Mastering the internal audit of an information security management system (ISMS) based on ISO/IEC 27001

Summary

This three-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a internal audit programme  by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal  audits in compliance with ISO 19011. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing  audit program, communicating with auditees, conflict resolution, etc.) necessary to efficiently conduct an audit.

Who should attend?

• Internal auditors
• Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
• Project managers  wanting to master the Information Security Management System internal audit process
• CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
• Members of an information security team
• Technical experts wanting to prepare for an Information security audit function

Learning objectives

• To understand the operation of an Information Security Management System based on ISO 27001 and its principal processes
• To Understand the goal, content and correlation between ISO 27001, ISO27002 and other standards and regulatory frameworks
• To understand an internal auditor’s role: to plan, lead and follow-up on a management system audit in accordance with ISO 19011
• To  interpret the requirements of ISO 27001 in the context of an ISMS internal audit
• To acquire the competencies of an internal auditor to: plan an internal audit, lead an internal audit, draft reports, and follow up on an internal in compliance with ISO 19011
• To Strengthen personal skills necessary for an internal auditor to act with due profesional care during an audit.