Currently Empty: $0.00
Information Security, Cybersecurity and Privacy: ISO 27001:2022 Lead Auditor
Overview
Any management system’s success depends on effective auditing. Therefore, it encompasses a great deal of responsibility, difficulty, and complexity. The participants in this 32-hour intensive course are prepared for the ISO 27001:2022 qualification process.
Course Highlights:
- 32 hours of Instructor-led Training
- Practical approach for ISO 27001 Audit
- Training by TUV SUD registered education partner
- Examination guidance
- Certification by TUV SUD
Course Description
An ISO audit involves a great deal of responsibility and challenges. Our ISO 27001:2022 Lead Auditor training and certification course is a four-day intensive course to inculcate in participants the knowledge to perform an Information Security Management System (ISMS) audit by employing recommended audit fundamentals, principals, procedures, and methodologies.
Our course curriculum is aligned with the latest changes in ISO 27001 (from ISO 27001:2013 to ISO 27001:2022) that will teach participants all they need to know about audit principles, preparation, and initiation. This will equip participants with the necessary skills to manage an internal audit program effectively, document audit findings, close the audit, evaluate action plans, and understand the impact of trends and technology in auditing, risk-based auditing, evidence-based auditing, and the beginning of the audit process. The participants will acquire the expertise needed to conduct an audit successfully based on practical exercises.
Target Audience:
- Internal Auditors
- Auditors wanting to perform and lead ISMS certification audits
- Project Managers or Consultants wanting to master the ISMS audit process
- CXO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
- Members of an information security team
- Expert advisors in information technology
- Expert advisors in information security
- Technical experts wanting to prepare for an information security audit function
Pre-Requisites:
Certified ISO/IEC 27001 Foundation Certification or basic knowledge of ISO/IEC 27001 is recommended.
Exam Information
Please connect with our course advisors for complete details on how you can take up the TUV SUD Exam.
ISO 27001: 2022 LA Course Objectives
- Fundamental concepts and principles of information security
- ISO/IEC 27001 certification process
- Information Security Management System (ISMS)
- The ISO/IEC 27000 family of standards
- Advantages of ISO/IEC 27001
- Fundamental of information and assets
- Fundamental principles of information security confidentiality, integrity, and availability
- Preparation of an ISO/IEC 27001 certification audit
- ISMS documentation audit
- Big data, artificial intelligence, machine learning, and cloud computing
- Auditing outsourced operations
- Communication during the audit
- Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration, and evaluation
- Audit test plans
- Formulation of audit findings
- Audit approach based on risk
- Drafting a nonconformity report
- Audit documentation
- Quality review
- Conducting a closing meeting and conclusion of an ISO/IEC 27001 audit
- Evaluation of corrective action plans
- Establishing contact with the auditee
- Internal audit management program
ISO 27001:2022 Lead Auditor Course Content
Introduction to the Information Security Management System (ISMS) and ISO/IEC 27001
Section 1: Training course objectives and structure
- General information
- Learning objectives
- Educational approach
- Examination and certification
Section 2: Standards and regulatory frameworks
- What is ISO?
- The ISO/IEC 27000 family of standards
- Advantages of ISO/IEC 27001
Section 3: Certification process
- Certification process
- Certification scheme
- Accreditation bodies
- Certification bodies
Section 4: Fundamental concepts and principles of information security
- Information and asset
- Information security
- Confidentiality, integrity, and availability
- Vulnerability, threat, and impact
- Information security risk
- Security controls and control objectives
- Classification of security controls
Section 5: Information security management system (ISMS)
- Definition of a management system
- Definition of ISMS
- Process approach
- ISMS implementation
- Overview – Clauses 4 to 10
- Overview – Annex A
- Statement of Applicability
Audit principles, preparation, and initiation of an audit
Section 6: Fundamental audit concepts and principles
- Audit standards
- What is an audit?
- Types of audits
- Involved parties
- Audit objectives and criteria
- Combined audit
- Principles of auditing
- Competence and evaluation of auditors
Section 7: The impact of trends and technology in auditing
- Big data
- The three V’s of big data
- The use of big data in audits
- Artificial intelligence
- Machine learning
- Cloud computing
- Auditing outsourced operations
Section 8: Evidence-based auditing
- Audit evidence
- Types of audit evidence
- Quality and reliability of audit evidence
Section 9: Risk-based auditing
- Audit approach based on risk
- Materiality and audit planning
- Reasonable assurance
Section 10: Initiation of the audit process
- The audit offer
- The audit team leader
- The audit team
- Audit feasibility
- Audit acceptance
- Establishing contact with the auditee
- The audit schedule
Section 11: Stage 1 audit
- Objectives of the stage 1 audit
- Pre on-site activities
- Preparing for on-site activities
- Conducting on-site activities
- Documenting the outputs of stage 1 audit
On-site audit activities
Section 12: Preparing for stage 2 audit
- Setting the audit objectives
- Planning the audit
- Assigning work to the audit team
- Preparing audit test plans
- Preparing documented information for the audit
Section 13: Stage 2 audit
- Conducting the opening meeting
- Collecting information
- Conducting audit tests
- Determining audit findings and nonconformity reports
- Performing a quality review
Section 14: Communication during the audit
- Behaviour during on-site visits
- Communication during the audit
- Audit team meetings
- Guides and observers
- Conflict management
- Cultural aspects
- Communication with the top management
Section 15: Audit procedures
- Overview of the audit process
- Evidence collection and analysis procedures
- Interview
- Documented information review
- Observation
- Analysis
- Sampling
- Technical verification
Section 16: Creating audit test plans
- Audit test plans
- Examples of audit test plans
- Guidance for auditing an ISMS
- Corroboration
- Evaluation
- Auditing virtual activities and locations
Closing of the audit
Section 17: Drafting audit findings and nonconformity reports
- Audit findings
- Types of possible audit findings
- Documenting the audit findings
- Drafting a nonconformity report
- The principle of the benefit of the doubt
Section 18: Audit documentation and quality review
- Work documents
- Quality review
Section 19: Closing of the audit
- Determining audit conclusions
- Discussing audit conclusions
- Closing meeting
- Preparing audit report
- Distributing the audit report
- Making the certification decision
- Closing the audit
Section 20: Evaluation of action plans by the auditor
- Submission of action plans by the auditee
- Content of action plans
- Evaluation of action plans
Section 21: Beyond the initial audit
- Audit follow-up activities
- Surveillance activities
- Recertification audit
- Use of trademarks
Section 22: Managing an internal audit program
- Managing an audit program
- Role of the internal audit function
- Main internal audit services and activities
- Audit program resources
- Audit program records
- Follow up on nonconformities
- Monitoring, evaluating, reviewing, and improving an audit program
ISO 27001 Exam Prep
- Revision of course
- Discussion on exam questions and answers
