Course Summary
This 3-day internal auditing course aims to provide guidance on the planning, performing, and reporting on ISO/IEC 27001:2022 Information Security Management System 1st Party Audits to ensure conformance to the Standard and is based on the principles of ISO 19011:2018 Auditing Guidelines.
Who Should Attend?
This course is designed for any staff members at ALL levels within an organisation from Top Management to Receptionist’s including:
- Managers or executives responsible for the security and confidentiality of their business-critical information
- Individuals who wish to understand and conduct internal audit assessments to the ISO 27001:2022 Standard and its relation to the emerging ISO 27000 series of standards for information security management.
- Professional looking to align their current ISO/IEC 27001:2013 to the ISO/IEC 27001:2022 Standard.
Course Objectives
By the end of the course, the learner will be able to:
- Explain the Plan-Do-Check-Act (PDCA) cycle in relation to the process-based ISMS model for ISO/IEC 27001:2022
- Recognize the function of internal audits in maintaining and enhancing an ISMS.
- Describe the tasks and responsibilities of an auditor in planning, carrying out, reporting on, and following up on an internal audit of an information security management system in accordance with ISO 19011:2018.
- Plan, carry out, report, and monitor an internal audit of a portion of an ISO/IEC 27001 and ISO 19011 compliant information security management system.
Course Modules
- Introduction to information security management
- Key changes in ISO 27001:2013 vs ISO 27001:2022
- Objectives and benefits of an ISMS
- Key Principles and Concepts of the ISMS
- Code of practice ISO/IEC 27001:2022
- Certification specification ISO/IEC 27001:2022
- Certification to ISO/IEC 27001:2022
- The ISO 27000 series of standards
- ISO/IEC 27001:2022 requirements
- The ISMS Audit Planning
- The ISMS Audit Preparation
- How to conduct an Audit Opening Meeting
- Conducting an ISMS Audit
- Recording of audit findings
- Root Cause Identification
- Presentation of audit findings
- How to conduct an Audit Closing Meeting
- Conducting Audit Follow-Up
Benefits
- The internal audit process will benefit from auditors who have received the proper training.
- Conformance to the Information Security Management Systems Standard
- Continual improvement of processes with the organisation.
- Identification of key areas of interest to Certification Bodies as the training covers the objectives of the certification criteria as well as processes, policies, and procedures.
Certification
- Certificate of Attendance
- Certificate of Competency
Assessment
There will not be an assessment at the end of the course for traditional classroom training however the following applies for eLearning:
- Delegates have to complete the assessment with a minimum score of 60% to receive a Certificate of Competence.
- Delegates who score between 40% and 59% will get a second attempt at the assessment.
- Delegates who score lower than 40% or fail the second attempt, will need to repurchase the course.
- Delegates will receive a Certificate of Attendance regardless of a pass or fail.