Understand the requirements of ISO 27001:2013 to be able to conduct a successful audit. The course includes hands-on workshops to prepare you for real-life auditing situations. You’ll learn to manage the audit process and complete reporting.
Those responsible for planning and scheduling an internal audit program for ISO 27001:2013 and those who must perform audits to ISO 27001:2013, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
- Interpret and apply the ISO 27001:2013 requirements.
- Recognize the relationship between ISO 27000, ISO 27001, and ISO 27002
- Define information security management (ISMS) terminology
- Demonstrate how ISMS planning, policy, objectives, and processes are implemented.
- Explain the difference between legal compliance and conformity
- Define the relationship between an organization’s operational informational security requirements and the ISO 27001:2013 standard
- Assess effectiveness of an organization’s information security risk assessment methodologies
- Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within the organization’s statement of applicability.
- Apply auditing principles, procedures, and methods identified in ISO 19011:2018
- Establish audit objectives for the audit program
- Determine the feasibility of an audit
- Prepare work documents for an audit
- Apply all aspects of the on-site audit acitvities
- Define audit roles and responsibilities
- Document audit results, findings, and conclusions
- Identify and apply sampling techniques
- Develop an audit plan
- Demonstrate effective communication and interview skills
- Identify roles and responsibilities of audit team leaders
- Incorporate audit objectives, scope, and criteria into audit planning
- Select audit team members and assign tasks
- Identify, evaluate, and address risks in an audit plan
- Develop and manage the opening and closing meetings
- Resolve conflict during an audit
- Prepare an audit report to address all findings during an audit
- Perform audit follow-up activities
- Apply remote auditing methods
This is a four-day, instructor-led classroom course. There are written tests on each of the competency units on days 2, 3, and 4. Days 1 and 2 will cover ISO 27001:2013 along with a corresponding competency exam. Day 3 will cover management systems auditing (AU) along with a corresponding competency exam. Day 4 will cover leading management systems audit teams (TL) along with a corresponding competency exam.
Schedule: 8:00 am – 6:00 pm Four days
All attendees are required to bring their own copy of the ISO/IEC 27001:2013: Information technology – Information security management systems – Requirements to this training and ISO/IEC 27002:2013: Information technology – Security techniques – Code of practice for information security controls. Copies will not be provided for you.