23 - 27 Dec 2019
Auditor/Lead Auditor Information Security Management Systems ISO/IEC 27001:2013
The course allows to know and understand the Plan, Do, Check, Act (PDCA) cycle, consisting of the following information security management concepts:
- Awareness of the need for information security
- The assignment of responsibility for information security
- Incorporating management commitment and the interests of stakeholders
- Enhancing societal values
- Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk
- Incorporating security as an essential element of information networks and systems
- The active prevention and detection of information security incidents
- Ensuring a comprehensive approach to information security management
- Continual reassessment of information security and making of modifications as appropriate
- Knowledge of the requirements of ISO/IEC 27001, and/or at least 6 months’ work experience in the specific sector.
All participants will receive an attendance certificate; those who pass the final written exam will receive the “Auditor/Lead Auditor Information Security Management Systems” certificate, which is recognized internationally. Certificates of successful Completion are only valid for three years for the purposes of auditor certification by CQI | IRCA.
Objectives
The course aims at improving knowledge to:
- Present information security concepts
- Understand the scope and objectives of ISMS
- Understand the processes included in the PDCA cycle and specific to ISMS
- Present the risk identification, assessment and management methodology
- Explain the relations between the ISO/IEC 27001:2013 standard and other similar standards
- Understand the requirements of ISO/IEC 27001:2013 and ISO/IEC 27006 in the context of an ISMS audit
It also aims at improving Skills to Plan, conduct, report and follow up an audit in accordance with ISO/IEC 19011:2018, ISO/IEC 17021-1:2015 and ISO/IEC 27006 and by interpreting ISO 27001.
Course Contents
The course will focus on:
- Information Security Management
- The 27001 family of standards
- Audit evidences and trails that fulfil ISO/IEC 27001:2013
- ISO/IEC 27002:2013 requirements
- Risk management for ISMS
- ISO/IEC 19011:2018 and ISO/IEC 17021-1:2015
- Audit procedures applied for ISMS
- Incident management and business continuity.
Target Group
- Aspiring Third Party Auditor on the Information Security Management Systems whishing to enroll in the CQI | IRCA international register and/or RICEC recognized by ACCREDIA as an Auditor/Lead Auditor of Information Security Management Systems
- Company personnel involved in first and second party audit on the Information Security Management Systems in an organizational context with particular complexity and/or magnitude
- Company heads of coordination, management and implementation of the Information Security Management Systems in an organizational context with particular complexity and/or magnitude
- Designers and consultants for Information Security Management Systems
