ISO 27001 Internal Auditor Training

ISO 27001 Internal Auditor Course Overview

ISO 27001 Internal Auditor training will provide delegates with the skills needed to perform internal audits within an organisation using an ISO 27001 Information Security Management System. Delegates will learn how to plan, perform, and produce reports on an audit of an ISMS. They will be introduced to a variety of techniques that will allow them to carry out such audits effectively from start to finish, for the purpose of enhancing output. Therefore, completing this course will greatly boost auditing abilities, which will result in the better implementation of security principles and strategies.

ISO 27001 is all about Information Security Management. The protection of potentially confidential or sensitive data is vital to the success of an enterprise, hence ISO 27001 is designed to diminish the likelihood of data breaches. ISO, (the International Organisation for Standardisation), produces documents that determine specifications, requirements, and guidance to ensure that services, products, and procedures are delivered to the appropriate standard, and achieve their primary objective, thus complying to ISO 27001 is significant.

This ISO 27001 Internal Auditor course is the second phase of a four-stage training process, which enables individuals to become ISO 27001 specialists. Prior to this course, delegates should have completed the . Following this Internal Auditor course, delegates willing to progress further should explore our and training courses. These specific auditor and Implementer courses enable delegates to become proficient in the auditing and implementation of information security.

ISO 27001 Internal Auditor Course Outline

This ISO training course will cover the following modules:

Module 1: Introduction to ISMS

• 27001 Refresher
• What is an ISMS?
• ISMS Benefits
• Scope of ISMS
• ISMS within an Organisation
• ISMS Principles

Module 2: Introduction to Auditing

• Defining Auditing
• Types of Auditing
• Techniques and Principles
• Phases of Audit
• Audit Work Papers

Module 3: ISO 27001 Audit Plan and Launch

• Internal Auditing Goals
• Internal Auditing Charter
• Audit Components
• Purpose and Extent of an Audit
• Confirming Audit Plans
• Documentation
• 27001 Standard Interpretation

Module 4: Performing ISO 27001 Audit

• Preparing Audit Reports
• Analysing Data
• Using Various Sources to Collect Information
• Auditing Procedures
• Reviewing Documents and Reports
• Validating Reports
• Designing and Merging Findings
• Classifying Findings
• Planning, Organising, and Prioritising
• Factors that Impact the Reliability of Audit Findings

Module 5: Internal Auditor within Organisations

• Roles and Responsibilities of an Internal Auditor
• Record Review Activities
• Internal Auditor Checklist
• Communication between Departments
• Confidentiality and Security of Information on ISMS
• Drafting Reports and Test Plans

Module 6: Interaction with ISO 27005

• What is ISO 27005?
• ISO 27001 vs ISO 27005
• Quantifying the Business Impact
• Impact Severity
• Risk Treatment Plan

Module 7: Risk Management

• Risk Identification and Assessment
• Analysing and Evaluating Risks
• Managing Risk Approaches
• Controls and Objectives
• Implementing Controls
• Statement of Applicability

Anyone who is interested in learning about ISO 27001

Who should attend this ISO 27001 Training Course?

This training course is intended for those in the following positions:

• Information Security Managers
• Information Security Consultants
• Information Security Teams
• Internal Auditors

Essentially, anyone involved in carrying out internal audits of an Information Security Management Systems.

Prerequisites

In order to attend this training course, delegates should possess foundation knowledge of ISO 27001. If individuals do not currently have this, they can attend our ISO 27001 Foundation course.