Information security is now recognized as an important business process which, if not managed correctly and efficiently, may impact upon an organization’s ability to deliver its products and services to their customers. Just as important, lack of security has the potential to impact revenues. The highly specialized skills and practical knowledge needed to assess an organization’s capability to manage all aspects of information security is one that can be learnt.
This course aims to provide guidance and practical experience in planning, executing, and reporting Information Security Management System audits.
Prerequisites
The course is aimed at those who already have an understanding of ISO/IEC 27001:2022. If you do not have this understanding, you’re strongly recommended to attend the one-day requirements training course as the requirements of this standard are not taught on this internal auditor’s course
Pedagogical objectives
- Recognize areas your Certification Body (CB) will be generally looking for to comply with generic internal auditing requirements in management system standards. This will include the meanings and intention of certification criteria and associated theories, methodologies, techniques or tools
- Appropriately trained auditors will bring added value to the internal audit process
- Your business will remain compliant to the international Standard for Information Security Management Systems
- Skills development for your internal auditors; as well as the main core knowledge requirements
Skills to be acquired
By the end of the course you will have an understanding in the areas of:
- The principles of auditing to ISO/IEC 27001:2022
- Audit activities
- The role of an auditor to plan, conduct, report and follow up an ISMS audit in accordance with ISO 19011
You will have the skills to:
- Initiate the audit
- Prepare the audit activities
- Conduct audit activities
- Prepare and distribute the audit report
- Complete the audit
- Audit follow-up
- Audit an ISMS to establish conformity (or otherwise) with ISO 27001
Targeted audience
The course is especially suitable for:
- Anyone who is or will be coordinating internal audit activities within your organization
- Those who have responsibility to audit an Information Security Management System
- Existing auditors who wish to refresh their skills
Pedagogical, technical and framing means
Course materials including :
- Introduction to the training, detailed program and security assignments
- Course presentation, theory and activities/ role plays
- Answers to the activities
- Videos
- Additional documents, distributed during the sessions, to use for the activities
- Attendance sheet to be signed
Assessment specifics
- Questionnaire to assess the knowledge at the end of the training
- Customer survey
What is included ?
- Course materials, provided electronically
- Letter of attestation
- Official certificate
Do you need more information?
If you have any concerns, please do not hesitate to contact our service department on the following numbers:
Telephone: 01 89 79 00 40
Email: training.france@bsigroup.com Or via the webchat service on our website: bsigroup.com
You will be put in touch with our team if necessary.
