Course description
ISO 27001:2013 Internal Auditor
For individuals and organisations seeking to understand how to undertake a holistic and systematic approach to internally auditing an Information Security Management System against the requirements of ISO 27001:2013.
Do you work at this organisation and want to update this page?
Is there out-of-date information about your organisation or courses published here? Fill out this form to get in touch with us.
Upcoming start dates
1 start date available
Training Course Content
Module 1: Introduction to ISO 27001:2013
- Terms and definitions of an Information Security Management Systems & the Standard
- Requirements and purpose of ISO 27001:2013 and an ISMS
- ISO 27001:2013 & the related family of standards
- PDCA (Plan, Do, Check, Act) Understanding the Improvement Cycle
- ISMS Principles
Module 2: Internal Auditing a Systematic Approach
- Types of audits
- Auditing techniques & skills, risk based and evidenced based approach
- Phases of an audit (Prepare; Perform; Report; Revisit)
- Clauses 4 to 10 understanding of requirements for audit
- Risks & Opportunities; Management of Change; Legal & Other Requirements; Operations; Objectives; Information Security Risk Assessment and Risk Treatment Overview
- Auditing Against Annex A and controls including the SOA (Statement of Applicability)
- What we audit for: ‘ICE’ Conformance; Effectiveness & Improvement
- Non-Conformance; Correction; Corrective Action; Root Cause Analysis
- Assessment of Audit documentation (Objective & Subjective Evidence)
- Audit reporting and follow up
- Case studies
Module 3: Internal Auditor
- Roles, responsibilities and leadership skills of an internal auditor and their team members
- Managing the audit programme; scheduling of internal audits
- Auditor Attributes & Behaviours
- ISO 19011:2018
Module 4: Information Security Management System & Controls
- Evaluation of the internal audit process and improvement
- Understanding the benefits of an ISMS and ISO 27001:2013
Request info
Ads