Internal auditing plays a key role in maintaining the integrity and effectiveness of an organization’s Information Security Management System (ISMS). The internal audit process ensures that security controls are functioning as intended, aligns the system with ISO 27001 requirements, and identifies areas for improvement to safeguard sensitive information. This 3-day course equips participants with the necessary skills and knowledge to conduct effective internal audits and contribute to the continual improvement of information security practices within their organization.

Duration

3 days

To maximize knowledge retention and practical application, as well as help organizations to achieve an optimal balance between training and working demands, we have designed our Public Training calendar distributing the days of a course through more than one week.

Course Objectives

This course will provide participants with the principles, skills, and best practices necessary to become effective internal auditors of an Information Security Management System based on ISO 27001. Students will learn how to assess the effectiveness of an ISMS, conduct audits in line with ISO 27001, and provide actionable feedback to improve the organization’s security posture. Topics will include audit preparation, data collection techniques, auditing skills, and reporting.

Who is it for?

• Information security professionals responsible for implementing, monitoring, or improving an ISMS.
• Internal auditors seeking to expand their skills in ISO 27001 audits.
• Compliance officers and risk managers looking to understand internal audit processes within an ISMS.
• Consultants, external auditors, or anyone interested in gaining ISO 27001 auditing experience.
• Professionals aiming to become Lead Auditors or pursue further qualifications in information security management.

Materials

Students will receive access to comprehensive electronic materials online, which will serve as a reference during and after the course. While course instructors will make every effort to provide relevant ISO standards for use during the training, it is advised that students bring their own copy of the ISO 27001 standard.

Course Highlights

• Understanding the structure and requirements of ISO 27001
• Key principles of internal auditing for information security
• Techniques for auditing information security controls and processes
• Conducting effective audits: planning, execution, and reporting
• Identifying and managing non-conformities
• The 7 principles of auditing and their application in an ISMS audit
• Review of ISO 19011 guidelines for auditing management systems
• Best practices for improving audit outcomes and fostering continuous improvement in information security

Prerequisites

While the course covers the fundamentals of ISO 27001, familiarity with the standard will enhance learning and application during the course.