ISO 27001:2013

Introduction

The aim of this Information Security Management System Auditor/Lead Auditor course is to equip students with the necessary abilities and expertise to conduct audits, including first-party, second-party, and third-party audits, of an Information Security Management System as per ISO 27001:2013, complying with ISO 19011:2018 and ISO 17021-1:2015 where relevant.

The course is tailored to fulfill the prerequisites for those seeking to become registered Auditors or Lead Auditors and it is conducted in compliance with certified regulation policies. The course structure includes an introduction and comprehensive course content.

Course Content

•  Overview of Information Security Management System, including principles, terms, and definitions.

•  Auditing requirements for an Information Security Management System according to ISO 27001:2013 standards.

•  Roles and responsibilities of Auditors and Auditees.

•  Audit terminologies, principles, and types.

•  Establishing, implementing, monitoring, reviewing, and improving an audit program.

•  Planning and conducting audits (Stage 1 & Stage 2) in compliance with
   ISO 19011:2018 , ISO 17021-1:2015.

•  Classification of audit findings and reporting methods.

•  Follow up and completion of the audit.

•  Competence and evaluation of Auditors.

Who should attend?

• Certification Bodies responsible for running certification schemes.

•  Management Representatives, Information Security Core Group members, and other   process heads accountable for creating, implementing, maintaining, and auditing an   Information Security Management System.

•  All employees whose job responsibilities directly impact the Information Security   Management System's performance.

•  Anyone responsible for leading an audit of their own or another company’s   Information Security Management System.

•  Management System Professionals and ISMS Administrators, Executives seeking to     enhance their Information Security Management System.

•  Anyone involved in organizing, planning, and conducting first-party, second-party, or   third-party audits in Information Security Management System discipline.

•  Individuals interested in pursuing external auditing as a future profession by becoming   an independent auditor and registering as an ISO 27001:2013 Lead Auditor.

•  Students seeking to learn and develop cross-functional skills for challenging future   assignments in Information Security Management System discipline.

Pre-Requisites

To attend this course, delegates must possess the following “expected prior
knowledge”:

• Completion of secondary education.

• Desirable understanding of report writing.

Familiarity with the following principles and concepts:

•  The Plan, Do, Check, Act (P-D-C-A) cycle.

•  The relationship between Information Security Management and other business processes.

•  Commonly used Information Security Management terms and definitions.

•  The process approach and risk-based thinking in the Information Security   Management system.

•  Basic understanding of Information Security Risks and Risk Treating Techniques.

•  ISO 27001:2005/ISO 27001:2013 structure and content.

•  Knowledge of ISO 27001:2005/ISO 27001:2013 requirements, which may be acquired   by completing a certified Foundation Training course or its equivalent.

Learning Outcome

After completing this course, delegates should have the ability to:
(Knowledge-based)

•  Explain the purpose of an Information Security Management System, Information   Security Management Systems standards, management system audit, and third-party   certification.

• Describe the role of an ISMS auditor in planning, conducting, reporting, and following up on an Information Security Management System audit in compliance with ISO 19011:2018 (and ISO 17021-1:2015, as appropriate).
  (Skill-based)

• Plan, conduct, report, and follow up on an audit of the Information Security Management System to determine conformity (or non-conformity) with ISO 27001:2013 in accordance with ISO 19011:2018 and ISO 17021-1:2015.