Introduction
This course is an ideal course for those wishing to pursue a qualification in information
security management systems auditing, or to develop an advanced skill in auditing
information security management systems.
You need this course if...
• You wish to expand your knowledge about effective audit practices or
• You may wish to build on your existing auditing experience especially in auditing
information security management systems and its related processes and procedures
• You may want to audit your existing ISMS processes for effectiveness and
improvement
• You are a consultant providing advice on ISO/IEC 27001:2013 and require formal
training and recognition through IRCA
• You are a security or quality professional who wishes to add ISO/IEC 27001:2013 to
their skills set
You will learn …
Through a highly interactive approved International Register Certificated Auditors (IRCA)
course, containing many practical examples, with the ability to learn through practice built into the course.
The course covers -
• The importance of information security for the organisation and its customers
• How to review the typical documentation an organisation would prepare to meet the
requirements of ISO/IEC 27001:2013 and how to produce a practical value added documentation audit report
• How to audit selected security controls
• How to plan, conduct and conclude a practical audit of security related organization
• How to control and work with an audit team with practical examples related to an
ISMS audit
• To gain the skill to audit processes and their interaction with other processes
• To report findings accurately and factually in terms that are valued by management
• To evaluate corrective actions effectively to eliminate causes of problems
You need …
Knowledge of ISO/IEC 27001:2013 prior to attending this course; in particular, you must have prior knowledge of:
a. Management systems
• Understand the Plan-Do-Check-Act (PDCA) cycle
b. Information security management
• Knowledge of the following information security management principles and concepts:
i. Awareness of the need for information security;
ii. The assignment of responsibility for information security;
iii. Incorporating leadership and commitment and the interests of
stakeholders;
iv. Enhancing societal values;
v. Using the results of risk assessments to determine appropriate controls to
reach acceptable levels of risk;
vi. Incorporating security as an essential element of information networks and
systems;
vii. The active prevention and detection of information security incidents;
viii. Ensuring a comprehensive approach to information security management;
ix. Continual reassessment of information security and making modifications as
appropriate.
c. ISO 27001
• Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the
commonly used information security management terms and definitions, as
given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.
• To understand the Plan-Do-Check-Act cycle, possess knowledge of information
security management principles and concepts, including: the need for
information security (i.e. within your organisation/sector); the assignment of
responsibility for information security (i.e. organisational structure and
determination of responsibilities); leadership and commitment and the
interests of stakeholders (i.e. within your organisation/sector); enhancing
societal values (i.e. data security, privacy, personal security and governance);
using the results of risk assessments to determine appropriate controls to
reach acceptable levels of risk; incorporating security as an essential element
of information networks and systems; the active prevention and detection of
information security incidents; ensuring a comprehensive approach to
information security management; continual reassessment of information
security and making modifications as appropriate.
• Complete approximately 2 hours of pre course work prior to attending the
course.
Your future development
• To gain IRCA auditor status
• This course meets the training requirements for certification as an IRCA ISMS auditor
• LRQA business improvement courses
Course length
Five days
In company
This course can be delivered as an In-company event for those organisations implementing and auditing information security with more than five auditors wanting to develop knowledge of information security management systems, ISO/IEC 27001:2013 and develop their auditing skills.
In-house
If you are looking for a course for four or more people, you may find our in-house option more cost-effective. Contact the team for a quote.
Customised
Work with our training experts to develop a training course or programme specific to your exact requirements.