The training presents the necessary knowledge and skills concerning the implementation and execution of audits for Information Security Management System compliant with ISO 21001. After the training participants become accredited Internal Auditors, ISO – 27001.
The aim of the course is to acquaint participants with the substance, types, planning and methodology of conducting audits for Information security management systems, as well as to teach future internal auditors to conduct audits effectively in accordance with PN-ISO/IEC 27001:2014.
Benefits of the training:
- develop the skill of conducting audits in an organization,
- knowledge of the rules for interpreting PN-ISO/IEC 27001:2014
- ability and skill to prepare audit plan, audit documentation – including drafting check questions
- understanding of the role of audits and auditors in an effective and constant information security management system improvements.
- Module 1 - Information security management system
- What is information security management system?
- The meaning and purpose for SZBI implementation
- Family of ISO 27000 standards
- Module 2 –ISO 27001 requirements
- Analysis and interpretation of PN-ISO/IEC 27001:2014 standard
- Risk management – evaluation of methodology of risk analysis
- Exercise – PN-ISO/IEC 27002:2014 Interpretation and analysis of PN-ISO/IEC 27001:214 requirements as well as applying their rules of PN-ISO/IEC 27002:2014
- Module 3 – Requirements for auditors
- Competencies and role of internal auditors
- Module 4 – Introduction to audits
- Aims and types of audits
- Audit planning and preparing
- Exercise – Drafting audit plan and check questions list
- Module 5 – Conducting audit
- Guidelines to auditing according to PN-ISO/IEC 19011:2012 standard
- Audit activities
- Exercise – Conducting audit
- Module 6 – Presenting audit outcomes
- Formulating and reporting incompatibilities
- Recommendations for improvement
- Audit report
- Exercise – Defining incompatibilities
- Module 7 – Post-audit actions
- Corrective measures in achieving management system effectiveness
- Defining corrective measures
- Assessing effectiveness of actions
- Knowledge test
The course is addressed to those involved in developing the information security management system and its functioning. It is addressed to individuals who wish to become internal auditors for Information Security Management System, in accordance with PN-ISO/IEC 27001:2014 standard.
Combination of lectures and workshops. The lectures provide introduction to ISO 27001 standard requirements interpretation as well as the auditing process itself. The workshops provide participants with practical skills of conducting internal audits for information security system management.
Training course authorized by
Czas trwania minut
- Do rozpoczęcia