ISO/IEC 27001:2013 Information Security Management Systems Internal Audit Course

This course is designed to equip you with the knowledge and skills needed to assess and report on the conformance and effective implementation of an information security management systems (ISMS) to protect organizations from risk. Those organizations that fail to operate coherent and comprehensive ISMS strategies leave themselves open to potential security failures.

The purpose of the ISO 27001 Internal Auditor Training is to give you the necessary skills to perform internal audits on an organization’s Information Security Management Systems (ISMS) and to contribute to their continual improvement. The training helps you identify and control the threats an organization faces from any information security controls lapses and how to effectively put in place measures to address those risks.

On training completion you will be able to:

• Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of ISMS, in accordance with ISO 27001 and ISO 9001
• Describe with reference to the Plan-Do-Check-Act (PDCA) cycle the requirements of ISO 27001:2005
• Explain the purpose and structure of ISO 27001
• Plan and prepare for an internal audit, gather audit evidence through observation, interview and sampling of documents and records,
• Write factual audit reports that help to improve the effectiveness of the ISMS
• Suggest ways in which the effectiveness of corrective action might be verified

Participants are expected to have knowledge of Information Security Management Systems and ISO 27001:2005 before attending this course. This background knowledge is provided on the Information Security Management Systems Awareness Training.

This course is for anyone who wants to be involved in the development, implementation and auditing of the ISMS based on ISO 27001.

Note:

• SGS shall provide only generic information and advice which are freely available in public domain.
• SGS will not provide company specific advice towards the development and implementation of the management systems for eventual certification, which contravenes the requirements of the IAF Guidance (i.e. provision of consultancy services).