Aims & Objectives

• Provide the key requirements and benefits of ISO/IEC 27001:2022
• Manage information security and drive continual improvement
• Compare ISO 22301:2019 towards its old version
• Take steps to ensure that information security is at the heart of your organization
• Attract and retain customers by meeting their current and future needs
• Identify the aims and benefits of an ISO/IEC 27001:2022 audit
• Interpret ISO/IEC 27001:2022 requirements for internal audit application
• Plan, conduct and follow-up internal auditing activities that add real value
• Grasp the application of risk-based thinking, leadership and process management
• Access the latest internal auditor techniques and identify appropriate use
• Build stakeholder confidence through the most recognised hygiene practice
• Manage information security risks and hazards effectively

Learning Outcomes

• Having successfully completed this course you will be able to:
• Learn the importance and benefits of an ISO/IEC 27001:2022 ISMS and its structure
• Understand the key requirements, terms and definitions of ISO 27001:2013 and its structure
• Grasp the main concepts such as risk-based thinking, process approach, Plan-Do-Check-Act
• Identify opportunities to improve the ISMS of your company
• Enhance skills to conduct effective internal audits in any auditing situation
• Understand the role of an auditor to plan, conduct, report and follow up an internal audit in accordance with ISO/IEC 27001:2022
• Organise and direct audit team members Communicate effectively with the auditee and audit client

Who should attend?

• Information Security personnel
• ISMS appointed auditors/consultants
• Those who wish to understand ISO/IEC 27001:2022 and its application
• Anyone involved in the planning, implementing, maintaining, supervising, or auditing of an ISO/IEC 27001:2022ISMS
• Anyone interest in ISMS requirements and audit procedures
• Those starting their career in Information Security management

Prerequisite skills & knowledge: None required

Available in-house/distant learning? Yes

Created by: LiberoAssurance Continuous Professional Development Training Centre

Part A Contents: ISO/IEC 27001:2022 Requirements

Overview

• Management Systems
• Goals of a Management System
• ISO 27001:2022 Structure

Clauses 0-3

• Introduction
• Scope
• Normative References
• Terms and definitions

Context of the organization

• Introduction to company’s context
• Understanding the organization, its context and interested parties
• Scope of the ISMS
• ISMS Processes

Leadership

• Leadership and commitment
• Information Security Policy
• Organizational roles, responsibilities and authorities

Planning

• Actions to address risks and opportunities
• Information security objectives and planning to achieve them

• Planning of changes

Support

• Resources
• Competence
• Awareness
• Communication
• Documented information

Operation

• Operational planning and control
• Information security risk assessment & treatment

• Information security risk treatment

Performance evaluation (Monitoring and Evaluation)

• Monitoring, measurement, analysis and evaluation
• Internal audit
• Management review

Improvement

• Continual improvement
• Nonconformity & corrective action

Annex A - Information security controls reference

Teaching Methods

• Detailed seminar presentations (available for download)
• Terms and definitions
• No. of slides: 193

Resources

• Reading lists and resources available in presentations

Study time allocation

• Private study hours: 23
  
• Trainer contact hours: Availability and competence of instructors upon request
• Enrollment Duration: 90 days (starting from the date of purchase)

Credits

• CPD Points: 23
  
• ECTS/ECVET Points: 0.6