Your learning will rapidly develop using a balance of theory and practical activity, so that you can apply your knowledge effectively during an audit.
About ISO 27001 Internal Auditor
Who can take this training?
This is intended for those who will be involved in conducting internal audits of an ISMS that conforms to ISO/IEC 27001:2013 in an organization.
Suggested job roles and their teams include:
✓ Information security managers
✓ IT and corporate security managers
✓ Corporate governance managers
✓ Risk and compliance managers
✓ Information security consultants
Prerequisites
You should already have knowledge how ISO/IEC 27001:2013 works
Course Outline
| Introduction | |||
| Introduction to the course | |||
| Module 1 – Introduction to ISO 27001 | |||
| Introduction & suggested reading | |||
| What is ISO 27001? | |||
| The structure of ISO 27001 | |||
| Information security principles | |||
| Introduction to the Information Security Management System | |||
| Implementing ISO 27001 requirements | |||
| Implementing ISO 27001 as a project | |||
| Documenting ISO 27001 requirements | |||
| ISO 27001 Benefits | |||
| Related documentation | |||
| Practice exam | |||
| Module 2 – The planning phase | |||
| Introduction & suggested reading | |||
| Understanding your organization and its context [clause 4.1] | |||
| Understanding the needs and expectations of interested parties [clause 4.2] | |||
| Determining the scope of the ISMS [clause 4.3] | |||
| Leadership and commitment [clause 5.1] | |||
| Information Security Policy [clause 5.2] | |||
| Organizational roles, responsibilities and authorities [clause 5.3] | |||
| Information security objectives [clause 6.2] | |||
| Resources [clause 7.1] | |||
| Competence [clause 7.2] | |||
| Awareness [clause 7.3] | |||
| Communication [clause 7.4] | |||
| Documented information [clause 7.5] | |||
| Related documentation | |||
| Practice exam | |||
| Module 3 – Risk management | |||
| Introduction & suggested reading | |||
| Addressing risks and opportunities [clause 6.1.1] | |||
| Risk management process [clause 6.1.2] | |||
| Information security risk assessment – Risk identification [clause 6.1.2] | |||
| Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] | |||
| Information security risk treatment [clause 6.1.3] | |||
| Statement of Applicability [clause 6.1.3] | |||
| Risk treatment plan [clause 6.1.3] | |||
| Related documentation | |||
| Practice exam | |||
| Module 4 – The Do phase | |||
| Introduction & suggested reading | |||
| Formulating the risk treatment plan [clause 6.1.3] | |||
| Implementing the risk treatment plan [clause 8.3] | |||
| Operational planning and control [clause 8.1] | |||
| Operating the ISMS [clause 8] | |||
| Managing outsourcing of operations [clause 8.1] | |||
| Controlling changes [clause 8.1] | |||
| Risk assessment review [clause 8.2] | |||
| Related documentation | |||
| Practice exam | |||
| Module 5 – The Check and Act phases | |||
| Introduction & suggested reading | |||
| Monitoring, measurement, analysis, and evaluation [clause 9.1] | |||
| Internal audit [clause 9.2] | |||
| Management review [clause 9.3] | |||
| Nonconformities and corrective actions [clause 10.1] | |||
| Continual improvement [clause 10.2] | |||
| Related documentation | |||
| Practice exam | |||
| Module 6 – Annex A – Control objectives and controls | |||
| Introduction & suggested reading | |||
| Introduction to Annex A – Reference control objectives and controls | |||
| Structure of Annex A | |||
| Information security policies [A.5] | |||
| Organization of information security [A.6] | |||
| Human resources security [A.7] | |||
| Asset management [A.8] | |||
| Access control [A.9] | |||
| Cryptography [A.10] | |||
| Physical and environmental security [A.11] | |||
| Operational security [A.12] | |||
| Communications security [A.13] | |||
| System acquisition, development and maintenance [A.14] | |||
| Supplier relationships [A.15] | |||
| Information security incident management [A.16] | |||
| Information security aspects of business continuity management [A.17] | |||
| Compliance [A.18] | |||
| Related documentation | |||
| Practice exam | |||
| Module 7 – Introduction to the internal audit | |||
| Introduction & suggested reading | |||
| Internal vs. external audit | |||
| The main purpose of the internal audit | |||
| Requirements of ISO 27001 | |||
| Criteria for selecting the internal auditor | |||
| The audit findings | |||
| Nonconformities | |||
| Observations | |||
| Major and minor nonconformities | |||
| Definition of major nonconformity | |||
| ISO 19011 | |||
| Related documentation | |||
| Practice exam | |||
| Module 8 – Organizing the internal audit | |||
| Introduction & suggested reading | |||
| Organizing the internal audit | |||
| Internal audit procedure | |||
| Annual audit program | |||
| Audit plan for an individual audit | |||
| Related documentation | |||
| Practice exam | |||
| Module 9 – Internal audit elements | |||
| Introduction & suggested reading | |||
| Internal audit elements | |||
| Document review | |||
| Creation of the checklist | |||
| Internal audit report | |||
| Corrective action requests | |||
| Corrective action follow-up | |||
| Related documentation | |||
| Practice exam | |||
| Module 10 – The main audit | |||
| Introduction & suggested reading | |||
| Auditor assumptions | |||
| Techniques for finding evidence | |||
| Sampling the records | |||
| Recording the evidence | |||
| Interviewing techniques | |||
Call Now- +91-921-276-0556
