Cognicert Limited www.cognicert.com

Lead Auditor Course

COURSE OBJECTIVES

  • Setting up an ISMS can be as simple or as sophisticated as your organization needs it to be. However, even knowing where to start when considering setting up an ISMS can be challenging.
  • In this 3 days course, our expert tutors will explain the requirements of the current standard to help you understand how it could apply to your organization and the potential benefits of adopting it. You will therefore be better prepared to carry out an implementation of an ISMS that conforms to the current standard, as the background, updated concepts, principles, terms and definitions used in ISO/IEC 27001:2013 are fully explained and discussed. The requirements course will also help you understand how the standard works in preparation for attending the internal and lead auditing training courses.

Participants will learn to:

  • Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of ISMS, in accordance with ISO 27001 and ISO 27001
  • Describe with reference to the Plan-Do-Check-Act (PDCA) cycle the requirements of ISO 27001
  • Explain the purpose and structure of ISO 27001
  • Plan and prepare for an internal audit, gather audit evidence through observation, interview and sampling of documents and records,
  • Write factual audit reports that help to improve the effectiveness of the ISMS
  • Suggest ways in which the effectiveness of corrective action might be verified

 

WHO NEEDS THIS COURSE?
Those who have an interest in or are responsible for information security management, data management and protection, corporate governance, risk and compliance, management systems, security, IT services, human resources, financial and accounting records and any business area that interacts with high risk private data.

 

COURSE CONTENT

 Lesson 1: Background and Development of ISO/IEC 27001:2013

Major Changes in ISO/IEC 27001:2013

Benefits of ISO/IEC 27001:2013

Interpretations of Key Terms

Elements of a Security  System

The ISO/IEC 27001:2013 Standard

Continual Improvement Cycle

Lesson 2: Introduction to the Requirements of the ISO/IEC 27001:2013 Standard

Information Security System Requirements

The Documentation Requirements of ISO/IEC 27001:2013

Organization of Information Security

Asset Management

Human resources Security

Physical and Environmental Security Communications and Operations Management

Lesson 3: Introduction to Information Systems Control

Process Approach to Information security

Identifying Information and their Owners

Types of Information

Information Access Control

Process Management and PDCA

Employee Awareness, Training & Competence

Lesson 4: Basic Guidelines

Information system acquisition, development and maintenance

Information security incident Management

Information security aspect of business continuity management

Compliance

 

Lesson 5: How to Deal with External Auditors – A Basic Guide for Internal Auditors

What is an External Quality Audit?

What should an Employee expect during an Audit?

How should Employees interact with Auditors?

Lesson 6: ISO 19011:2018 and ISO 17021:2018

Fundamentals of Internal Auditing

Decide how to Audit

Principles of Auditing

Managing an Audit Programme

Preparation & Planning Of Audits
Preparation Of checklist

 

Lesson 7: ISO 19011:2018 and ISO 17021:2018

Audit Activities

Identification of Non-Conformities [N/C’s].

Documenting the Audit (Audit Report)

Conducting Audit Follow-Up

Practical Auditing Exercise

Competence and Evaluation of Auditors.

Lesson 8: Creating a Corrective Action Plan

Who participates?

Developing a Plan

Using the Form

What is Root Cause Analysis?

When (and when not) to use Root Cause Analysis

The Root Cause Analysis Process

How to construct a Root Cause Analysis Checklist

Examples of how a well-run Root Cause Analysis Process works

Corrective and Preventive Actions