Lifewide

innovative learning

Internal Auditor (ISMS) Course Information Security Management Systems (ISO 27001:2005)

This course is designed to provide knowledge and understanding of internally auditing ISO 270012005 Information Security Management Systems.
Objectives: Explain the purpose and structure of ISO 27001 Explain the principles, processes and selected techniques used for the assessment and management of information security management system (ISMS) controls and measures and the significance of these Describe the responsibilities of an internal auditor Describe the role of internal audit in the maintenance and improvement of management systems, in accordance with ISO 19011 Plan, conduct and report an internal ISMS audit

After attending this course, you will be able to: Explain why organizations use ISO 27001 Explain the purpose and structure of ISO 27001, with reference to the PDCA cycle Outline the principles, processes and techniques used for the assessment and management of environmental aspects/impacts, including the significance of these for ISMS auditors Explain the relationship between environmental management processes and implementation of an ISMS, and the implications for auditing Explain the ISO 27001 clause 4.2.4 requirements for improvement and the requirements for internal audit as described in clause 6. Define an internal audit, including the terms and definitions used in auditing, referencing 19011 and ISO 27001 Explain objectives for audits, including conformance, effectiveness and improvement, and suggest how these different types of audit can add value to an organization Explain the audit cycle, responsibilities of auditors and principles of auditing Explain significance of audit criteria, including relevant legislation to applicable information security requirements Outline different audit methods Understand the audit of the effective implementation of on-going hazard identification, risk assessment and determination of necessary controls Understand conformance to the relevant ISMS management system requirements requirements of a particular area of the business operation. Explain the purpose and typical content of an internal audit report, corrective action process and audit follow-up activities Describe the role and responsibilities of the auditor and the need for effective communication with the auditee Explain the principle of confidentiality

http://www.lifewide.org/Information.html


Establish appropriate scope, objectives, criteria, duration and resources for an audit Prepare the necessary work documents, such as an audit checklist, sampling plan and forms. Evaluate audit evidence and generate audit findings appropriate to the audit objectives, scope and criteria.

Course Pre-requisites You will have a basic understanding of ISO 27001:2007 or have attended the Lifewide Internal Auditor (Information Security) Course. Benefits of attending You will gain an understanding of what Internal Audit to ISO 27001 and ISO 19001 requirements are. You will be able to plan, conduct, report and follow up an internal audit. Business and legal benefits of improving the effectiveness of an information security management system will also be understood. Who should attend? This course is designed for any member of staff who will be involved in the internal auditing of management systems of a company. It is also suitable for those with responsibility for undertaking internal quality audits against a formal management system. Managers who require some knowledge and understanding of Management Systems will also find this one-day course beneficial. What is included? Course Workbook Certificate of attendance Individual and group exercises Morning and afternoon refreshment Lunch

Course delivery A Lead Auditor registered with the International Register of Certificated Auditors (IRCA) presents this course. He has many years of experience carrying out external audits in a range of business sectors nationally and internationally. Over the years, our trainer has worked as a Consultant in England, Germany, India, Ireland, Italy, Kenya, Spain, South Sudan and Uganda. The trainer for this course specializes in ISO 9001 (Quality), ISO 14001 (Environmental), ISO 27001 (Health & Safety) and ISO 27001 (Information Security) Management Systems as well as some National Highway Sector Schemes in the UK.

http://www.lifewide.org/Information.html