This is an intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with the certification process of the ISO/IEC 27001:2022 standard.

ISO 27002:2022 standard is significantly changed with 4 Controls Clauses and called as Themes. 1) Organization, 2) People, 3) Physical & 4) Technology.

Course Outline:

Module1

• ISO 27001:2022 (IS, Cyber Security & Data Privacy) Introduction

• Relevant standards, ISO/IEC 27000, 27001, 27002 & 19011

• The importance of information security

• Benefits of ISO 27001 Standard 

• Introduction to information security and ISO 27001:2022

• Integrated Management System

• ISO 27000 Family of Standards

• ISO 27001 Standard (thorough understanding)

• Standard and regulatory framework

• ISO 27001 Certification process for Organization & Individual

• Fundamental principles of information security

o Asset & Information Security 

o Document, Specification & Record

o Information Security 

o Cyber Security & Data Privacy

o Confidentiality, Integrity & Availability

o Vulnerability & Threat

o Information Security Risks

o Security Objectives & Controls 

o Classification of Security Controls

• ISMS Implementation Approach

Module 2:

• Audit principles, preparation and launching of an audit

• Fundamental audit concepts and principles

• Audit Standard, What is Audit, Types of Audits

• Actors, Audit Objectives & Criteria, Combined Audit 

• Principals of Auditing, Responsibility of Auditors 

• Types of Audit Evidences, Quality of Audit Evidences 

• Audit Approach Based on Risk, Materiality and Audit Planning

• Risk Based Auditing & Evidence Based Auditing

• Initiating the audit

• Stage 1 audit

Module 3:

On-site audit activities

• Preparing the stage 2 audit (on-site audit)

• Phase 2 audit (Part 1)

• Phase 2 audit (Part 2)

• Communication during the audit

• Audit procedures

• Creating audit test plans

Module 4:

Closing the audit

• Drafting audit findings and non-conformity reports

• Documentation of the audit and quality review

• Evaluating action plans by the auditor

• Beyond the initial audit

• Managing an internal audit programme

• Competence and evaluation of auditors

• Syndicate & role play exercises

• Final ISO 27001 Lead Auditor Examination