ISO 27001 Internal Auditor Training for ISMS

Course Duration: 3 Days - 8 Hours/day

Omnex is an Exemplar Global Certified TPECS provider for the Exemplar Global IS and AU Competency Units. This three-day course has been developed to satisfy the Exemplar Global IS and AU Examination Profiles and, as such, all attendees who successfully pass the exams during this course will achieve a Certificate of Attainment for the following competency units:

· Exemplar Global-IS.

· Exemplar Global-AU

This three-day course provides participants with the necessary knowledge to audit all requirements of the ISO/IEC 27001:2022 standard and its organizational and technical controls from Annex A.

The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems – Overview and Vocabulary), and auditing requirements from both ISO 19011:2018 (Guidelines for Auditing Management Systems) and ISO/IEC 27007:2017 (Guidelines for Information Security Management Systems Auditing).

Group exercises and case studies will be used to develop the required skills. Other topics covered include the auditing process and methodologies, e. g. planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions following the requirements of ISO 19011 and ISO 27001. Case studies to develop skills for identifying nonconformities will be used.

Note: For ISO 27001 Lead Auditor Training, please [Click Here].

Learning Objectives

  • Understand the application of Information Security Management principles in the context of ISO/IEC 27001:2022.
  • Relate the Information Security Management system to the organizational processes, services, activities.
  • Understand the application of the principles, procedures and techniques and attributes needed for effective auditing.
  • Understand the conduct of an effective audit in the context of the auditee’s organizational situation.
  • Understand the application of the regulations, and other considerations that are relevant to the management system, and the conduct of the audit.

Course Outline

Day One

· Fundamentals of Information Security Management Systems (ISMS)

o What is an Information Security Management System (ISMS)?

o The purpose of ISO/IEC 27001 ISMS described.

· Process Approach to Information Security

· Risk-based Thinking

o ISMS Risks

o ISMS Risk Assessment

o ISMS Risk Treatment

o Group Exercise 1: Risk Identification Discussion

· ISO/IEC 27001 Clause 4 – Context of the Organization

· ISO/IEC 27001 Clause 5 – Leadership

o Group Exercise 2: Audit Scenarios

· ISO/IEC 27001 Clause 6 – Planning

Day Two

· ISO/IEC 27001 Clause 7 – Support

· ISO/IEC 27001 Clause 8 – Operation

· A look at and understanding of Annex A Controls

o Group Exercise 3: Audit Scenarios

· ISO/IEC 27001 Clause 9 – Performance Evaluation

· ISO/IEC 27001 Clause 10 – Improvement

o Group Exercise 4: Audit Scenarios

· Understanding ISMS Final Exam

· Process Approach to Auditing, Turtle Diagrams and Audit Trails

o Breakout Exercise 1: Create a Turtle Diagram

· Audit Guidance, Definitions and Principles

· The Need for an Audit Program

· Audit Planning and Preparation – Using the Guidelines for Information Security Management Systems Auditing

o Breakout Exercise 2: Documentation Review

o Breakout Exercise 3: Create an Audit Plan

Day Three

· Conducting the Audit

· Conducting the Closing Meeting

o Breakout Exercise 4: Conduct an Audit Interview

· Writing Nonconformity Statements

o Breakout Exercise 5: Write Nonconformity Statements

· Conducting the Closing Meeting

· Completing the Audit Report

· Corrective Action and Close-Out

Management Systems Auditing Final Exam

Who Should Attend

This course is primarily designed for internal auditor candidates but can also be valuable for Information, Cybersecurity, Privacy and IT Managers, ISO/IEC 27001:2022 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency in ISO/IEC 27001:2022 and the auditing process for first party auditing.

Course Materials

Each participant will receive a seminar manual and a breakout workbook that includes auditing case studies. .

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.

Pre-Requisite

An understanding of the ISO/IEC 27001:2022 requirements and/or work experience in applying ISO/IEC 27001:2022 is recommended.

Upcoming Training

ISO 27001 Internal Auditor Training for ISMS Program is available in multiple locations globally, including the USA, Canada, Mexico, India, Europe, Thailand, Singapore, Middle East and China.