ISO/IEC 27001:2022 and VDA ISA TISAX Internal Auditor Training for Information Security Management Systems

ISO/IEC 27001:2022 and VDA ISA TISAX Internal Auditor Training for Information Security Management Systems

Register for courses 60 days in advance and get 10% off this price.

Register for courses 30 days in advance and get 5% off this price

Note:Pricing is dependent on location and may vary.

Course Duration: 4 Days - 8 Hours/day

Omnex is an Exemplar Global Certified TPECS provider for the Exemplar Global AU Competency Unit. This four day course has been developed to satisfy the Exemplar Global AU Examination Profile and, as such, all attendees who successfully pass the exams during this course will achieve a Certificate of Attainment for the Exemplar Global-AU competency unit.

This four-day course has been developed to cover all requirements of the ISO/IEC 27001:2022 standard, as well as provide awareness and understanding of the requirements of the TISAX information security assessment maturity model (ISA released by the VDA) and illustrate important linkages to the controls and requirements from ISO/IEC 27001:2022. The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems – Overview and Vocabulary), Guidance from ISO/IEC 27003:2017 (Information Security Management System Implementation and Guidance) and auditing requirements from both ISO 19011:2018 (Guidelines for Auditing Management Systems) and ISO/IEC 27007:2017 (Guidelines for Information Security Management Systems Auditing). Group exercises and case studies will be used to develop the required skills.

Other topics covered include the auditing process and methodologies, e. g., planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions following the requirements of ISO 19011 and ISO 27007. Auditing case studies to develop skills for identifying nonconformities will be used.

Learning Objectives

· Understand the application of Information Security Assessment principles, and maturity of controls

· Understand the application of Information Security Management principles in the context of ISO/IEC 27001:2022.

· Relate the Information Security Management system to the organizational products, services, activities and operational processes.

· Relate organization’s context and interested party needs and expectations to the planning and implementation of an organization’s Information Security Management system.

· Understand the application of the principles, procedures and techniques of auditing.

· Understand the conduct of an effective audit in the context of the auditee’s organizational situation.

· Understand the application of the regulations, and other considerations that are relevant to the management system, and the conduct of the audit.

· Practice personal attributes necessary for the effective and efficient conduct of a management system audit.

Day One

· TISAX: Trusted Information Security Assessment Exchange

o Roles Within TISAX

o Assessment Model: Simplified Group Assessment

o Assessment Methodology

o Maturity Model

· VDA ISA TISAX and ISO/IEC 27001 Compared

o ISO/IEC 27001:2022 Annex A

o TISAX Overlap with ISO/IEC 27001:2022

o TISAX Additional Controls not in ISO/IEC 27001

· TISAX Controls

o Information Security Controls

o Prototype Protection Controls

o Data Protection Controls

· TISAX Measurement and Analysis

o Group Exercise: TISAX Measurement & Analysis

This seminar is primarily designed for internal auditor candidates, but can also be valuable for Information Security Assurance Managers, ISO/IEC 27001:2022 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency in ISO/IEC 27001:2022 and the auditing process for first party auditing.

Each participant will receive a seminar manual and a breakout workbook that includes auditing case studies.

An understanding of the ISO/IEC 27001:2022 requirements and/or work experience in applying ISO/IEC 27001:2022 is recommended.

An understanding of Risk Management for Information Security Management – there is a whitepaper available on the VDA TISAX information portal – is also important.

Upcoming Training

For Implementation Support