This course is intended to qualify ISO 27001:2013 auditors to conduct effective audits of an organization’s information security management system.
Understand the requirements of ISO 27001:2013 to be able to conduct a successful audit. The course includes hands-on workshops to prepare you for real-life auditing situations. You’ll learn to manage the audit process and complete reporting.
- CEU Hours: 3.4
- Length: 34 Hours
- ASQ RU: 3.4
- Audience: Practitioner, Professional
- Provider: ASQ - ILT
- Interpret and apply the ISO 27001:2013 requirements
- Recognize relationship between ISO 27000, ISO 27001, and ISO 27002
- Define information security management (ISMS) terminology
- Demonstrate how ISMS planning, policy, objectives, and processes are implemented
- Explain the difference between legal compliance and conformity
- Define the relationship between an organization’s operational informational security requirements and the ISO 27001:2013 standard
- Assess effectiveness of an organization’s information security risk assessment methodologies
- Evaluate risk assessment and risk treatment results to ensure they are appropriately identified within the organization’s statement of applicability
- Apply auditing principles, procedures, and methods identified in ISO 19011:2018
- Establish audit objectives for the audit program
- Determine the feasibility of an audit
- Prepare work documents for an audit
- Apply all aspects of the on-site audit activities
- Define audit roles and responsibilities
- Document audit results, findings, and conclusions
- Identify and apply sampling techniques
- Develop an audit plan
- Demonstrate effective communication and interview skills
- Identify roles and responsibilities of audit team leaders
- Incorporate audit objectives, scope, and criteria into audit planning
- Select audit team members and assign tasks
- Identify, evaluate, and address risks in an audit plan
- Develop and manage the opening and closing meetings
- Resolve conflict during an audit
- Prepare an audit report to address all findings during an audit
- Perform audit follow-up activities
- Apply remote auditing methods
Prerequisites:All attendees are required to bring their own copy of the ISO/IEC 27001:2013: Information technology – Information security management systems – Requirements to this training and ISO/IEC 27002:2013: Information technology – Security techniques – Code of practice for information security controls. Copies will not be provided for you.
Who Should Attend:Those responsible for planning and scheduling an internal audit program for ISO 27001:2013 and those who must perform audits to ISO 27001:2013, management representatives, security consultants, IT professionals, information security officers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
- Introduction to information security (IS)
- Benefits of an ISMS
- ISO 27000 family of documents
- ISO 27001 standard
- ISO 27001 annex list of controls
- Controls in ISO 27002
- Evaluate effectiveness of information security management system (ISMS)
- Information security risk assessment methodologies
- Analyze controls in Statement of Applicability as they relate to treatment of risk
- Organization’s monitoring, measurement, analysis, and evaluation activities
- Legal compliance and conformity
- Apply standard and annex to scenarios
- Management system audits
- Types of audits
- Audit approaches
- Audit objectives, scope, and criteria
- Audit risks and opportunities
- Roles and responsibilities
- Audit techniques
- Audit cycle
- Audit team leaders
- Audit plan
- Combined audits
- Conduct audits
- Opening meetings
- Team briefings
- Closing meeting
- Audit report
- Audit follow-up
- If you need to cancel, we will refund your paid registration fee as noted below.
- Requests for cancellations/transfers received at least 5 business days before the start of the course receive a full refund/transfer.
- Requests received within 5 business days of the course starting incur a $150 processing fee.
- After the course starts, there are no refunds or transfers.
- Registrants who fail to attend without advance notice are liable for the entire course fee.
- If you cannot find a substitute, we can transfer your course fees to another ASQ course of your choice.
- You must successfully complete the entire course or program before IACET CEUs and a Certificate of Completion can be awarded.
An instructor-led traditional classroom experience. Classroom-based instruction involves the highest level of instructor/student interaction. We offer classroom style training in two formats. See public and on-site.
ON-SITE TRAINING FOR YOUR ORGANIZATION.
ASQ’s customized on-site training programs are the cost-effective way for you to train employees on your schedule. Training on-site minimizes the cost-per-student, reduces travel expenses, and ensures that the content is specific to your exact needs.
5 Benefits of On-Site Training
- Expertise to your location: Saves time and travel expenses
- Convenient scheduling: Train groups of five or more
- Customizable courses: Training tailored to your groups’ needs
- Immediate results: Employees complete courses ready to apply what they’ve learned
- Value-add support: Instructors available to answer questions after session