About ISO 27001:2022 Internal Auditor Training Course
This two-day course provides the students the skills and knowledge to perform internal information security audits, within their organizations and to contribute to the continual improvement of the information security management system.
Students will be made aware of the current best practices in the field of information security audit of ISMS and will be encouraged to develop their audit skills through analysis and self-criticism.
Through various methods, including group tasks, brainstorming, role plays and simulations, reflection exercises and interactive participation by students, the course will enable the students to plan, conduct and report an internal audit of part of an information security management system in accordance with ISO 19011 standard. The tutor will provide theoretical inputs where needed and emphasis will be on imparting applied knowledge in various situations, discussion of real-life examples and the students sharing their experiences with each other to enhance the learning experience. The course will also provide an opportunity to the students for self-assessment of their understanding of the Information Security audit process and techniques through progress tests.
The course would cover topics such as:
- Purpose and structure of the ISO 27001 with reference to the PDCA cycle and the processes related to establishing, implementing, operating, monitoring, reviewing and continual improvement of ISMS with relevance to the internal auditors. How internal audit can be used as a tool to improve the security posture of an organization, will also be covered in the course.
- Key audit concepts such as audit related terms and definitions, referencing the ISO 19011 standard and the ISO 27001 standard, audit objectives, audit principles, audit planning and the phased approach of an audit cycle will be covered during the course. Students will also be imparted knowledge on the skills and requirements of an internal ISMS auditor in the areas of Information Risk Assessment, Security testing and Vulnerability Analysis. Audit checklists preparation, will also be covered in the course.
By the end of the course, the students will learn to describe with reference to the Plan, Do, Check, Act (PDCA) cycle, the purpose, structure and requirements of ISO 27001 from the point of view of an internal auditor.
Students will gain knowledge about the responsibilities of an internal auditor and how internal information security audit plays a role in the maintenance and improvement of information security management systems.
Students will also be able to acquire skills in the audit cycle of planning, conducting and reporting an internal information security audit as a part of a information security management system in accordance with ISO 19011 standard.