ISO 27001:2017 Internal Auditor (ISMS)
– CQI & IRCA Certified

ISO 27001 helps organisations keep information assets secure.  Using this standard will help your organisation to manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties such as customers. ISO 27001 is the best-known standard providing requirements for an information security management system (ISMS). Regulation (EU) 2016/679 General Data Protection Regulation or GDPR entered into force in May 2018 and places direct data processing obligations on organisations at an EU-wide level. ISO 27001 is an excellent framework for compliance with EU GDPR. Thousands of internal audits are performed each year providing little internal business benefit. This course focuses on auditing ISO 27001 for real improvement and performance rather than just conformance. This two-day course provides delegates with the skills necessary to be an effective internal auditor.

Delivery Mode

  • Public

    15 - 16 Sep 2020
  • Customised

    Contact Us


What's covered?

  • An introduction to the ISO 27001 standard Annex SL and Annex A high level structure
  • Exploring terms and definitions as outlined in the standard
  • Understanding the clauses and requirements including the organisational context, leadership, planning, support, and operation
  • Understanding the statement of applicability
  • Understanding risk awareness, assessment, and treatment
  • Understand training, awareness, and continuous improvement
  • The audit process
  • Competencies and responsibilities of internal auditors
  • Audit preparation - pre-audit activities
  • Audit checklists
  • Conducting the audit – gathering evidence
  • Interview techniques/questioning skills
  • Reporting the audit and follow-up
  • Corrective action
  • Public courses include a practical case study pertaining to the carrying out of an ISMS internal audit and in-house courses include a practical ISMS internal audit.

If you have access to a copy of ISO 27001, please bring a copy of the standard with you. If you don’t have access, a copy will be provided for you and will be collected at the end of the course.

Who should participate?

  • Any person with responsibility for conducting internal ISO 27001:2013 audits

What will I learn?

Participants achieve the following learning outcomes from the programme:

  • Understand the requirements of ISO 27001:2017
  • Describe the responsibilities of an internal auditor and describe the role of internal auditing in the maintenance and improvement of management systems
  • Plan, conduct and report and follow-up an internal audit as part of an ISO 27001 management system in accordance with ISO 19011

Who are the tutors?

Gerry Higgins

With extensive experience of implementing quality, environmental, health and safety, energy and information security management systems and advising companies on how to integrate them, Gerry adopts a very practical approach to designing, implementing and maintaining management systems and brings this expertise to any training course, which he delivers.

Gerry has carried out first-, second- and third-party audits in a number of jurisdictions and across a range of organisations involved in the manufacturing and service industries in both the public and private sector. He has also assisted many companies to demonstrate compliance with their statutory and regulatory requirements under the aegis of the Pegasus legal register service that Antaris offers on a multi-jurisdictional basis.

Gerry is CEO of Antaris, which he founded in 1994, has a degree in engineering and an MBA from the University of Limerick and is a chartered engineer and Fellow of Engineers Ireland. He is also a chartered environmentalist through IEMA.

Previously, he held positions in industry and academia and enjoys the interaction between management system implementation and training.

What are the entry requirements?

CQI IRCA recommend all delegates have the following prior knowledge:

  • Understand the Plan-Do-Check-Act (PDCA) cycle.
  • Have a basic knowledge of the concepts of information security management (see ISO 27001).
  • Understand the requirements of ISO 27001 and the commonly used information security management terms and definitions.

How will I be assessed?

A variety of exercises will be carried out throughout the course using role-plays, case studies and sample documentation. Delegates are assessed throughout the course by continual assessment and an end of course multiple-choice assessment. Continual assessment is based upon the student’s participation and performance during the exercises, role-plays and question & answer sessions. It is essential that delegates take an active part in all course activities during the course in order for the Tutor to make a full assessment of the student’s performance. Please note it is essential for students to be in attendance for the full course.

How do we train and support you?

In-House Courses
For In-House courses, the Tutor will contact you in advance to discuss the course programme in more detail in order to tailor it specifically for your organisation. Course exercises can be carried out using the company’s own Information Security Management System culminating in a supervised internal audit.

Course Manual
Delegates will receive a very comprehensive course manual.

Programme accreditation

This course is certified by CQI IRCA (Course ID Number: 2140).  The International Register of Certificated Auditors (CQI IRCA) is the world's original and largest international certification body for auditors of management systems.

Gerry Higgins

  • 15 - 16 Sep 2020
    Location: Dublin Book Date

Contact SQT today