ISO 27001:2013 – Lead Auditor Training CourseISO 27001:2013 / Information Security Management Systems / Lead Auditor Training Course

This course is designed to equip delegates with the skills and techniques of auditing and how to communicate the findings of the audit effectively to the management of the audited organisation.
Duration - 5 Days
who should attend?
- Individuals who want to become ISMS Registered Lead Auditors
- Individuals leading their companies to ISO 27001:2013 registration
- It is also essential for anyone involved managing information and with a responsibility to design, implement and manage an ISMS management system that meets the requirements of ISO 27001:2013
- Other people who have found this course useful in the past have been internal ISMS auditors who have been looking to enhance their auditing knowledge and skills, and those looking to achieve formal recognition for the skills and knowledge that they possess.
prerequisites
Management systems
Understand the Plan-Do-Check-Act (PDCA) cycle.
Information security management (Knowledge of the following information security management principles and concepts):
- Awareness of the need for information security;
- The assignment of responsibility for information security;
- Incorporating management commitment and the interests of stakeholders;
- Enhancing societal values;
- Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
- Incorporating security as an essential element of information networks and systems;
- The active prevention and detection of information security incidents;
- Ensuring a comprehensive approach to information security management;
- Continual reassessment of information security and making of modifications as appropriate.
objective
On completion of this ISO 27001 Lead Auditor training course, delegates will be able to:
- Audit as per the requirements of ISO/IEC 27001:2013 standard
- Understand key elements of ISO 19011 and ISO/IEC 17021 standards
- Understand key information security issues
- Plan an audit against a set of audit criteria
- Successfully execute an Information Security
- Management system audit
- Create clear, concise and relevant audit reports
- Communicate the audit findings to a client
- Information Security Management System overview
- Auditing Information Security Management System against requirements of ISO/IEC 27001:2013
- Audit techniques
- Accreditation issues
- Auditor competence
content
- Background and overview of the ISO 27001 and other Information Security Standards
- An introduction to auditing and implementing an audit system and the auditor’s role in the process
- Management’s role in reviewing risk and the effectiveness of the overall ISMS
- Planning and managing a process based audit:
- resources and timing
- use of checklists
- selection of audit teams
- Conducting the audit – skills, techniques and auditor competence:
- evaluating the significance of audit findings
- communicating and presenting audit reports
- Nonconformities and improved security as a result of corrective actions
- Management of the third party assessment and certification process