This course aims to provide you with the opportunity to learn about the subject of internal auditing of information security management systems, specifically those based on the ISO 27001:2013 international standard.
To train potential Internal Auditors in the principles and practices of ISMS auditing in a manner compatible with ISO 27001:2013 or equivalent standards in accordance with the guidance provided in ISO 19011:2018.
Objectives
At the end of the course, delegates will:
- Understand the application of Information Security Management Systems
- Understand the application of the PDCA cycle in ISMS
- Realise the true role and potential of internal ISMS audits
- Understand the importance of continual improvement of the ISMS
- Understand the role of internal ISMS audits in the maintenance and continual improvement of ISMS
- Be conversant with the responsibilities of internal auditors
- Understand the principles of internal ISMS audits.
Additional course benefits:
- Access to course material augmented with exclusive insights from big data analytics based on our database of millions of audit findings worldwide
- Gain free access to our online self-assessment tool where you can quickly implement and practice learnings as well as measure your company performance against specific management system standards.
Audience
Information Technology Managers, Information Security Managers, and Administrators, Quality Officers, Risk Managers, practicing Information Security Consultants occupied with the task of participating in and/or leading audit teams during audits of the information security management systems.
Topics
- Purpose, Structure, and Requirements of the ISO 27001 Standard (from the internal auditor’s point of view).
- The Audit Cycle, the responsibilities of an internal auditor, and auditing principles.
- Audit criteria, the approach, and methods for planning an audit, gathering objective evidence including conformance, improvements, and effectiveness of audits.
- Developing audit plans and applying audit checklists in practical audit situations
- Audit report writing and presentation of findings to the management.
- Follow-up audits to gauge the effectiveness of corrective actions.