Information Security Management Systems Lead Auditor

ISO/IEC 27001:2022 provides the framework to ensure your organisation has robust security processes and controls so you can meet supplier, customer, and regulatory expectations in data protection.

The standard was updated in October 2022, published with its Annex A incorporating the controls outlined in ISO/IEC 27002:2022, released in February 2022. 

The updated standard also made changes to some management system clauses, making some requirements more explicit and aligning them with other Annex SL standards, such as ISO 9001. 

Our 5-day Information Security Management Systems Lead Auditor course outlines the key changes to the 2022 update of the standard. We show you how to audit an Information Security Management System in accordance with ISO 19011:2018 and give you comprehensive and practical understanding of the requirements of ISO/IEC 27001:2022. 

An information security management system such as ISO/IEC 27001 can protect information assets such as customer details, sensitive corporate information, and financial data safe from cyber-attacks and inspires confidence from key stakeholders. 

This course has the equivalent of 40 Continuing Professional Development (CPD) points.

Plus, you receive a free licensed copy of:

• ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements.
   

Whilst this training package uses the word “audit” and its derivatives, this does not equate with the terms audit, review, or assurance in accordance with Pronouncements or Standards issued by the Australian Auditing and Assurance Standards Board. 

References to the term “audit” and similar terminology within this training relate to the process of auditing in accordance with ISO 19011:2018.

Learning Outcomes:

• The principles and procedures of auditing
• Auditor roles and responsibilities
• The benefits of a risk-based audit programme
• How to plan an effective audit
• Timetabling
• Resource allocation
• Interpersonal skills and personal behaviours of an auditor
• How to conduct effective opening and closing meetings
• Preparing and distributing an audit report
• How to implement processes and controls within the Information Security management system
• How to identify gaps in an Information Security management system
• Understand the mandatory documentation requirements of an Information Security system
• How to improve your organisation’s conformance with ISO/IEC 27001:2022

Course Content:

• Identifying objective evidence and taking good notes
• Reviewing auditing scenarios
• Writing audit findings including nonconformities and non-compliances
• Presenting a closing meeting
• Compiling a meaningful audit report
• Wednesday
• Information Security Management Systems
• Introduction to Information Security
• Context of Information Security
• Information Security management systems requirements
• Risk-based approach to information security
• Structure of Information Security controls and control attributes.
• Thursday
• Information Security controls
• Information Security controls – Organisational, people, physical, technological
• Information classification
• Documentation requirements of Information security management systems
• Friday
• Information Security application
• Statement of applicability
• Information security audit scenarios
• Course review