Introduction

Internal auditing is fundamental to any improvement initiative. The ISO 27001 requires that anorganisation conduct internal audits to determine the effectiveness of its management systems. Only Trained internal auditors can carry out these audits. This course is designed to increase the understanding of process based auditing techniques and help internal auditors to accurately interpret and audit against the information security management systems requirements for improvement. Through practical workshop, case studies and role-play, delegate will gain the knowledge and skills to plan, conduct, report audit findings including followup audit on corrective actions taken so as to ensure continual improvement.


Duration: 2 days

Language: English


Objective:

The programme aims to provide delegates with learning how to:
• describe with reference to the Plan-Do-Check-Act (PDCA) cycle, the purpose, structure and requirements of ISO 27001 from the point of view of an internal auditor.
• describe the responsibilities of an internal ISMS auditor and describe the role of internal audit in the maintenance and improvement of management systems.
• plan, conduct and report an internal audit of part of an information security management in accordance with ISO 19011.

Who Should Attend

Auditors and anyone who is responsible to carry out ISO/IEC 270001 assessment or audit (Prior ISO 27001 Requirements knowledge is recommended for this course)

Agenda:

  • Day 1

    • 09.00 COURSE Introduction

      • Session 1: Introduction of ISMS Auditing

      • Workshop 1: Risk assessment

      • Session 2: Processed-based ISMS

      • Workshop 1: feedback

      • Session 3: Audits; definition and principles

    • 13.00-14.00 Lunch

    • 14.00 Workshop

      • Workshop 2: Audit evidence / audit trail Workshop 2: feedback

      • Session 4: Planning and preparing for the internal audit

      • Workshop 3 part 1: Audit exercise: planning and preparation for the internal audit

      • Workshop 4: ISMS audit - questionnaire

      • End of Day 1

  • Day 2

    • 09.00 RECAPITULATION

      • Feedback on Workshop 4

      • Session 5: Conducting the audit

      • Session 6: Audit reporting and follow-up

      • Workshop 3 part 2: Audit exercise :Performance of an ISMS audit

      • Workshop 3 part 3: Reviewing and reporting on an audit; Case study

    • 13.00-14.00 Lunch

    • 14.00 Workshop

      • Workshop 3 part 2: Audit exercise : Performance of an ISMS audit

      • Workshop 3 part 3: Reviewing and reporting on an audit; Case study

      • Workshop 3 part 3: Case study presentations

      • Session 7: Auditor competence and certification

    • 16.30 Course Summary

    • 17.00 End of Day 2

      There will be a break of 15 minutes mid-morning and mid-afternoon.

Training Methodology:

 

  • Activities / Workshop