This course has multiple delivery options to fit our customers’ individual needs. Click the tabs below for more information on each option.
In-Person Training consists of public classes conducted by one of our subject matter experts at one of our designated locations in one or more consecutive days.
Target Audience
Those responsible for planning and scheduling an internal audit program for ISO 27001:2022 and those who must perform audits to ISO 27001:2022, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
Course Objectives
- Interpret and apply the ISO 27001:2022 requirements
- Recognize the relationship between ISO 27000, ISO 27001, and ISO 27002
- Define information security management (ISMS) terminology
- Demonstrate how ISMS planning, policy, objectives, and processes are implemented
- Explain the difference between legal compliance and conformity
- Define the relationship between an organization’s operational informational security requirements and the ISO 27001:2022 standard
- Assess effectiveness of an organization’s information security risk assessment methodologies
- Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within the organization’s statement of applicability
- Apply auditing principles, procedures, and methods identified in ISO 19011:2018
- Establish audit objectives for the audit program
- Determine the feasibility of an audit
- Prepare work documents for an audit
- Apply all aspects of the on-site audit activities
- Define audit roles and responsibilities
- Document audit results, findings, and conclusions
- Identify and apply sampling techniques
- Develop an audit plan
- Demonstrate effective communication and interview skills
- Identify roles and responsibilities of audit team leaders
- Incorporate audit objectives, scope, and criteria into audit planning
- Select audit team members and assign tasks
- Identify, evaluate, and address risks in an audit plan
- Develop and manage the opening and closing meetings
- Resolve conflict during an audit
- Prepare an audit report to address all findings during an audit
- Perform audit follow-up activities
- Apply remote auditing methods
Prerequisites
All attendees are required to bring their own copy of the ISO/IEC 27001:2022: Information technology – Information security management systems – Requirements to this training and ISO/IEC 27002:2022: Information technology – Security techniques – Code of practice for information security controls. Copies will not be provided for you.
Benefits
Those responsible for planning and scheduling an internal audit program for ISO 27001:2022 and those who must perform audits to ISO 27001:2022, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
Agenda
This is a four-day, instructor-led classroom course. There are written tests on each of the competency units on days 2, 3, and 4. Days 1 and 2 will cover ISO 27001:2022 along with a corresponding competency exam. Day 3 will cover management systems auditing (AU) along with a corresponding competency exam. Day 4 will cover leading management systems audit teams (TL) along with a corresponding competency exam.
Our Virtual Live Training classes are conducted through an online platform by one of our subject matter experts in one or more sessions.
Target Audience
Those responsible for planning and scheduling an internal audit program for ISO 27001:2022 and those who must perform audits to ISO 27001:2022, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
Course Objectives
- Interpret and apply the ISO 27001:2022 requirements
- Recognize the relationship between ISO 27000, ISO 27001, and ISO 27002
- Define information security management (ISMS) terminology
- Demonstrate how ISMS planning, policy, objectives, and processes are implemented
- Explain the difference between legal compliance and conformity
- Define the relationship between an organization’s operational informational security requirements and the ISO 27001:2022 standard
- Assess effectiveness of an organization’s information security risk assessment methodologies
- Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within the organization’s statement of applicability
- Apply auditing principles, procedures, and methods identified in ISO 19011:2018
- Establish audit objectives for the audit program
- Determine the feasibility of an audit
- Prepare work documents for an audit
- Apply all aspects of the on-site audit activities
- Define audit roles and responsibilities
- Document audit results, findings, and conclusions
- Identify and apply sampling techniques
- Develop an audit plan
- Demonstrate effective communication and interview skills
- Identify roles and responsibilities of audit team leaders
- Incorporate audit objectives, scope, and criteria into audit planning
- Select audit team members and assign tasks
- Identify, evaluate, and address risks in an audit plan
- Develop and manage the opening and closing meetings
- Resolve conflict during an audit
- Prepare an audit report to address all findings during an audit
- Perform audit follow-up activities
- Apply remote auditing methods
Prerequisites
All attendees are required to bring their own copy of the ISO/IEC 27001:2022: Information technology – Information security management systems – Requirements to this training and ISO/IEC 27002:2022: Information technology – Security techniques – Code of practice for information security controls. Copies will not be provided for you.
Benefits
Those responsible for planning and scheduling an internal audit program for ISO 27001:2022 and those who must perform audits to ISO 27001:2022, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
Agenda
This is a four-day, instructor-led classroom course. There are written tests on each of the competency units on days 2, 3, and 4. Days 1 and 2 will cover ISO 27001:2022 along with a corresponding competency exam. Day 3 will cover management systems auditing (AU) along with a corresponding competency exam. Day 4 will cover leading management systems audit teams (TL) along with a corresponding competency exam.
Training for Teams provides training for your group of employees in either a virtual live setting, or in-person at your facility. Connect with us to customize any of our standard courses to fit your specific need.
Currently scheduled classes are shown below. If no classes are displayed, please contact QCTS for other options.