ISO 27001 requires organisations to audit their Information Security Management System and to use audit as a means of generating continual improvement.
This course enables internal auditors to carry out internal audits of the processes within the Information Security Management System in ways which not only verify compliance but also identify significant opportunities for improvement.
Who should attend
- Newly appointed Information Security Management System Managers who seek key skills for this important role.
- Employees who will be carrying internal audits. No previous audit experience is required.
To derive maximum benefit from this course, it is recommended that participants receive prior training by attending the ISO 27001 Foundation Training Course.
- Participants will have a clear and practical understanding of how to plan and undertake Information Security Management System audits in line with ISO 27001 requirements.
- Sponsor organisations will be able to establish an internal audit programme which will help to identify any gaps in ISO 27001 compliance, minimise risk to the business and reduce avoidable costs.
- An Information Security Management System and the role of audit
- Overview of ISO 27001 from an internal audit perspective
- Establishing an audit programme appropriate to ISO 27001
- Selecting and training internal auditors
- Planning an audit
- Performing an audit
- Reporting audit finding
- Verifying corrective action
- Dealing with difficult audit situations
- Auditing for compliance with ISO 27001
- Auditing for continual improvement
This 2-day course comprises a series of interactive tutorials and team-based exercises taking participants through every step of the audit process. Each participant will receive a comprehensive course manual which includes examples of typical audit documentation. A certificate will be awarded following satisfactory completion.
Terms and conditions for our public courses