ISO/IEC 27001:2022 Internal Auditing


Weʼre Giving Away an ISO 50001 Handbook, Quality in Project Management and Quality Costing Video

    Information Security: ISO/IEC 27001:2022 Internal Auditing

    Certificate Approved by WWISE
    Course Duration
    3 Days
    12 months access

    Course Summary

    This 3-day internal auditing course aims to provide guidance on the planning, performing, and reporting on ISO/IEC 27001:2022 Information Security Management System 1st Party Audits to ensure conformance to the Standard and is based on the principles of ISO 19011:2018 Auditing Guidelines.

    Who Should Attend?

    This course is designed for any staff members at ALL levels within an organisation from Top Management to Receptionist’s including:

    • Managers or executives responsible for the security and confidentiality of their business-critical information
    • Individuals who wish to understand and conduct internal audit assessments to the ISO 27001:2022 Standard and its relation to the emerging ISO 27000 series of standards for information security management.
    • Professional looking to align their current ISO/IEC 27001:2013 to the ISO/IEC 27001:2022 Standard.

    Course Objectives

    By the end of the course, the learner will be able to:

    • Explain the Plan-Do-Check-Act (PDCA) cycle in relation to the process-based ISMS model for ISO/IEC 27001:2022
    • Recognize the function of internal audits in maintaining and enhancing an ISMS.
    • Describe the tasks and responsibilities of an auditor in planning, carrying out, reporting on, and following up on an internal audit of an information security management system in accordance with ISO 19011:2018.
    • Plan, carry out, report, and monitor an internal audit of a portion of an ISO/IEC 27001 and ISO 19011 compliant information security management system.

    Course Modules

    1. Introduction to information security management
    2. Key changes in ISO 27001:2013 vs ISO 27001:2022
    3. Objectives and benefits of an ISMS
    4. Key Principles and Concepts of the ISMS
    5. Code of practice ISO/IEC 27001:2022
    6. Certification specification ISO/IEC 27001:2022
    7. Certification to ISO/IEC 27001:2022
    8. The ISO 27000 series of standards
    9. ISO/IEC 27001:2022 requirements
    10. The ISMS Audit Planning
    11. The ISMS Audit Preparation
    12. How to conduct an Audit Opening Meeting
    13. Conducting an ISMS Audit
    14. Recording of audit findings
    15. Root Cause Identification
    16. Presentation of audit findings
    17. How to conduct an Audit Closing Meeting
    18. Conducting Audit Follow-Up


    • The internal audit process will benefit from auditors who have received the proper training.
    • Conformance to the Information Security Management Systems Standard
    • Continual improvement of processes with the organisation.
    • Identification of key areas of interest to Certification Bodies as the training covers the objectives of the certification criteria as well as processes, policies, and procedures.



    • Certificate of Attendance
    • Certificate of Competency


    There will not be an assessment at the end of the course for traditional classroom training however the following applies for eLearning: 

    • Delegates have to complete the assessment with a minimum score of 60% to receive a Certificate of Competence.
    • Delegates who score between 40% and 59% will get a second attempt at the assessment.
    • Delegates who score lower than 40% or fail the second attempt, will need to repurchase the course.
    • Delegates will receive a Certificate of Attendance regardless of a pass or fail.

    Learning Outcomes

    • Know the key principles and concepts of ISO/IEC 27001:2022 (ISMS)
    • Understand and interpret the requirements of ISO/IEC 27001:2022
    • Explain key terms of ISO/IEC 27001:2022