Cognicert Limited www.cognicert.com
Lead Auditor Course
- Setting up an ISMS can be as simple or as sophisticated as your organization needs it to be. However, even knowing where to start when considering setting up an ISMS can be challenging.
- In this 3 days course, our expert tutors will explain the requirements of the current standard to help you understand how it could apply to your organization and the potential benefits of adopting it. You will therefore be better prepared to carry out an implementation of an ISMS that conforms to the current standard, as the background, updated concepts, principles, terms and definitions used in ISO/IEC 27001:2013 are fully explained and discussed. The requirements course will also help you understand how the standard works in preparation for attending the internal and lead auditing training courses.
Participants will learn to:
- Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of ISMS, in accordance with ISO 27001 and ISO 27001
- Describe with reference to the Plan-Do-Check-Act (PDCA) cycle the requirements of ISO 27001
- Explain the purpose and structure of ISO 27001
- Plan and prepare for an internal audit, gather audit evidence through observation, interview and sampling of documents and records,
- Write factual audit reports that help to improve the effectiveness of the ISMS
- Suggest ways in which the effectiveness of corrective action might be verified
WHO NEEDS THIS COURSE?
Those who have an interest in or are responsible for information security management, data management and protection, corporate governance, risk and compliance, management systems, security, IT services, human resources, financial and accounting records and any business area that interacts with high risk private data.
Lesson 1: Background and Development of ISO/IEC 27001:2013
Major Changes in ISO/IEC 27001:2013
Benefits of ISO/IEC 27001:2013
Interpretations of Key Terms
Elements of a Security System
The ISO/IEC 27001:2013 Standard
Continual Improvement Cycle
Lesson 2: Introduction to the Requirements of the ISO/IEC 27001:2013 Standard
Information Security System Requirements
The Documentation Requirements of ISO/IEC 27001:2013
Organization of Information Security
Human resources Security
Physical and Environmental Security Communications and Operations Management
Lesson 3: Introduction to Information Systems Control
Process Approach to Information security
Identifying Information and their Owners
Types of Information
Information Access Control
Process Management and PDCA
Employee Awareness, Training & Competence
Lesson 4: Basic Guidelines
Information system acquisition, development and maintenance
Information security incident Management
Information security aspect of business continuity management
Lesson 5: How to Deal with External Auditors – A Basic Guide for Internal Auditors
What is an External Quality Audit?
What should an Employee expect during an Audit?
How should Employees interact with Auditors?
Lesson 6: ISO 19011:2018 and ISO 17021:2018
Fundamentals of Internal Auditing
Decide how to Audit
Principles of Auditing
Managing an Audit Programme
Preparation & Planning Of Audits
Preparation Of checklist
Lesson 7: ISO 19011:2018 and ISO 17021:2018
Identification of Non-Conformities [N/C’s].
Documenting the Audit (Audit Report)
Conducting Audit Follow-Up
Practical Auditing Exercise
Competence and Evaluation of Auditors.
Lesson 8: Creating a Corrective Action Plan
Developing a Plan
Using the Form
What is Root Cause Analysis?
When (and when not) to use Root Cause Analysis
The Root Cause Analysis Process
How to construct a Root Cause Analysis Checklist
Examples of how a well-run Root Cause Analysis Process works
Corrective and Preventive Actions