This course has been designed to equip participants with the knowledge and skills needed to assess and report on the conformance and effective implementation of an information security management systems (ISMS) to protect organizations from risk.
Those organizations that fail to operate coherent and comprehensive ISMS strategies leave themselves open to potential security failures.
The purpose of the ISO/IEC 27001 Internal Auditor Training is to give you the necessary skills to perform internal audits on an organization’s Information Security Management Systems (ISMS) and to contribute to their continual improvement. The training helps you identify and control the threats an organization faces from any information security controls lapses and how to effectively put in place measures to address those risks.
On training completion you will be able to:
- Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of ISMS, in accordance with ISO/IEC 27001 and ISO 19011
- Describe with reference to the Plan-Do-Check-Act (PDCA) cycle the requirements of ISO/IEC 27001
- Explain the purpose and structure of ISO/IEC 27001
- Plan and prepare for an internal audit, gather audit evidence through observation, interview and sampling of documents and records,
- Write factual audit reports that help to improve the effectiveness of the ISMS
- Suggest ways in which the effectiveness of corrective action might be verified
The training comprises presentations, workshops and role-play exercises.
Please Note: Participants are expected to have knowledge of Information Security Management Systems and ISO/IEC 27001 before attending this course. This background knowledge is provided on the Information Security Management Systems Awareness Training.
Contact SGS today to learn more about SGS ISO/IEC 27001 Internal Auditor Training.