ISO 27001:2022 Internal Auditor (ISMS)

Download brochure

ISO 27001 helps organisations keep information assets secure. Using this standard will help your organisation to manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by... Read More

ISO 27001 is the best-known standard providing requirements for an information security management system (ISMS).

As the world is facing new evolving security challenges, ISO/IEC 27001:2022, which aims to protect the confidentiality, availability, and integrity of organisations’ information assets was updated in October 2022. The part that has undergone the most significant changes is Annex A, Information security controls reference, which is aligned with ISO/IEC 27002:2022 Information security controls, which itself was published in February 2022.

Annex A of ISO/IEC 27001:2022 contains changes in both the number of controls, and their listing in groups. The title of this Annex has also changed from Reference control objectives and controls to Information security controls reference. Therefore, the reference objectives of each control group that were present in the previous version of the standard, have now been removed.

The number of Annex A controls decreased from 114 to 93. The decrease in the number of controls has mostly come from merging many of them. 35 controls have remained the same, 23 controls were renamed, 57 controls were merged into 24 controls, and one control has been divided into two. The 93 controls have been restructured to four control groups or sections.

Collapse

Expand All

An introduction to ISO 27001 and Annex A
Understanding Annex A Information security controls
Exploring terms and definitions as outlined in the standard
Understanding the clauses and requirements including the organisational context, leadership, planning, support, and operation
Understanding the statement of applicability
Understanding risk awareness, assessment, and treatment
Understand training, awareness, and continuous improvement
The audit process
Competencies and responsibilities of internal auditors
Audit preparation - pre-audit activities
Audit checklists
Conducting the audit – gathering evidence
Interview techniques/questioning skills
Reporting the audit and follow-up
Corrective action
Courses include a practical ISMS internal audit.

If you have access to a copy of ISO 27001, please bring a copy of the standard with you. If you don’t have access, a copy will be provided for you and will be collected at the end of the course.

Any person with responsibility for conducting internal ISO 27001 audits

Participants achieve the following learning outcomes from the programme:

Understand the requirements of ISO 27001:2022
Describe the responsibilities of an internal auditor and describe the role of internal auditing in the maintenance and improvement of management systems
Plan, conduct and report and follow-up an internal audit as part of an ISO 27001 management system in accordance with ISO 19011

Gerry Higgins

With extensive experience of implementing quality, environmenta...

Read More

CQI IRCA recommend all delegates have the following prior knowledge:

Understand the Plan-Do-Check-Act (PDCA) cycle.
Have a basic knowledge of the concepts of information security management (see ISO 27001).
Understand the requirements of ISO 27001 and the commonly used information security management terms and definitions.

A variety of exercises will be carried out throughout the course using role-plays, case studies and sample documentation. Delegates are assessed throughout the course by continual assessment and an end of course multiple-choice assessment. Continual assessment is based upon the student’s participation and performance during the exercises, role-plays and question & answer sessions. It is essential that delegates take an active part in all course activities during the course in order for the Tutor to make a full assessment of the student’s performance. Please note it is essential for students to be in attendance for the full course.

In-House Courses
For In-House courses, the Tutor will contact you in advance to discuss the course programme in more detail in order to tailor it specifically for your organisation. Course exercises can be carried out using the company’s own Information Security Management System culminating in a supervised internal audit.

Course Manual
Delegates will receive a very comprehensive course manual.

This course is certified by CQI IRCA (Course ID Number: 2140). The International Register of Certificated Auditors (CQI IRCA) is the world's original and largest international certification body for auditors of management systems.

Collapse All

Snapshot

Accreditation

This Programme (PT218) is presented by Antaris (01185832)

CQI & IRCA Certified - Programme Ref 2140

Course Code

IS001

Duration

2 training days

Public Price

+ €31 for CQI IRCA Course Certification
(includes course documentation)

Delivery Mode

This programme is delivered by or In-Company training

stdClass Object
(
    [primary_category] => Information Security
    [primary_slug] => information-security
    [categories_slugs] => Array
        (
            [0] => information-security
            [1] => auditing
        )

    [parent_categories_slugs] => Array
        (
            [0] => compliance-standards-auditing
            [1] => quality-training-courses
        )

)

News & Updates

Why Your Business Needs ISO 27001:2017 Internal Auditor Training

The last thing you want to do in this climate is to neglect your responsibilities when it comes to GDPR. Read our interview where Gemma Creagh from Careers Unli...