Who should attend?
- IT Department Personnel.
- Security and quality professionals, existing information security auditors who wish to expand their auditing skills.
- Lead Auditors / Internal auditors.
- Senior Departmental Management and Area/Process Owners.
- Those who want to pursue a career as an Auditor/Lead Auditor.
- Anyone responsible for or aspiring to conduct internal or supplier Information Security Management Systems audits.
Course Objectives:
- On completion of this course, you will be able to:
- Describe the purpose of an Information Security Management System and explain the business benefits.
- Explain the purpose, content and interrelationship of ISO 9000, ISO 27001, and ISO 19011.
- Interpret requirements of ISO 27001 in the context of an audit.
- Manage an audit programme.
- Understand the diverse types of audits.
- Describe the roles and responsibilities of auditors and lead auditors.
- Plan and conduct an audit in accordance with ISO 19011 and ISO 27001.
- Gather objective evidence, through effective interviewing, observation, sampling and note taking.
- Analyse and interpret information to determine effectiveness, conformance with requirements and areas for improvement.
- Report the audit, including writing valid, factual, and value-adding non-conformity reports.
- Undertake audit follow-up activities, including evaluating the effectiveness of corrective action.
- Professionally liaise with external auditors.
Course Itinerary (Summary)
- Fundamentals of Information Security Management Systems (ISMS)
- Using Process Management to manage and improve the business.
- Introduction to Leading Audits.
- Planning the audit programme.
- Scheduling audit programme.
- Selecting "competent" internal and external auditors.
- Audit preparation and looking at the critical success factors for your organisation.
- Understanding the organisation and its key processes.
- Using Checklists.
- The Audit Lifecycle.
- Participants carry out either a live audit in an organisation or a detailed virtual audit.
- Guidelines for productive Opening and Closing meetings.
- Carrying out the audit.
- Objective Evidence.
- Audit findings and Classification.
- Writing the Audit Report.
- Corrective action and effectiveness.
- How to deal with external auditors.
Prerequisites
Please note that participants attending the Lead Auditor course are expected to have prior knowledge of Information Security Management Systems (ISMS) principles and concepts.
IQC will provide a “Pre-course” pack to all delegates approximately 10 days before the training commences.
If you are new to Information Security Management Systems (ISMS) you should consider fundamentals training. Please contact [email protected] to enquire about this training.
Need a quote for In-house Training email us today [email protected]