ISO 27001:2013 Lead Auditor

Course overview

Course Key Topic Area Includes:

DAY 01

  • Normative, regulatory and legal framework related to information security
  • Fundamental principles of information security
  • ISO/IEC 27001 certification process
  • Information Security Management System (ISMS)
  • Detailed presentation of the clauses 4 to 8 of ISO/IEC 27001

DAY 02

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO/IEC 27001 certification audit
  • ISMS documentation audit
  • Conducting an opening meeting

DAY 03

  • Communication during the audit
  • Audit procedures: observation, document review, interview, sampling techniques,
  • technical verification, corroboration and evaluation
  • Audit test plans
  • Formulation of audit findings
  • Documenting nonconformities

DAY 04

  • Audit documentation Audit documentation
  • Quality review Quality review
  • Conducting a closing meeting and conclusion of an ISO/IEC 27001 audit
  • Evaluation of corrective action plans
  • ISO/IEC 27001 Surveillance audit
  • Internal audit management program

DAY 05

  • Course Summary Course Summary
  • Certification Exam Certification Exam
  • Understand the operations of an Information Security Management System based on ISO/IEC 27001
  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Understand an auditor’s role to: plan, lead and follow up on a management system audit in accordance with ISO 19011
  • Learn how to lead an audit and audit team
  • Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit.

Target audience

  • IT/ Information Security Manager
  • Compliance Auditor
  • GDPR consultant
  • IT/ Information Security Consultant
  • Cyber Security Consultant
  • Head of IT
  • Information and risk manager
  • Information security analyst
  • Information Security Officer
  • Internal Auditor
  • ISMS manager

Objectives

  • Review the Audit Requirements of ISO/IEC 27001:2013
  • Learn Auditing Principles applicable ISO 27001 Auditing
  • Learn How to Assess Security Threats and Vulnerabilities
  • Understand Review Requirements of Security Controls and Countermeasures
  • Understand the Roles and Responsibilities of the Auditor
  • Learn How to Plan, Execute, Report, and Follow up on an Information Security Management System Audit

Prerequisites

  • A fundamental understanding of ISO/IEC 27001 and comprehensive knowledge of audit principles.

Certification

  • Certificate of Course Completion from Qatar University
  • Upon passing of Exam, a certificate from CQI-IRCA