
Description
The purpose of this course is to equip delegates with the knowledge and skills needed to perform internal audits on information security management systems and to contribute to the continual improvement of the management system. Delegates are expected to have knowledge of information security management systems and ISO/IEC 27001:2013 before attending this course. The background knowledge is provided on the Information Security Management Systems Introduction and Awareness Course.
This course comprises of presentations, workshops and role-play exercises.
Pre-knowledge requirements:
Before beginning this course, we recommend that delegates have knowledge.
1. Management Systems - In particular, an understanding of the Plan-Do-Check-Act (PDCA) cycle.
2. Information Security Management - A basic knowledge of the concepts of information security management and an understanding of commonly used information security management terms and definitions, as given in ISO/IEC 27000.
Objectives
By the end of this course, participants will be able to:
-
Explain the process-based information security management system model for ISO/IEC 27001, with reference to the Plan-Do-Check-Act (PDCA) cycle, and the role of internal audit in the maintenance and improvement of information security management systems
-
Explain the role and responsibilities of an auditor to plan, conduct, report and follow-up an information security management system internal audit, in accordance with ISO 19011
-
Plan, conduct, report and follow-up an internal audit of part of an information security management system based on ISO/IEC 27001 in accordance with ISO 19011
Delegates will need to demonstrate acceptable understanding and performance in all three course learning objectives above in order to complete the course successfully.
