
Description
Information security management systems (ISMS) are intended to provide organisations with the elements of an effective information security system in order to achieve the best practice in information security and to maintain economic goals. ISO 27001 also provides requirements for ISMS to enable an organisation to establish, implement, operate, monitor, review, maintain and improve a documented ISMS within the context of the organisation’s overall business risks. This course will equip delegates with knowledge and skills required to perform audits of information security management systems against the national and international specifications, standards, statutory requirements and regulations
COURSE OUTLINE:
- Introduction to information security management systems
- Process-based ISMS
- Audit definition and principles
- Planning and preparing for the internal audit
- On-site audit activities
- Audit reporting and follow-up
- Auditor competence and certification
PROFESSIONAL TRAINER:
Mr. Chris YAU
Senior Manager, Products and Services Development, SGS Approved Tutor
He is an EuroCloud-Star Auditor and Trainer, Certified CSA STAR Auditor,
RABQSA registered ISO/IEC 27001 Lead Auditor, Certified Information Security Auditor (CISA) and Certified Information Security Manager (CISM) with over 15 years of security-related audit and teaching experience including information security in both manufacturing and IT sectors, cargo and freight security. He is also a lead auditor in ISO 9001, ISO 14001, ISO 28000, and ISO 20000.
Ms. Rani LUI
IT Product Manager, HK and Macao Area
She is an ISO/IEC 27001 and ISO 9001 Lead Auditor, a Certified Information Security Auditor (CISA) and a Certified Data Centre Professional (CDCP). She has been managing and auditing data centres since 2008.
(SGS Hong Kong Ltd. reserves the right of final tutor arrangement)
CERTIFICATION (Attendance: 80%):
Delegates who successfully completed the course will be issued a certificate by SGS Hong Kong Limited.
GENERAL INFORMATION:
Venue: T.S.T. / Wan Chai / Sheung Wan Training Centre / TBC
Medium: Cantonese supplemented with English material
*Early Bird Price will be offered to participant whose enrolment is made one month prior to the course or online booking
REMARK: This course does not cover interpretation of ISO 27001:2013 requirements. Delegates who are not familiar with the requirements should attend (ITFTC) Information Security Management System Series: ISO 27001:2013 – Standard Interpretation and Requirement Training Course first.
Objectives
- How to plan an ISMS audit
- How to audit aspects of an information security management system
- How to report a ISMS audit accordance with ISO 19011
Audience
Those who audit an organization's processes as part of the internal audit program
