ISO 27001:2017 Internal Auditor (ISMS)
– CQI & IRCA Certified

• An introduction to the ISO 27001 standard Annex SL and Annex A high level structure
• Exploring terms and definitions as outlined in the standard
• Understanding the clauses and requirements including the organisational context, leadership, planning, support, and operation
• Understanding the statement of applicability
• Understanding risk awareness, assessment, and treatment
• Understand training, awareness, and continuous improvement
• The audit process
• Competencies and responsibilities of internal auditors
• Audit preparation - pre-audit activities
• Audit checklists
• Conducting the audit – gathering evidence
• Interview techniques/questioning skills
• Reporting the audit and follow-up
• Corrective action
• Public courses include a practical case study pertaining to the carrying out of an ISMS internal audit and in-house courses include a practical ISMS internal audit.

If you have access to a copy of ISO 27001, please bring a copy of the standard with you. If you don’t have access, a copy will be provided for you and will be collected at the end of the course.

• Any person with responsibility for conducting internal ISO 27001:2013 audits

Participants achieve the following learning outcomes from the programme:

• Understand the requirements of ISO 27001:2017
• Describe the responsibilities of an internal auditor and describe the role of internal auditing in the maintenance and improvement of management systems
• Plan, conduct and report and follow-up an internal audit as part of an ISO 27001 management system in accordance with ISO 19011

CQI IRCA recommend all delegates have the following prior knowledge:

• Understand the Plan-Do-Check-Act (PDCA) cycle.
• Have a basic knowledge of the concepts of information security management (see ISO 27001).
• Understand the requirements of ISO 27001 and the commonly used information security management terms and definitions.

A variety of exercises will be carried out throughout the course using role-plays, case studies and sample documentation. Delegates are assessed throughout the course by continual assessment and an end of course multiple-choice assessment. Continual assessment is based upon the student’s participation and performance during the exercises, role-plays and question & answer sessions. It is essential that delegates take an active part in all course activities during the course in order for the Tutor to make a full assessment of the student’s performance. Please note it is essential for students to be in attendance for the full course.

In-House Courses
For In-House courses, the Tutor will contact you in advance to discuss the course programme in more detail in order to tailor it specifically for your organisation. Course exercises can be carried out using the company’s own Information Security Management System culminating in a supervised internal audit.

Course Manual
Delegates will receive a very comprehensive course manual.

This course is certified by CQI IRCA (Course ID Number: 2140).  The International Register of Certificated Auditors (CQI IRCA) is the world's original and largest international certification body for auditors of management systems.