ISO/IEC 27001:2013 – Information Security Management Systems – Internal Auditor Training

Overview

ISO/IEC 27001:2013 international standard sets the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. Information being an asset and a building block is the key to the growth of any organization. Information needs to be suitably protected like any other important business asset.

Who can attend?

This course is designed for Information Security Practitioners of any industry-based Organization, Head – IT, Chief Information Security Officer (CISO), Information Security Management System Consultants or Management Representatives, Information Security Managers and Core group members or professionals responsible for establishing, implementing, maintaining, auditing and improving Information Security Management System.

Duration: 2 days

Mode of Delivery: Trainer Led Virtual class

Prerequisite: Prior knowledge of the requirements of the standard ISO/IEC 27001 and ISO/IEC 27000 is an advantage

Learning Outcome

  • Purpose of Information Security Management System (ISMS) and understand the processes involved in establishing, implementing, operating, and monitoring, reviewing and improving an ISMS as defined in ISO 27001, including the significance of these for ISMS auditors
  • Understanding the purpose, content, and interrelationship of ISO 27001 to other relevant standards and the legislative framework relevant to an ISMS
  • ISO 27001:2013 guidelines and principles
  • ISO 19011:2018 Guidelines to Auditing Principles

Course Outline

  • Purpose and business benefits of an ISMS, ISMS standards, ISMS audits and third-party Certification
  • Role and skills required by an auditor when planning, conducting, reporting and following up on an ISMS audit in accordance with ISO/IEC 27001:2013, ISO/IEC 27002:2013
  • Information technology
  • Security techniques
  • References based on ISO 19011:2018- Guidelines for auditing management systems and where applicable
  • References based on ISO 17021:2015 – Conformity assessment – Requirements for bodies providing audit and certification of management systems
  • Industry best practices
  • Real Time case studies

The training comprises presentations Highly participative and interactive, group discussions, practical exercise, critique sessions, handouts, course templates and case studies to provide hands-on understanding of the process audit approach and its application.