Course Overview
- To equip participants with the knowledge and skills needed to assess and report on the conformance and effective implementation of an Information Security management system in accordance with ISO 19011.
- Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of management systems, in accordance with ISO 19011
- Risk Management Process
- 93 Annexure Controls of ISO 27001:2022
- Explain the purpose and structure of ISO 27001, and explain the principles, process and selected techniques used for the assignment and management of Information / Cyber security
- Plan and prepare for internal audit gather audit evidence through observation, interview and sampling of documents and records.
- Write factual audit reports that help to improve the effectiveness of the management system.
- Suggest ways in which the effectiveness of corrective action might be verified
- Overview of ISO 27001:2022
- Purpose and requirements of internal auditing of ISMS
- ISMS standards and certification body requirements for internal auditing
- Preparation, performance, objective evidence, questioning and communication
- Audit findings, reporting, corrective actions, follow-up and close-out and management review
-
Summary of the changes to ISO 27001 and ISO 27002
-
Auditing the new, the merged and the renamed controls
-
Organizational Controls, People Controls, Physical Controls & Technological Controls