Course Outline
I. Introduction to Information Security
1. Systemic approach to information security management.
2. Benefits and added value for the organization.
II. Overview of ISO 27001 Requirements
1. Key requirements of the standard.
2. Critical areas requiring special attention.
3. Identification of documentation requirements.
4. Overview of Annex A.
III. Information Security Management System Compliant with ISO 27001
1. Components of the ISMS as defined by ISO 27001.
2. Exercises in interpreting and analysing ISO 27001 requirements.
IV. Audits – General Information
1. Introduction to auditing.
2. Comprehensive audit processes.
3. Audit criteria.
4. Types of audits.
V. Audit Planning and Preparation
1. Defining audit criteria and scope.
2. Selecting the audit team.
3. Process approach to internal audits.
4. Key aspects of creating a control question list.
5. Conducting audits according to ISO 19011:2018.
6. Practical exercises.
VI. Conducting an On-Site Audit
1. Auditing techniques.
2. Gathering objective evidence.
3. Identifying non-conformities and demonstrating proof.
4. Competencies required of the auditor.
5. Practical exercises.
VII. Documenting Audit Results
1. Skillfully formulating findings.
2. Documenting non-conformities.
3. Identifying and documenting insights and improvement opportunities.
4. Summary of audit results – Audit Report.
5. Practical exercises.
VIII. Effective Post-Audit Activities
1. Responsibilities regarding the initiation of corrective actions.
2. The importance of accurately determining the root causes of non-conformities.
3. Defining corrective actions.
4. Evaluating the effectiveness of implemented actions.
5. Post-audit activities related to insights and improvement potentials.
6. Practical exercises.
IX. Discussion and Summary
Requirements
Target Audience
- Professionals preparing for the role of Lead Auditor under ISO 27001:2023.
- Any individual with an interest in this subject matter.
