Lead Auditor (ISO/IEC 27001)

À qui s'adresse la formation?

Tout public

Durée

4,00 jour(s)

Langues(s) de prestation

EN FR

Prochaine session

Contacter l'organisme

Le contenu de cette page n'est pas disponible en français

Prérequis

ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended

Objectifs

This four-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according to ISO 17021. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

Contenu

Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001

Normative, regulatory and legal framework related to information security
Fundamental principles of information security
ISO 27001 certification process
Information Security Management System (ISMS)
Detailed presentation of the clauses 4 to 10 of ISO27001:2013

Day 2: Planning and Initiating an ISO 27001 audit

Fundamental audit concepts and principles
Audit approach based on evidence and on risk
Preparation of an ISO 27001 certification audit
ISMS documentation audit
Conducting an opening meeting

Day 3: Conducting an ISO 27001 audit

Communication during the audit
Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
Audit test plans
Formulation of audit findings
Documenting nonconformities