ISO in the Sun: ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013, and how to audit the same internally or in the context of certification.

Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2013 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 27001:2013 Certification Process
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2013

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 27001:2013 Certification Audit
• ISMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to
• ISO/IEC 27001:2013
• Perform ISO/IEC 27001:2013 internal audits
• Execute ISO/IEC 27001:2013 certification audits on behalf of a certification body
• Manage ISMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• ISMS certification auditors
• Project managers, consultants and information security team members participating in ISMS audits
• information security practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Exam and first year certification fees are included in the course fees.