Course Summary
The purpose of the ISO 27001:2013 Internal Auditor Training is to give you the necessary skills to perform internal audits on an organisation’s Information Security Management Systems (ISMS) and to contribute to their continual improvement. The training helps you identify and control the threats that organisation face from any information security controls lapses and how to effectively put in place measures to address those risks. Our online tutors will teach you how to plan, execute and report after auditing the ISMS in an organisation assessing its conformance with ISO/IEC 27001:2013.
Who Should Attend?
- Those wishing to conduct First Party Internal Audits and Second Party Supplier Audits of Information Security Management System (ISMS) in accordance with ISO 27001:2013
- Those wishing to learn about effective auditing practices
- Existing information security auditors who wish to expand their auditing skills
- Consultants who wish to provide advice on ISO 27001:2013 ISMS Auditing
- Security and quality professionals
- Anyone involved in the auditing, maintaining or supervising of an ISO 27001:2013 ISMS.
Course Objectives
- Understand the information security management system definitions, concepts, and guidelines
- Understand the intent and requirements of the ISO 27001:2013 standard
- Understand the ISMS implementation stages, learn best-practice techniques, examine useful tools, and understand integration of the ISMS with other environmental programmes
- Apply environmental-management principles to achieve continual ISMS improvement
- Learn principles of ISMS auditing, make sense of an audit
- Understand Executive Order (EO) and the role of the ISMS in achieving EO goals
- Understand reporting requirements for the Office of Management and Budget
- Understand how to use the generic templates provided for Implementing an ISO
Course Modules
- What an information security management system (ISMS) is and how it can help business
- Why companies are going for certification on ISO 27001:2013
- The basic certification processes
- Overview of the ISO 27001:2013 standard and its documentation requirements
- Asset & Access Controls
- Overview of Statement of Applicability
- Overview of a Risk Assessment and Treatment Plans
- To identify the requirements for an ISMS
- To explain the tools used to meet the requirements
- To assist people in attaining the skills to be able to implement an effective ISMS
- The control objectives in ‘Annex A’ of the ISO 27001:2013 Standard
- Receive homework (If Applicable)
- Final Questions/Review
- Exam/Assessment
Benefits
- This course is designed to assist employees in an organisation to minimise the time in attending a course and structured in a way that is efficiently understood.
- The courses controls will be explained in a practical sense, where if delegates to not understand IT terms, examples will be simplified.
- The ISO 27001:2013 standard will be read back to front including the Annexure A controls, with practical examples on auditing each clause and control along with implementing it.
- An organisations current ISMS or an example will be provided with templates to show how these will be used for implementation.
- The basics and awareness of ISO 27001 will also be discussed prior to the course.
- Books/Standards and templates for review will be provided for guidance.
- Practical case studies during the course will be conducted.
- An assessment will be completed at the end of the course
Certification
- All delegates who successfully pass the assessment over 60% will be issued with a certificate of competence.
- If you receive lower than 60% a certificate of attendance will be issued.
Assessment
- An Assessment at the end of the course will be required.
- A minimum of 60% is to be achieved to attain a Competence Certificate.
- If you achieve lower than 60% but get between 40 – 59% a second attempt will become available.
- If you get lower than 40% and fail the second attempt, you will need to re-purchase the course.
- An attendance certificate is awarded to you regardless of a pass or fail.