Auditing is crucial to the success of any management system. As a result, it carries with it heavy responsibilities, tough challenges and complex problems. This five-day intensive course trains ISMS auditors to lead, plan, manage and implement an Audit Plan. It also empowers them to give practical help and information to those who are working towards certification and also provides the knowledge and skill required to carry out 2nd party auditing (suppliers and subcontractors).
This Online Course is available in English.
Please note: the price stated is excluding local taxes.
Prerequisites
Delegates are expected to have the following prior knowledge:
Management systems
Understand the Plan-Do-Check-Act (PDCA) cycle.
Information security management (Knowledge of the following information security management principles and concepts):
- Awareness of the need for information security;
- the assignment of responsibility for information security;
- incorporating management commitment and the interests of stakeholders;
- enhancing societal values;
- using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
- incorporating security as an essential element of information networks and systems;
- the active prevention and detection of information security incidents;
- ensuring a comprehensive approach to information security management;
- continual reassessment of information security and making of modifications as appropriate.
ISO/IEC 27001
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.
It is therefore recommended that delegates attend the BSI ‘Requirements of ISO/IEC 27001’ Training Course, prior to attending this course. It would also be beneficial to have been involved in, or preferably undertaken, ISMS Audits before attending this course.
Who should attend ?
- ·Those wishing to Lead audits of Information Security Management System (ISMS) in accordance with ISO 27001:2022 (either as a 2nd party, or 3rd party auditor)
- Those wishing to learn about effective audit practices
- Existing information security auditors who wish to expand their auditing skills
- Consultants who wish to provide advice on ISO 27001:2022 ISMS Auditing
- Security and quality professionals
What will I learn?
- Management of an Information Security Management System
- Conduct third party audits
- Explain the role of an auditor to plan, conduct, report and follow up an Information Security MS audit in accordance with ISO 19011 (and ISO 17021 where appropriate)
- Plan, conduct, report, and follow up an audit of an ISMS to establish conformity (or otherwise) with ISO/IEC 27001/2, ISO 19011 (and ISO 17021 where appropriate).
How will I benefit ?
Effective auditing helps to ensure that the measures you put in place to protect your organization and your customers are properly managed and achieve the desired result.
Classroom
Book classroom based training