Audit Information Security Management Systems
Our ISO 27001 Lead Auditor Course is delivered across 5 days, providing a comprehensive overview of ISO 27001:2013, before delving into the practical auditing skills required to perform audits against information security management systems as either part of a team or an audit team leader. It also provides a comprehensive understanding of ISO 19011 Guidelines for Auditing Management Systems.
Under the guidance of our experienced instructors’ participants will learn how businesses can identify risks to their information and how to implement security measures to manage and reduce those risks under the ISO 27001 standard. They will also learn the critical guidelines to perform continual improvement in information security management systems, ensuring their organisation is prepared for emerging information security threats.
JLB’s intensive training qualifies participants how to successfully implement, maintain and integrate an information security standard inside businesses and organisations.
This course includes modules AU, IS, and TL (Exemplar Global TPECS). Recognition of prior learning will be awarded for Modules AU and TL if they have been previously completed.
Management Systems Auditing2 days
Auditing Information Security Systems2 days
Leading Management Systems Audit Teams1 day
Who Should Attend?
- Information Security Representatives
- Managers responsible for facilitating external audits
- Employees who need to conduct internal audits in their organisation
- Independent Auditors and Consultants of ISMS management systems
- Supervisors and Department Managers of IT and Information Security
- Information Security Consultants
This Course is in module format such that the first two days provide an introduction to auditing management systems and focuses on the skills required for auditing (Module AU). The third and fourth days focus on ISO 27001:2013 and ISMS specific issues, particularly relevant to external auditing (Module IS). The fifth day is focused on lead auditor specific requirements and the certification process (Module TL).
Days 1 & 2
Module AU – ‘Management Systems Auditing’
- quality, history of QMS & QMS documentation
- continual improvement international standards & ISO 9001:2015
- the auditing process
- communication skills
- roles, responsibilities and skills of an auditor
- developing questions
- ISO 19011
- planning audits & reviewing documentation
- audit reports and corrective action
- auditing techniques
- process-based auditing and sampling
- role play – dummy internal audit.
Days 3 & 4
Module IS – ‘Auditing Information Security Systems‘
- introduction to Information Security
- context of Information Security
- information Security management systems requirements
- risk-based approach to information security
- ISO 27001 – In detail
- information classification
- documentation requirements of Information security management systems
- role play – dummy external audit.
Module TL – ‘Leading Management Systems Audit Teams’
- the certification process
- auditor skills, abilities, and Code of Conduct
- legal/ethical aspects of auditing
- Accreditation and certification bodies