Course Description
The ISO 27001 standard provides a structure for implementing an ISMS, safeguarding your information assets while making the process easier to manage, measure, and improve. It helps you address the three dimensions of information security: Confidentiality, Integrity and Availability. The Information Security Management Systems Auditor/Lead Auditor Training Course provides participants with the knowledge and skills related to the preparation, planning, conducting, and reporting of audits and assessing the compliance of the Information Security Management Systems with the requirements of ISO 27001. The combination of presentations, discussions, and case-studies (individual and team) are designed to help you develop an understanding and lasting skillset to be used in your ISMS auditing career.
How will I benefit?
This course will help you:
- Describe the purpose and benefits of Information Security Management System; Interpret the ISMS concepts and requirements of ISO 27001 in the context of an audit,
- Information security management best practices,
- Explain the role of an auditor to plan, conduct, report, and follow up on an ISMS/ISO 27001 audit in accordance with ISO 19011,
- Plan, conduct, report and follow up on an ISMS audit based on process identification, sampling, and questioning techniques,
- Apply ISO 19011 concepts, new terminology and guidelines
- Understand the types of risks and opportunities associated with auditing
- Write factual audit reports and suggest corrective actions
- Conduct all phases of an internal audit adopting a risk-based approach
What will I learn?
You will learn about:
- Basic principles and definitions in ISMS,
- ISMS History, Structure and Benefits,
- Risk Assessment and Information Security Risk management,
- Introduction to ISO 27001 standard,
- Stages of ISMS Development,
- Selection of Controls and Statement of Applicability,
- ISMS and the Legal Compliance,
- Information Security Incident Management ISO 27035,
- Accreditation, certification and types of audits,
- Pre-audit management.
Who should attend?
- Anyone involved in the auditing, maintaining or supervising of an ISO/IEC 27001 ISMS,
- Information security executives, team leaders, managers,
- Risk, Information Security, ISM, IT, Business Continuity managers and consultants,
- Management Representatives of ISMS, ITSMS and BCMS certified organizations,
- Existing auditors in other disciplines who want to audit against ISO 27001 based ISMS,
- Those who want to improve their information security management system through independent audit,
- Anyone seeking a career in information security management system auditing,
Prerequisites
The participants are expected to have sufficient knowledge of the ISO 27001 standard requirements prior to attending this class.
