ISO 27001:2022 Information Systems Management System Lead Auditor (IRCA Certified) - Virtual Classroom - 5 days
OBJECTIVES
- Audit as per the requirements of ISO/IEC 27001:2022 standard
- Understand key elements of ISO 19011 and ISO/IEC 17021 standards
- Understand key information security issues
- Plan an audit against a set of audit criteria
- Successfully execute an Information Security
- Management system audit
- Create clear, concise and relevant audit reports
- Communicate the audit findings to a client
- Information Security Management System overview
- Auditing Information Security Management System against requirements of ISO/IEC 27001:2022
- Audit techniques
- Accreditation issues
- Auditor competence
- Practical Exercises and Feedback
WHO THE COURSE IS FOR?
- IT Security Managers, Internal Auditors, Management Representatives & Members of IT teams
- Employees already working in ISMS certified organizations or organizations planning to achieve certification
- Individuals working as a consultant or subject matter experts on ISO 27001 or other management systems
- Any individual aspiring to pursue his/her career in the field of IT Security & Management System Auditing
COURSE CONTENTS
- An appreciation of the importance of controlling Information Security in all types of business activities;
- The ability to plan, conduct and report on a process based activity;
- An appreciation of Risk Analysis process;
- Detailed review and interpretation of the main requirements of ISO/IEC 27001:2022;
- Learn how to use Annexure A of ISO/IEC 27001:2022;
- Evaluating corrective actions for root cause and effectiveness;
- Auditor competence (as per ISO 19011, IRCA norms & industry best practices.
PRE-REQUISITES:
Delegates are expected to have prior knowledge of the following:
- Understand the Plan-Do-Check-Act (PDCA) cycle
- Knowledge of the following information security management principles and concepts:
- awareness of the need for information security;
- the assignment of responsibility for information security;
- incorporating management commitment and the interests of stakeholders;
- enhancing societal values;
- using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
- incorporating security as an essential element of information networks and systems;
- the active prevention and detection of information security incidents;
- ensuring a comprehensive approach to information security management;
- continual reassessment of information security and making modifications as appropriate.
- Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.
PLEASE NOTE:
The CQI-IRCA Exam will be administered online on Friday, at the conclusion of the training class.
COURSE DATES
START DATE | END DATE | METHOD | BOOK NOW |
---|---|---|---|
December 09, 2024 08:00 | December 13, 2024 17:00 | Web | BOOK NOW |