ISO 27001 Lead Auditor

This is an accredited course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS),and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. 

During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC 27001 standard. 

Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.

Outline:

• Module1
  • Course Introduction
  • Relevant standards, ISO/IEC 27001:2013, ISO 19011 & ISO 27000
  • The importance of information security
  • Benefits of ISO 27001 Standard
  • Introduction to information security and ISO 27001
  • Integrated Management System
  • ISO 27000 Family of Standards
  • Legal and Regulatory Conformity
  • ISO 27001 Standard (thorough understanding)
  • Course objectives and structure
  • Standard and regulatory framework
  • Certification process
  • Fundamental principles of information security
  • Asset & Information Security
  • Information Security
  • Confidentiality, Integrity & Availability
  • Vulnerability & Threat
  • Information Security Risk
  • Security Objectives & Controls
  • Classification of Security Controls
  • Control Environment
  • ISMS Implementation Approach
• Module 2:
  • Audit principles, preparation and launching of an audit
  • Fundamental audit concepts and principles
  • Audit Standard, What is Audit, Types of Audits
  • Actors, Audit Objectives & Criteria, Combined Audit
  • Principals of Auditing, Responsibility of Auditors
  • Audit approach based on evidence and risk
  • Types of Audit Evidences, Quality of Audit Evidences
  • Audit Approach Based on Risk, Materiality and Audit Planning
  • Reasonable Assurance
  • Risk Based Auditing & Evidence Based Auditing
  • Initiating the audit
  • Stage 1 audit
• Module 3:
  • On-site audit activities
  • Preparing the stage 2 audit (on-site audit)
  • Stage 2 audit (Part 1)
  • Stage 2 audit (Part 2)
  • Communication during the audit
  • Audit procedures
  • Creating audit test plans
• Module 4:
  • Closing the audit
  • Drafting audit findings and non-conformity reports
  • Documentation of the audit and quality review
  • Evaluating action plans by the auditor
  • Beyond the initial audit
  • Managing an internal audit programme
  • Competence and evaluation of auditors
  • Closing the audit
  • Syndicate & role play exercises
  • Final ISO 27001 Lead Auditor Examination

• Provides senior management with an efficient management process
• Provides you with a competitive advantage
• Reduces costs due to incident and threat minimization
• Demonstrated compliance with customer, regulatory and/or other requirements
• Sets out areas of responsibility across the organization
• Communicates a positive message to staff, customers, suppliers and stakeholders
• Integration between business operations and information security
• Alignment of information security with the organization’s objectives
• Puts forward true value through enhancement of  marketing opportunities
• Keeps intellectual property and valuable information secure
• Provides customers and stakeholders with confidence in how you manage risk
• Secures exchange of information
• Ensures you are meeting your legal obligations
• Manages and minimizes risk exposure
• Cost savings for rework, damages and waste