ISMSALA

ISO 2P001:2013 Lead Auditor

This course is an ideal course for those wishing to pursue a qualification in information security management systems auditing, or to develop an advanced skill in auditing information security management systems.

ISMSALA Course Outline

You need this course if;

• You wish to expand your knowledge about effective audit practices or
• You may wish to build on your existing auditing experience especially in auditing information security management systems and its related processes and procedures
• You may want to audit your existing ISMS processes for effectiveness and improvement
• You are a consultant providing advice on ISO/IEC 27001:2013 and require formal training and recognition through IRCA
• You are a security or quality professional who wishes to add 150/IEC 27001:2013 to their skills set

You will learn;

• Through a highly interactive approved International Register Certificated Auditors (IRCA) course, containing many practical examples, with the ability to learn through practice built into the course.
• The course covers-
• The importance of information security for the organisation and its customers
• How to review the typical documentation an organisation would prepare to meet the requirements of ISO/IEC 27001:2013
• And how to produce a practical value added documentation audit report
• How to audit selected security controls
• How to plan, conduct and conclude a practical audit of security related organization
• How to control and work with an audit team with practical examples related to an ISMS audit
• To gain the skill to audit processes and their interaction with other processes
• To report findings accurately and factually in terms that are valued by management
• To evaluate corrective actions effectively to eliminate causes of problems

You need;

Knowledge of ISO/IEC 27001:2013 prior to attending this course; in particular, you must have prior knowledge of:

• Management systems
  • Understand the Plan-Do-Check-Act (PDCA) cycle
• Information security management
  • Knowledge of the following information security management principles and concepts:
    • Awareness of the need for information security;
    • The assignment of responsibility for information security;
    • Incorporating leadership and commitment and the interests of stakeholders;
    • Enhancing societal values;
    • Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
    • Incorporating security as an essential element of information networks and systems;
    • The active prevention and detection of information security incidents;
    • Ensuring a comprehensive approach to information security management;
    • Continual reassessment of information security and making modifications as appropriate.
• ISO 27001
  • Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.
  • to understand the Plan-Do-Check-Act cycle, possess knowledge of information security management principles and concepts, including: the need for information security (i.e. within your organisation/sector); the assignment of responsibility for information security (i.e. organisational structure and determination of responsibilities); leadership and commitment and the interests of stakeholders (i.e. within your organisation/sector); enhancing societal values (i.e. data security, privacy, personal security and governance); using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk; incorporating security as an essential element of information networks and systems; the active prevention and detection of information security incidents; ensuring a comprehensive approach to information security management; continual reassessment of information security and making modifications as appropriate.
  • Complete approximately 2 hours of pre course work prior to attending the course.

Your future development;

• To gain IRCA auditor status
• This course meets the training requirements for certification as an IRCA ISMS auditor
• LRQA business improvement courses

Virtual Course length;

• 7 Days

In-company;

This course can be delivered as an In-company event for those organisations implementing and auditing information security with more than five auditors wanting to develop knowledge of information security management systems, ISO/IEC 27001:2013 and develop their auditing skills.