This course presents the ISO standards (19011, 27001, etc) for Information System Security and explains what is needed to audit an information security risk management system (ISMS).
Training at your location, our location or remotely
Ref. ISD
5d - 35h
Would you like to transpose this course—without changes—for your company?
A la carte training
Do you want a training course tailored to the needs of your company and its teams? Your training will be built to measure by our experts!
This course presents the ISO standards (19011, 27001, etc) for Information System Security and explains what is needed to audit an information security risk management system (ISMS).
Teaching objectives
At the end of the training, the participant will be able to:
Understand how an information security management system (ISMS) compliant with the ISO 27001 standard works.
Explain the correlation between the ISO/IEC 27001 and 27002 standards as well as with other standards and regulatory frameworks
Understand the role of an auditor: Plan, direct, and track an ISMS audit with the ISO 19011 standard.
Lead an audit and an audit team
Interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
Intended audience
Internal auditors, risk managers, CISOs, IT directors or managers, security engineers or contacts, project managers who work with security constraints.
Prerequisites
Basic knowledge of IT security.
Course schedule
Information security management system (ISMS)
Standards and regulatory frameworks.
Fundamental principles of the information security management system.
How an information security management system (ISMS) compliant with the ISO 27001 standard works.
Leading an audit and an audit team.
Audit principles, preparation, and triggering
Principles and fundamental concepts of an audit.
Evidence-based approach to auditing.
Interpreting the requirements of ISO/IEC 27001 in the context of an ISMS audit
Step 1 of the audit.
Preparing for step 2 of the audit (on-site audit).
Preparing for an ISO/IEC 27001 and triggering the audit.
Conducting an ISO/IEC 27001 audit.
Role of an auditor: Planning, directing, and tracking a management system audit with the ISO 19011 standard.
On-site auditing activities
Step 2 of the audit.
Communication during the audit.
Auditing procedures.
Writing audit testing plans.
Writing audit findings and non-compliance reports.
Ending the audit
Documenting the audit and reviewing the audit’s quality.
Closing an ISO/IEC 27001 audit
Assessment of action plans by the auditor.
Advantages of the initial audit.
Managing an internal audit program.
Skills and assessment of auditors.
Certification
Review. Tips for the exam.
Contents of the exam, rules to follow. Standards or other documents provided to the candidates.
Conditions in place to preserve the confidentiality of the copies.
Minimum score needed to pass the written exam.
The exam includes a multiple-choice questionnaire about the ISO/IEC 27001 standards.
A participation certificate worth 31 CPD (Continuing Professional Development) credits is issued.
Exam
Mock exam and group correction. Taking the exam.
Certification
The final exam certifies that you have the knowledge and skills needed to audit an ISMS in accordance with the ISO/IEC 27001:2013 standard. The exam is held on the last half-day. It is provided in partnership with the certifying body, PECB.
Customer reviews are based on end-of-course evaluations. The score is calculated from all evaluations within the past year. Only reviews with a textual comment are displayed.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class
No session at the moment, we invite you to consult the schedule of distance classes.
5d
- 35h00 
