ISO 27001:2023 Internal Auditor of the Information Security Management System

Audience

• Persons preparing for the position of Internal Auditor 27001:2023
• Anyone interested in the topic

Objectives

• Gaining knowledge of ISO 27001:2023
• Gaining knowledge on how to audit in accordance with the standard
• Getting to know good practices

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

I. Information Security Management System compliant with the requirements of ISO 27001
1. Elements of the Information Security Management System according to ISO 27001
2. Exercises in interpreting and analysing the requirements of ISO 27001

II. Audits – general information
1. Entire audit
2. Types of audits

III. Audit planning and preparation
1. Audit criteria and scope
2. Selection of a team of auditors
3. Process approach to internal audits
4. Important Aspects When Creating a Control Question List
5. Practical exercises

IV. Conducting an audit – rules for conducting an on-site audit
1. Auditing techniques
2. Objective evidence
3. Identification of non-conformities and the ability to demonstrate them
4. Practical exercises

V. Documenting audit results
1. Skilful formulation of inconsistencies
2. Documenting non-conformities
3. Identifying and documenting insights and potential for improvement
4. Summary of Audit Results – Audit Report
5. Practical exercises

VI. Effective post-audit activities
1. Responsibilities related to the initiation of corrective and corrective actions
2. The Importance of Precisely Determining the Causes of Non-Conformity
3. Define corrective actions
4. Evaluation of the effectiveness of actions
5. Post-audit activities in relation to insights and potentials for improvement
6. Practical exercises

VII. Discussion and summary