Objectives of the course
Auditing is crucial to the success of any management system. As a result, it carries with it heavy responsibilities, tough challenges and complex problems. This five day intensive course prepares the participants for the qualification process for ISO 27001. It also allows them to give practical help and information to those who are working towards compliance and certification.
Why should you attend this course?
- Review the Audit Requirements of ISO/IEC 27001:2013
- Learn Auditing Principles applicable ISO 27001 Auditing
- Learn How to Assess Security Threats and Vulnerabilities
- Understand Review Requirements of Security Controls and Countermeasures
- Understand the Roles and Responsibilities of the Auditor
- Learn How to Plan, Execute, Report, and Follow-up on an Information Security Management System Audit
Who should attend this course?
- Quality professionals with experience in implementation and auditing of information Security Management Systems (ISMS)
- Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2013.
- Existing security auditors who wish to expand their auditing skills.
- Consultants who wish to provide advice on ISO 27001:2013 systems certification.
- Security and Quality Professionals
- Module 1: Introduction
- Module 2: Auditor Certification
- Module 3: World-Wide Recognition of Auditor Qualifications
- Module 4: Reference Standards and Documents
- Module 5: Learning Objectives
- Module 6: Continues Assessment
- Module 7: Examination
- Module 8: IRCA Code of Conduct
- Module 9: Definition and importance of Information in ISMS
- Module 10: CIA and DAD Triads
- Module 11: Additional Goals
- Module 12: ISMS Purpose and Objectives
- Module 12.1: ISMS purpose and business benefits
- Module 12.2: Benefits of Certification
- Module 13: Hands-on Exercises and discussion
- Module 14: Legal and Regulatory compliance
- Module 14.1: Legal and Regulatory Framework
- Module 14.2: Conformance Vs Compliance
- Module 14.1: Quick Content Comparison ISO 27001:2013vs ISO 27001:2013
- Module 14.1: Contents of ISO 27001:2013
- Module 14.2: Process approach and processes involved in establishing
- Module 14.3: Implementing & operation
- Module 14.4: Monitoring & reviewing
- Module 14.5: Maintaining and improving the ISMS
- Module 15: ISMS scope, boundaries of ISMS and permissible exclusions.
- Module 16: ISMS Scope and exclusions
- Module 17: Hands-on exercises and discussion
- Module 18: ISMS Clauses
- Module 18.1: ISO 27001 clauses
- Module 18.2: Information Security Policy
- Module 18.3: Internal Audits, Management Reviews, Improvement.
- Module 18.4: Hands-on exercises and discussion
- Module 19: Policy and Objectives
- Module 20: Asset Register
- Module 21: Risk Assessment and Risk Treatment.
- Module 22: Risk Assessment examination and Evaluation.
- Module 23: Hands-on exercises and discussion
- Module 24: Annex A Controls and ISO 27002
- Module 24.1: Annex A Controls
- Module 24.2: SoA
- Module 24.3: Incident Management and Business Continuity.
- Module 25: Introduction to SoA Examination and Evaluation.
- Module 26: Hands-on exercises and discussion
- Module 27: Reasons for auditing
- Module 28: Audit principles
- Module 29: Process of audit program management
- Module 30: Audit competence and evaluation methods
- Module 31: Audit Responsibilities
- Module 31.1: Audit time
- Module 31.2: Audit Process Flow
- Module 31.3: Audit Plans and Programs
- Module 31.4: Initial Document Review
- Module 32: Hands-on exercises and discussion
- Module 32.1: Audit Activities,
- Module 32.2: Preparation
- Module 32.3: Audit plan
- Module 32.4: ISMS Audit Check lists
- Module 32.5: Audit Check Lists
- Module 34: Process auditing, Auditor qualities and selection.
- Module 35: Audit Script
- Module 36: Audit stages
- Module 37: Audit techniques
- Module 38: Collecting evidence through questions
- Module 39: Observation, checking, note taking, and collecting evidence
- Module 40: Hands-on exercises and discussion
- Module 41: Audit techniques and collecting evidence through questions, observation, checking, note taking and collecting evidence.
- Module 42: Introduction to audit role playing
- Module 43: Reporting the Audit Findings
- Module 43.1: Audit team meeting
- Module 43:2: Nonconformities and observation
- Module 43.3: Corrective and preventive actions
- Module 44: Hands-on exercises and discussion
- Module 45: NCR Judgement and Reporting
- Module 46: Reporting the Audit Findings
- Module 46.1: Corrective actions and follow up
- Module 47: Review of the course
- Module 47.1: Learning Objectives
- Module 47.2: Key learning points of the course
- Module 47.3: Delegate feedback
- Module 47.4: Review of specimen examination
- Module 47.5: Final questions and answers
- Module 48: Hands-on exercises and discussion
- Open book
- Delegates are allowed copy of the Delegates Notes, their own note, ISO 27001:2013 and a dictionary.
The training was well conducted. The participants benefited quite well.
Lt. Col. (Ret). A J Vijayakumar, CISSP. Chief Information Security Officer. Tata Communications Limited
Training session was good, Appreciate Jaideep’ s Insight into subject and the way he is conducted the training.
Kalaiselvan S, Tata Communications Limited