This course enables participants to develop the expertise required to audit an Information Security Management System (ISMS) and manage a team of auditors through the application of generally accepted audit principles, procedures and techniques. During this training, the participant acquires the skills and competencies required to plan and conduct internal and external audits effectively and in accordance with the ISO 19011 and ISO 17021 certification process. Through practical exercises, the participant develops the skills (mastery of audit techniques) and competencies (team and audit program management, client communication, conflict resolution, etc.) necessary to effectively conduct an audit.
If you would like to take this course by distance learning, click on the “Distance learning” button to find out more about the program.
Course overview
- Acquire the expertise to perform an ISO 27001 internal audit following the ISO 19011 guidelines
- Acquire the expertise to manage a team of ISMS auditors
- Understand how an ISMS works according to ISO 27001
- Improve the ability to analyze the internal and external environment of an organization, assess audit risks and make decisions in the context of an ISMS audit.
Course Curriculum
Day 1: ISO normative model and Management System
- ISO 27001 Certification Process
- Fundamentals of information security
- Information Security Management System
Day 2: Plan and initiate an ISO 27001 audit
- Fundamental audit principles and concepts
- Evidence-based and risk-based audit approach
- Preparing for an ISO 27001 certification audit
Day 3: Conducting the certification audit
- Animation of the audit team
- Communication during the audit
- Interviews and evidence gathering
- Sharing findings with the auditees
Day 4: After the audit
- Formulation of audit findings
- Drafting of the report
- Follow-up of non-compliance issues
- Management of the audit program
- Relationship with the training organization
- Revisions
Method of Assessment
The “PECB Certified ISO/IEC 27001 Lead Auditor” exam is held on the 5th day of the course and lasts 3 hours. The exam covers the following competency areas:
- Domain 1: Fundamental Information Security Principles and Concepts
- Domain 2: Audit concepts and fundamentals
- Domain 3: Preparing for an ISO 27001 audit
- Domain 4: Conducting an ISO 27001 audit
- Domain 5: Closing an ISO 27001 audit
Training benefits
This training is based on alternating theoretical and practical sessions:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Auditors wishing to carry out and lead Information Security Management System certification audits
- Managers or consultants wishing to master the Information Security Management System audit process
- Any person responsible for maintaining compliance with ISMS requirements
- Technical experts wishing to prepare an audit of the Information Security Management System
- Advisors specialized in information security management
Entry Requirements
- Have knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
- Registration requests can be sent up to 10 working days before the start of the training
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is designed to prepare you for the following training courses:
Duration
4,5 days (31h)
Price
€3450 excl. tax.
Meal
Breakfast & lunch included
Financing
OPCO support
Course overview
- Acquire the expertise to perform an ISO 27001 internal audit following the ISO 19011 guidelines
- Acquire the expertise to manage a team of ISMS auditors
- Understand how an ISMS works according to ISO 27001
- Improve the ability to analyze the internal and external environment of an organization, assess audit risks and make decisions in the context of an ISMS audit.
Course Curriculum
Session 1: Standards, regulatory frameworks and certification processes
- Standards and regulatory frameworks
- Certification process
Session 2: Information Security Fundamentals and Principles
Session 3: Information Security Management System
Session 4: Fundamental concepts and principles of the audit
- Concepts and principles of the audit
- Impact of trends and technology in auditing
Session 5: Audit Basics
- Evidence based audit
- Risk-based audit
Session 6: Initiation and first step
- Initiation of the audit process
- Step 1 of the audit
Session 7: Preparing and carrying out step 2
- Preparation for stage 2 of the audit
- Step 2 of the audit
Session 8: Communication during the audit
Session 9: Audit procedures
- Audit procedures
- Creation of audit sampling plans
Session 10: Audit report and closure
- Drafting reports of audit findings and non-compliance
- Audit documentation and quality review
- Closing the audit
Session 11: After the audit
- Evaluation of action plans by the auditor
- After the initial audit
Session 12: Audit and certification program
- Internal audit program
- People certification program
Principle planning
- 24 hours of lessons with the trainer, divided into 12 sessions of 2 hours each.
- 24 hours of lessons with the trainer, divided into 12 sessions of 2 hours each.
Method of Assessment
The “PECB Certified ISO/CEI 27001 Lead Auditor” exam is held in a slot chosen by the candidate from several options, within a maximum period of one year after training; it lasts 3 hours and is composed of single-choice questions.
The exam covers the following skill areas:
- Domain 1: Fundamental principles and concepts of the Information Security Management System
- Domain 2: Information security management system (ISMS)
- Domain 3: Fundamental principles and concepts of auditing
- Domain 4: Preparing for an ISO/IEC 27001 audit
- Domain 5: Carrying out an ISO/IEC 27001 audit
- Domain 6: Closing an ISO/IEC 27001 audit
- Domain 7: Managing an ISO/IEC 27001 audit program
Training benefits
- Training provided by a cybersecurity expert
- An intuitive and easy-to-use platform
- Moments of exchange on key concepts and sharing of experiences adapted to the context of the learners
- A training pedagogy adapted to all learning profiles
Who should attend?
- Auditors wishing to carry out and lead Information Security Management System certification audits
- Managers or consultants wishing to master the information security management system audit process
- Any person responsible for maintaining compliance with ISMS requirements
- Technical experts wishing to prepare an audit of the Information Security Management System
- Advisors specialized in information security management
Entry Requirements
- Have knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is designed to prepare you for the following training courses:
Duration
35 hours
Price
€2400 excl.tax.
Financing
OPCO support