This course introduces the knowledge needed to audit and improve Information Security Management System (ISO/IEC 27001) within the organization. This course also explores the requirements of ISO/IEC 27001:2013 and particularly valuable for individuals directly involved in auditing.

By the end of the session, the participants will be able to:

1. Plan, develop and implement an ISMS internal audit process appropriate to organization;
2. Conduct audit with confidence, gathering objective evidence through observation, interviewing, and document trails to provide factual audit reports that will facilitate improvements towards the Information Security Management System;
3. Understand the skills and techniques of auditing and how to communicate the findings of the audit effectively;
4. Identify and understand the key requirements in ISMS (ISO/IEC 27001:2013).

 

Internal auditors, ISMS Implementers, Project Managers, IT Officers, Executives.

Module 1: Audit Concept

1. Audit Definition
2. Audit Objectives
3. Audit Principles

Module 2: Compliance Audit Process

1. Framework (Plan, Execute, Report, Follow up)
2. Audit Team Members
3. Lead Auditor Responsibilities
4. Audit Team Responsibilities
5. Auditor Competencies
6. Developing Audit Plan
7. Type of Questions
8. Audit Checklist
9. Non-Conformance
10. Writing Non-Conformance Report
11. Writing Audit Report
12. Correction vs Corrective Action

Module 3: Information Security Management System Overview

1. Information Security Fundamentals
2. Overview of ISO/IEC 27001:2013 Standard
3. Overview of ISMS Clause Requirements
4. Overview of ISMS Control Requirements

Module 4: Conclusion

1. Internal Audit Challenges
2. Managing Audit Challenges

coming soon

Fee: MYR3,500.00 (subject to 6% SST)

Please click here to register.

Contact us to request for a quotation

18 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org

Please click here to download brochure