify and implement the controls necessary for ensuring the ISMS effectively meets ISO/IEC 27001:2013 requirements
  • Conduct of Maritime Cyber Risk Assessment and Determination of Mitigation Measures.
  • Communicate the roles and responsibilities within the ISMS to the organization
  • Conduct and lead 1st, 2nd and 3rd party ISO/IEC 27001:2013 audits, particularly on undocumented systems and audit for process effectiveness against measurable objectives including ISO/IEC 27001:2013
  • Basic Cyber-Hygiene
  • Use the Information Security Management System to work proactively and not reactively
  • Explain to customers how the organization plans to fulfill its Information Security promises and show evidence that it has done so in the past
  • Ship managers, port managers and harbor masters
  • VP/Directors of IT and IS
  • ISO Managers/Management Reps
  • Individuals who want to become Exemplar Global (RABQSA) certified information security management system (ISMS) lead auditors using ISO/IEC 27001:2013
  • Systems professionals or people who want to understand how information security management systems work
  • Flag State officers
  • IT professionals
  • Top managers  and ship masters who want to reap the benefit of conforming to ISO/IEC 27001:2013 requirements

Because of our independence, you can bring your particular process and system concerns to class and the instructor will work to answer your questions as best as possible.


  • Lecture: Intro to Management Systems
  • Lecture: ISO 27001
  • Exam: ISO 27001 Self Study
  • Workshop: ISO 27001 Clauses
  • Workshop: Analyzing Processes
  • Lecture: Developing Process-Based Management Systems


  • Lecture: Auditing Management Systems
  • Lecture: Audit Planning and Preparation
  • Workshop: Review System Docs and Prep Audit Schedule for ISO 27001
  • Workshop: Review Processes and Prep Checklist for ISO 27001
  • Lecture: Performing Lead Audit Investigation


  • Workshop: Verifying Facts
  • Lecture: Concluding the Audit
  • Workshop: Determining NC ISO 27001
  • Workshop: Writing Nonconformity Statements
  • Workshop: Interviewing Auditees ISO 27001


  • Workshop: Closing Meeting Preparation
  • Workshop: Closing Meeting and Report
  • Lecture: Corrective Action and Follow Up
  • Workshop: Corrective Action
  • Lecture: Certification, Registration, Accreditation
  • Exam: ISO 27001 Exam

Students successfully completing QMII’s 4-day Maritime Cyber Security Auditor training based on ISO 27001 and the TPECS examinations provided in conjunction with this course, receive a Certificate of Attainment for the following Exemplar Global (formerly RABQSA International) knowledge competency units

IS – Information Security Management Systems

AU – Management Systems Auditing

TL – Leading Management Systems Audit Teams

The Certificate of Attainment provides evidence of knowledge competency defined by Exemplar Global in the competency units required for certification as an Information Security Management Systems (ISMS) ISO 27001 Lead Auditor.

Successful course candidates can use these certifications as earned credit towards other certifications such as ISO 9001, ISO 14001 Auditor and other similar standards under Exemplar Global‘s Training Provider & Examiner Certification Scheme (TPECS)

ISO Courses online?

With the QMII interactive class room experience, you can benefit from high quality QMII training without having to travel.

In our virtual courses you will use GoToTraining, an interactive learning platform. The Virtual QMII Classroom (VQC) can be accessed from your Desktop, Laptop or Tablet with an internet connection.

Need help?

Call us at 888.357.9001 or email info@QMII.com