ISO/IEC 27001:2013 Internal Auditor Training for Information Security Management Systems

ISO/IEC 27001:2013 Internal Auditor Training for Information Security Management Systems

 

QM icon WHO SHOULD ATTEND

This seminar is primarily designed for internal auditor candidates, but can also be valuable for Information Security Assurance Managers, ISO/IEC 27001:2013 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency in ISO/IEC 27001:2013 and the auditing process for first party auditing.

RECOMMENDED TRAINING AND/OR EXPERIENCE

An understanding of the ISO/IEC 27001:2013 requirements and/or work experience in applying ISO/IEC 27001:2013 is recommended

 

content icon  SEMINAR CONTENT

Omnex is an Exemplar Global Certified TPECS provider for Exemplar Global AU and TL Competency Units. This five-day course has been developed to satisfy the Exemplar Global AU and TL Examination Profiles and, as such, all attendees who successfully pass the exams during this course will achieve a Certificate of Attainment for the following competency units:

  • Exemplar Global-AU
  • Exemplar Global-TL

This course was developed to cover all requirements of the ISO/IEC 27001:2013 standard. The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems – Overview and Vocabulary), Guidance from ISO/IEC 27003:2017 (Information Security Management System Implementation and Guidance) and auditing requirements from both ISO 19011:2010 (Guidelines for Auditing Management Systems) and ISO/IEC 27007:2017 (Guidelines for Information Security Management Systems Auditing). Group exercises and case studies will be used to develop the required skills. Other topics covered include the auditing process and methodologies, e. g. planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions following the requirements of ISO 19011 and ISO 27007. Auditing case studies to develop skills for identifying nonconformities will be used.

 

GOALS SEMINAR GOALS

tick Understand the application of Information Security Management principles in the context of ISO/IEC 27001:2013.

tick Relate the Information Security Management system to the organizational products, services, activities and operational processes.

tick Relate organization’s context and interested party needs and expectations to the planning and implementation of an organization’s Information Security Management system.

tick Understand the application of the principles, procedures and techniques of auditing.

tick Understand the conduct of an effective audit in the context of the auditee’s organizational situation.

tick Understand the application of the regulations, and other considerations that are relevant to the management system, and the conduct of the audit.

tick Practice personal attributes necessary for the effective and efficient conduct of a management system audit.

 

outline icon SEMINAR OUTLINE

Day One

  • Introduction and Welcome
  • The ISO Standards Explained
  • Introduction to ISO/IEC 27001:2013 and Key Terms from the ISO 27000:2014 – Overview and Vocabulary
  • ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
    • Group Exercise: Context of the Organization
    • Group Exercise: Interested Parties
    • Group Exercise: Audit Scenarios
    • Group Exercise : IT Security Controls

Day Two

  • ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
    • Group Exercises: Audit Scenarios (cont’d)
    • Independent ISMS Written Exercise
  • Introduction to Turtle Diagrams and Audit Trails
  • Management of Audit Programs
  • Audit Planning and Preparation including ISO 27007 Guidelines for Information Security Management Systems Auditing
    • Breakout Exercise 1: Writing an Objective and Scope Statement
    • Breakout Exercise 2: Documentation Review
    • Breakout Exercise 3: Creating an Audit Plan

Day Three

  • Performing the Audit
    • Breakout Exercise 4: Performing an Audit
  • Writing Nonconformity Statements
    • Breakout Exercise 5: Writing Nonconformity Statements
  • Closing Meeting
  • Completing the Audit Report
  • Corrective Action and Closeout
    • Management Systems Auditing Written Exercise

Day Four

  • Leading Audit Teams
  • Customer-Specific Requirements – including NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) and NIST SP 800-53 (Recommended Security Controls for Federal Information Systems and Organizations); as well as CSRs from the Aerospace, Automotive, Medical Devices Industries and Legal and Regulatory Requirements
  • Management System Certification Scheme and Auditor Qualifications
    • Leading Management Systems Audit Teams Written Exercise

 

Each participant will receive a seminar manual, including a complete package of problem solving worksheets and checklists for each step of the process, as well as all team exercise materials.

 

CONTACT US: +49 30 61285700

Event Properties

Event Date 06-05-2019 9:00 am
Event End Date 09-05-2019 5:00 pm
Capacity 15
Registered 0
Available place 15
Individual Price €1,600.00
We are no longer accepting registration for this event

Training Series

Here you find our Core Tools Series Courses

Here you find our IATF 16949:2016 Series Courses

Here you find our NEW ISO 26262:2018 Series Courses

Here you find our Problem Solving Series Courses

Here you find our ISO/IEC 27001:2013 Series Courses

Here you find our ISO 9001:2015 Series Courses

Here you find our IMS (ISO 9001 and/or IATF 16949, ISO 14001 and ISO 45001) Series Courses

Here you find our ISO/IEC 17025:2017 Series Courses

Here you find our VDA Series Courses

Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
Ok