ABOUT

This training session outlines the key processes and approaches a business needs to manage Information Security risk in a practical way. Learn how to implement and audit an Information Security Management System adhering to the specific requirements of ISO/IEC 27001, in order to protect information assets such as customer details, sensitive corporate information and financial data. Training objectives include;

  • Understand the operative principles of a ISMS according to ISO 27001 and best practices of audit according to ISO 19011
  • Develop the necessary skills to carry out an ISO 27001 audit in compliance with the requirements of ISO 19011 and the specifications of ISO 17021 and ISO 27006.
  • Acquire the management skills of managing a team of ISMS auditors.
  • Fundamentals of Auditing
  • Ethics and respect for principles
  • Risk and evidence-based approach of the audit
  • Initiation of an audit
  • Stage 1 Audit
  • Stage 2 Audit Kick-Off
  • Best practices during audits
  • Collection and verification of information during stage 2 audit
  • Audit procedures
  • Drafting of findings and nonconformities reports
  • Close of the audit
  • Follow-up & Surveillance Activities
  • Competencies & Evaluation of auditors
  • Fundamental Principles of information security
  • Infosec control best practices based on ISO 27002.
  • Auditing an ISMS based on IS0 27001.
  • Implementing the best practices of ISMS audits based on ISO 19011
  • Plan, do, check and improve the audit program of an ISMS
  • Applying governance and ethics principles related to ISMS audits
  • Comply with internal and certification audit requirements