On completion, successful learners will have the knowledge and skills to:

Knowledge

– Explain the purpose and business benefits of an information security management system, of information security management systems standards, of management system audit and of third-party certification.

–  Explain the role of an auditor to plan, conduct, report and follow up an information security management system audit in accordance with ISO 19011 (and ISO 17021 where appropriate).

Skills

 – Plan, conduct, report and follow up an audit of an information security management system to establish conformity (or otherwise) with ISO/IEC 27001 (with ISO/IEC 27002) in accordance with ISO 19011 (and ISO 17021 where appropriate).

Before starting this course, delegates are expected to have the following prior knowledge:

Management systems

Understand the Plan-Do-Check-Act (PDCA) cycle

Information security management

Knowledge of the following information security management principles and concepts:

• awareness of the need for information security;
• the assignment of responsibility for information security;
• incorporating management commitment and the interests of stakeholders;
• enhancing societal values;
• using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
• incorporating security as an essential element of information networks and systems;
• the active prevention and detection of information security incidents;
• ensuring a comprehensive approach to information security management;
• continual reassessment of information security and making of modifications as appropriate

• Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO/IEC 27001: 2022
• Existing security auditors who wish to expand their auditing skills
• Consultants who wish to provide advice on ISO/IEC 27001: 2022 systems certification
• IT and Quality Professionals

This will be a classroom- based course. Training methods used in this course will be a mix of various methods keeping in mind the learning styles of students. This will include:

• Presentations
• Tutorial sessions
• Case Study
• Group work
• Reflection
• Buzz Time – Group Discussions
• Think – Pair- Share
• Brainstorming sessions
• Role Play/ Simulation

• Information Security Management System – Introduction
• ISMS Purpose and Benefits
• Audit Concepts
• Conduct of Audit
• Audit Report 
• Audt follow-up

The duration of this course will be 40 hours spread over 5 days.