ISO 27001:2022 Internal Auditor Training Course

About ISO 27001:2022 Internal Auditor Training Course

Course Overview

This two-day course provides the students the skills and knowledge to perform internal information security audits, within their organizations and to contribute to the continual improvement of the information security management system.

Students will be made aware of the current best practices in the field of information security audit of ISMS and will be encouraged to develop their audit skills through analysis and self-criticism. 

Through various methods, including group tasks, brainstorming, role plays and simulations, reflection exercises and interactive participation by students, the course will enable the students to plan, conduct and report an internal  audit of part of an information security management system in accordance with ISO 19011 standard. The tutor will provide theoretical inputs where needed and emphasis will be on imparting applied knowledge in various situations, discussion of real-life examples and the students sharing their experiences with each other to enhance the learning experience. The course will also provide an opportunity to the students for self-assessment of their understanding of the Information Security audit process and techniques through progress tests.

Course Content

The course would cover topics such as:

• Purpose and structure of the ISO 27001 with reference to the PDCA cycle and the processes related to establishing, implementing, operating, monitoring, reviewing and continual improvement of ISMS with relevance to the internal auditors. How internal audit can be used as a tool to improve the security posture of an organization, will also be covered in the course.
• Key audit concepts such as audit related terms and definitions, referencing the ISO 19011 standard and the ISO 27001 standard, audit objectives, audit principles, audit planning and the phased approach of an audit cycle will be covered during the course. Students will also be imparted knowledge on the skills and requirements of an internal ISMS auditor in the areas of Information Risk Assessment, Security testing and Vulnerability Analysis. Audit checklists preparation, will also be covered in the course.

The course will impart practical knowledge of how to conduct an ISMS Audit by defining the audit purpose, objectives and criteria, outlining the audit scope, and the methods used to collect objective evidence. The course will also provide information on how to use audit checklists as an audit tool, conduct interviews, hold audit meetings as well as presentation of audit findings in the form of clear and concise audit reports. Students will also learn how to present their recommendations on the corrective and preventive actions, post the ISMS audit.

Course Objective

By the end of the course, the students will learn to describe with reference to the Plan, Do, Check, Act (PDCA) cycle, the purpose, structure and requirements of ISO 27001 from the point of view of an internal auditor.
Students will gain knowledge about the responsibilities of an internal auditor and how internal information security audit plays a role in the maintenance and improvement of information security management systems.
Students will also be able to acquire skills in the audit cycle of planning, conducting and reporting an internal information security audit as a part of a information security management system in accordance with ISO 19011 standard.