ISO 27001:2023 Lead Auditor of the Information Security Management System

Audience

• Individuals preparing for the position of Lead Auditor 27001:2023
• Anyone interested in the topic

Objectives

• Gaining knowledge of ISO 27001:2023
• Gaining knowledge on how to audit in accordance with the standard
• Getting to know good practices

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

I. Introduction to Information Security
1. Systemic information security management
2. Benefits and added value for the organization

II. Overview of ISO 27001 requirements
1. What are the requirements of the standard?
2. What should you pay special attention to?
3. Identification of documentation requirements
4. Overview of Annex A

III. Information Security Management System compliant with the requirements of ISO 27001
1. Elements of the Information Security Management System according to ISO
27001
2. Exercises in interpreting and analysing the requirements of ISO 27001

IV. Audits – general information
1. Introduction to Audit
2. Entire audit
3. Audit criteria
4. Types of audits

V. Audit planning and preparation
1. Audit criteria and scope
2. Selection of a team of auditors
3. Process approach to internal audits
4. Important Aspects When Creating a Control Question List
5. Conducting an audit according to ISO 19011:2018
6. Practical exercises

VI. Conducting an audit – rules for conducting an on-site audit
1. Auditing techniques
2. Objective evidence
3. Identification of non-conformities and the ability to demonstrate them
4. Competencies of a watering auditor
5. Practical exercises

VII. Documenting audit results
1. Skilful formulation of inconsistencies
2. Documenting non-conformities
3. Identifying and documenting insights and potential for improvement
4. Summary of Audit Results – Audit Report
5. Practical exercises

VIII. Effective post-audit activities
1. Responsibilities related to the initiation of corrective and corrective actions
2. The Importance of Precisely Determining the Causes of Non-Conformity
3. Define corrective actions
4. Evaluation of the effectiveness of actions
5. Post-audit activities in relation to insights and potentials for improvement
6. Practical exercises

IX. Discussion and summary