Workshop: Auditor ISMS
After this training, the participant should be able to write or understand policies and procedures concerning:
- List typical tasks of an information security manager
- Understand auditor requirements like impartiality, competence, responsibility, openness, confidentiality and responsiveness to complaints
- Explain the standard approach to audit an ISMS (ISO 27006) by heart
- Debate compliance with security controls (ISO 27001 Annexe A)
- Recognise ways to collect evidence for compliance or non compliance on any security control
- Use technical documents and ISO standards (ISO 27007 and 27008) to plan and perform audits
- Assess criticality of non compliances and propose improvements
In this workshop, participants will get acquainted to the standard ISO 27001, the recognised standard to manage information security in an organisation. This workshop trains both internal and external auditors to review and check correct implementation of an ISMS. It starts by explaining basics on audit (ISO 19011, ISO 17021, audit techniques and audit principles) and includes practical trainings and exercises.
The course teaches requirements on certification process (ISO 27006) and means to audit internally (inspired by ISO 27007 Guidelines for ISMS auditing and ISO 27008 Guidelines for auditors on information security controls). During the last day, there is a written knowledge test allowing to check if the participant acquired the competences to perform ISMS audits.
Certificate of Audit Implementor, Attendance certificate