DESCRIPTION
The purpose of this course is to equip delegates with the knowledge and skills needed to perform internal audits on information security management systems and to contribute to the continual improvement of the management system. Delegates are expected to have knowledge of information security management systems and ISO/IEC 27001:2013 before attending this course. The background knowledge is provided on the Information Security Management Systems Introduction and Awareness Course. This course comprises of presentations, workshops and role-play exercises.
Important: Only the softcopy of the course material will be distributed on the day of training. Thus participants are reminded to bring along their laptop for the duration of the training.
OBJECTIVES
By the end of this course, participants will be able to:
Explain the process-based information security management system model for ISO/IEC 27001, with reference to the Plan-Do-Check-Act (PDCA) cycle, and the role of internal audit in the maintenance and improvement of information security management systems
Explain the role and responsibilities of an auditor to plan, conduct, report and follow-up an information security management system internal audit, in accordance with ISO 19011
Plan, conduct, report and follow-up an internal audit of part of an information security management system based on ISO/IEC 27001 in accordance with ISO 19011
AUDIENCE
Auditors and anyone who is responsible to carry out ISO/IEC 270001 assessment or audit