This course enables participants to develop the expertise required to audit an Information Security Management System (ISMS) and manage a team of auditors through the application of generally accepted audit principles, procedures and techniques. During this training, the participant acquires the skills and competencies required to plan and conduct internal and external audits effectively and in accordance with the ISO 19011 and ISO 17021 certification process. Through practical exercises, the participant develops the skills (mastery of audit techniques) and competencies (team and audit program management, client communication, conflict resolution, etc.) necessary to effectively conduct an audit.
Course overview
- Acquire the expertise to perform an ISO 27001 internal audit following the ISO 19011 guidelines
- Acquire the expertise to manage a team of ISMS auditors
- Understand how an ISMS works according to ISO 27001
- Improve the ability to analyze the internal and external environment of an organization, assess audit risks and make decisions in the context of an ISMS audit.
Course Curriculum
Day 1: ISO normative model and Management System
- ISO 27001 Certification Process
- Fundamentals of information security
- Information Security Management System
Day 2: Plan and initiate an ISO 27001 audit
- Fundamental audit principles and concepts
- Evidence-based and risk-based audit approach
- Preparing for an ISO 27001 certification audit
Day 3: Conducting the certification audit
- Animation of the audit team
- Communication during the audit
- Interviews and evidence gathering
- Sharing findings with the auditees
Day 4: After the audit
- Formulation of audit findings
- Drafting of the report
- Follow-up of non-compliance issues
- Management of the audit program
- Relationship with the training organization
- Revisions
Method of Assessment
The “PECB Certified ISO/IEC 27001 Lead Auditor” exam is held on the 5th day of the course and lasts 3 hours. The exam covers the following competency areas:
- Domain 1: Fundamental Information Security Principles and Concepts
- Domain 2: Audit concepts and fundamentals
- Domain 3: Preparing for an ISO 27001 audit
- Domain 4: Conducting an ISO 27001 audit
- Domain 5: Closing an ISO 27001 audit
Training benefits
This training is based on alternating theoretical and practical sessions:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Auditors wishing to carry out and lead Information Security Management System certification audits
- Managers or consultants wishing to master the Information Security Management System audit process
- Any person responsible for maintaining compliance with ISMS requirements
- Technical experts wishing to prepare an audit of the Information Security Management System
- Advisors specialized in information security management
Entry Requirements
- Have knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
- Registration requests can be sent up to 10 working days before the start of the training
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is designed to prepare you for the following training courses:
Duration
4,5 days (31h)
Price
€3450 excl. tax.
Meal
Breakfast & lunch included
Financing
OPCO support