The protection of information assets is vital for all organizations regardless of their size and location. The implementation and auditing of Information Security Management System (ISMS), will help your company reduce business security risks, gain customers’ trust, demonstrate reliability to third parties and ultimately gain a competitive advantage.
Enrol in our Lead Auditor ISO 27001 training course and acquire the ability to audit and develop your company’s Information Security Management System.
This ISO 27001 online course covers all the relevant information required to understand ISO 27001:2013 ISMS, its benefits, implementation and how effective audits of ISMS can be conducted.
Aims & Objectives
- Identify the key requirements and benefits of ISO 27001:2013
- Manage information security and drive continual improvement
- Take steps to ensure that information security is at the heart of your organization
- Attract and retain customers by meeting their current and future needs
- Identify the aims and benefits of an ISO 27001:2013 audit
- Interpret ISO 27001:2013 requirements for audit application
- Plan, conduct and follow-up auditing activities that add real value
- Grasp the application of risk-based thinking, leadership and process management
- Access the latest auditor techniques and identify appropriate use
- Build stakeholder confidence through the most recognised hygiene practise
- Manage information security risks and hazards effectively
Learning Outcomes
Having successfully completed this course you will be able to:
- Prepare for, report on and carry out the follow up on an ISMS audit.
- Have undergone training recognized by the International Register for Certificated Auditors.
- Have achieved the means to assess and improve your own ISMS organization Systems.
- Grasp the concepts of SWOT & PEST Analyses
- Describe the purpose of a ISMS
- Explain the scope and other criteria for ISMS audits.
- Interpret the ISO 27001 requirements.
- Identify and assess ISMS risks.
- Plan and conducts audits against ISO 27001 requirements
- Prepare audit reports with valid and factual non – conformities that add value
- Conduct follow – up audits, which include evaluating effectiveness on corrective / preventive action
Who should attend?
- Information Security personnel
- ISMS appointed auditors/consultants
- Those who wish to understand ISO 27001 and its application
- Anyone involved in the planning, implementing, maintaining, supervising, or auditing of an ISO 27001:2013 ISMS
- Anyone interest in Information Security management systems
Prerequisite skills & knowledge: None required
Available in-house/distant learning? Yes
Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab
Part A Contents: ISO 27001:2013 Awareness
Overview
- Management Systems Fundamentals
- Goals of a Management System
- ISO 27001:2013 Structure
Clauses 0-4
- Introduction
- Scope
- Normative references
- Terms & definitions
- Context of the organization
Leadership
Planning
- Risk Assessment & Treatment
- Setting objectives
Support
- Competence and Awareness
- Documented Information
- Mandatory & Recommended Documentation
Operation
Performance evaluation (Monitoring and Evaluation)
- Internal audit
- Management Review
Improvement
Annex A
- Example
- ISO 27001 Project Plan
Part B Contents: ISO 27001:2013 Lead Auditor
The audit
- What is an audit?
- Why Audit?
- Audit Types
Audit steps
- Audit Plan
- Developing Checklists
- Opening Meeting
- Conducting the Audit
- Closing Meeting
- Audit Report
- Audit Follow-up Activities
Audit programme
- Establishing the Audit programme objectives
- Identifying and evaluating audit programme risks and opportunities
- Process flow for the management of an audit programme (Ref ISO 19011)
- Managing an audit programme
- Audit programme Implementation
- Process of collecting and verifying information
- Monitoring audit programme
- Improving audit programme
Accreditation & Certification
- Accreditation & Certification Bodies
- Certification Process
Auditor’s Performance
- Auditor’s Quality
- The Auditors conduct
- Auditor’s Code Conduct
- Auditor Characteristics
- Auditor's personal behavior
- Auditee’s conduct
- Selecting the audit team members
- Skills of audit team leaders
- How to evaluate an Auditor
- Maintaining and improving auditor competence
Psychological factors during an audit
- Attitudes and relationships
- Obstacles and communication
- Space and Time issues
- Body language
- Cultural factors
- Principles of Listening
- Questions & questioning
Audit tips and techniques
- Tips to trained auditor
- Question Technique
- Competence of the audit programme manager
Exam & Certification
- Exam for ISO 27001:2013 Lead auditor
- ISO 27001:2013 Awareness & Lead Auditor Certificate
Teaching Methods
- Detailed seminar presentations (available for download)
- Terms and definitions
- No. of Slides: 143
Resources
- Reading lists and resources available in presentations
Study time allocation
- Private study hours: 17
- Trainer contact hours: Availability and competence of instructors upon request
- Enrolment duration: 90 days (starting from date of purchase)
Credits
- CPD Points: 17
- ECTS/ECVET Points: 0.6
|
Assessment methods
|
Hours
|
% contribution to final mark
|
% Minimum passing grade
|
|
Exam for ISO 27001:2013 Lead Auditor
|
1
|
100
|
60
|
|
Outcomes/Certificates
|
On successful completion of the course assessment, participants will be issued with a ‘Certificate of Success’
|
