The protection of information assets is vital for all organizations regardless of their size and location. Information Security Management System (ISMS) internal audit programmes, will help your company reduce business security risks, improve monitoring procedures, demonstrate reliability to third parties and ultimately gain a competitive advantage.
Enrol in our Internal Auditor ISO 27001 training course and acquire the ability to audit, review and advance your company’s Information Security Management System.
This ISO 27001 online course covers all the relevant information required to understand ISO 27001:2013 ISMS, its benefits, implementation and how to conduct internal ISMS audits effectively.
Aims & Objectives
- Identify the key requirements and benefits of ISO 27001:2013
- Manage information security and drive continual improvement
- Take steps to ensure that information security is at the heart of your organization
- Attract and retain customers by meeting their current and future needs
- Identify the aims and benefits of an ISO 27001:2013 audit
- Interpret ISO 27001:2013 requirements for internal audit application
- Plan, conduct and follow-up internal auditing activities that add real value
- Grasp the application of risk-based thinking, leadership and process management
- Access the latest internal auditor techniques and identify appropriate use
- Build stakeholder confidence through the most recognised hygiene practice
- Manage information security risks and hazards effectively
Learning Outcomes
Having successfully completed this course you will be able to:
- Learn the importance and benefits of an ISO 27001:2013 ISMS
- Understand the key requirements, terms and definitions of ISO 27001:2013 and its structure
- Grasp the main concepts such as risk-based thinking, process approach, Plan-Do-Check-Act
- Identify opportunities to improve the ISMS of your company
- Plan, conduct, report and follow up an internal audit in accordance with ISO 27001
- Enhance skills to conduct effective internal audits in any auditing situation
- Understand the role of an auditor to plan, conduct, report and follow up an audit in accordance with ISO 27001
- Establish and plan the activities of an internal audit team
- Communicate effectively with the auditee and audit client
Who should attend?
- Information Security personnel
- ISMS appointed auditors/consultants
- Those who wish to understand ISO 27001 and its application
- Anyone involved in the planning, implementing, maintaining, supervising, or auditing of an ISO 27001:2013 ISMS
- Anyone interest in ISMS requirements and audit procedures
Prerequisite skills & knowledge: None required
Available in-house/distant learning? Yes
Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab
Part A Contents: ISO 27001:2013 Awareness
Overview
- Management Systems
- ISO 27001:2013 Structure
- ISO 27001:2013 Structure
Clauses 0-4
- Introduction
- Scope
- Normative References
- Terms and Definitions
- Context of the Organization (SWOT Analysis, PEST Analysis)
Leadership
Planning
- Planning (Risk Assessment & Treatment)
- Planning (Setting objectives)
Support
- Support (Competence and Awareness)
- Support (Documented Information)
- Support (Mandatory & Recommended Documentation)
Operation
Performance evaluation (Monitoring & Evaluation)
- Performance evaluation (Internal audit)
- Performance evaluation (Management Review)
Improvement
Annex A
- Example
- ISO 27001 Project Plan
Part B Contents: ISO 27001:2013 Internal Auditor
Internal audit overview
- What is an Audit?
- Why Audit?
- Audit types
Internal Audit
- Principles of auditing
- Scheduled and unscheduled Audits
- What to Audit – Technical Audit
- Steps involved in internal audit
- Scope of audit
- Frequency of audit
- Internal Audit process
Audit Steps
- Performing audit activities
- Audit Plan
- Developing Checklists
- Opening Meeting
- Conducting the Audit
- Recording Results
- Non-Conformities and Non-Compliances
- Closing Meeting (s)
- Audit Report
- Audit Follow-up Activities
- Auditee's conduct
Audit Programme
- Establishing the Audit programme objectives
- Identifuing and evaluating audit programme risks
- Process flow for the management of an audit programme
- Managing an audit programme
- Audit programme Implementation
Auditing tips and techniques
- Tips to trained internal auditor
- Question Technique
- Competence of the audit programme manager
Auditor's performance
- Auditor’s Quality
- The Auditors conduct
- Auditor’s Code Conduct
- Auditor Characteristics
- Auditor's personal behavior
- The Auditee's conduct
- Selecting the audit team members
- Skills of audit team leaders
- How to evaluate an Auditor
Exam & Certification
- Exam for ISO 27001:2013 Internal auditor
- ISO 27001:2013 Internal Auditor Certificate
Teaching Methods
- Detailed seminar presentations (available for download)
- Terms and definitions
- No.of Slides:131
Resources
- Reading lists and resources available in presentations
Study time allocation
- Private study hours: 16
- Trainer contact hours: Availability and competence of instructors upon request
- Enrolment duration: 90 days (starting from date of purchase)
Credits
- CPD Points: 16
- ECTS/ECVET Points: 0.5
|
Assessment methods
|
Hours
|
% contribution to final mark
|
% Minimum passing grade
|
|
Exam for ISO 27001:2013 Internal Auditor
|
1
|
100
|
60
|
|
Outcomes/Certificates
|
On successful completion of the course assessment, participants will be issued with a ‘Certificate of Success’.
|
