IRCA ISO 27001:2013 ISMS Lead Auditor
Date/Time: 19/08/2019 - 23/08/2019 9:30 am - 4:30 pm
About this course
ISO/IEC 27001:2013 – Information security management system lead auditor teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001. This five day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001 registration process.
The auditing exercises and lectures are based on ISO 19011:2011, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.
- A prior knowledge of the requirements of ISO 27001 would be beneficial.
- Review the requirements of ISO/IEC 27001
- Understand the relationship between ISO/IEC 27001 and ISO/IEC 27002
- Learn how to assess security threats and vulnerabilities
- Understand security controls and countermeasures
- Understand the roles and responsibilities of the auditor
- Learn how to, plan, execute, report, and follow-up on an information security management system audit
- Course and learner objectives
- Course structure and methods
- Delegate assessment
What is an Information Security Management System?
- Information security
- Management systems
- Purpose and benefits of ISO 27001
- Related standards
- PDCA model
- Process model
Overview of ISO 27001 contents
ISO 27001 Mandatory clauses 4 – 8
Course Recap day 1. Questions and Answers
Overview of the audit process
Auditing the SOA
Audit and Auditors
- 1st, 2nd and 3rd party audits
- Roles and responsibilities of auditors and lead auditors
- Skills and characteristics of effective auditors
- Information needed to plan the audit, and things to consider
- Preliminary visits
- Preparation of an audit plan
Audit communications and meetings
- Good practice for communication during the audit
- Formal meetings
- Opening meeting – what to cover and how
- Benefits and drawbacks
- Content – what to include
- Developing a checklist for a specific audit
Conducting the audit
- note taking
- interacting with the auditee
- who’s involved and general points
- definition of nonconformity
- linking to requirements of ISO 27001
- grading nonconformity reports
- structure and content of nonconformity reports
- including interviewing.
- developing and following audit trails
- identifying non conformity
- Review of answers
- Layout and marking scheme of the papers
- Identifying possible issues and how to prevent or deal with these
- Corrective action process
- Evaluating corrective actions
Reporting the audit
- Purpose and content of the written audit report
- action planning
- further development
- auditor registration
End of the Course
Duration: 5 Days
Date : August 19 – 23,2019
Time : 09:30 am. – 16:30 pm.
Venue : ACinfotec Training Center
Contact : T 02 670 8980 – 3
Tuition : THB 38,000 (Exclusive of 7% VAT)
Bookings are closed for this event.
Terms & Conditions for Course Registration
Please read the following terms & conditions for course registration carefully. Upon clicking submit button, it is demonstrated that I/We understand and accept the registration and cancellation policies and procedures.
- Full payment is required in advance prior to course commencement date.
- Payment is due upon registration
- Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given
- A replacement is always welcome
Disclaimer: ACinfotec reserves the right to change, postpone or cancel. Any part of its published programme due to unforeseen circumstances.