About the course
Deliver compliance and drive continual improvement for your ISO27001 ISMS
Developed by the UK’s leading ISO 27001 consultancy company, this two-day course provides the knowledge and skills required to perform ISO 27001 internal audits that maintain compliance and drive continual improvement within your organisation’s ISMS, in accordance with clause 9.2.
Gain the skills to perform internal audits that ensure the information security management system (ISMS) maintains conformity to the ISO 27001 standard. Find out how to identify opportunities for improvement and take corrective action. The course is presented by an experienced ISO 27001 practitioner offering real-world expertise and insights.
This course also supports professional development: delegates who pass the included exam are awarded the ISO 17024-accredited CIS IA qualification by IBITGQ.
What will you learn?
- Internal audit concepts, terms and definitions.
- The role of the internal auditor and ISMS audits.
- The certification process.
- A detailed overview of the structure and requirements of ISO 27001.
- Mandatory documents for an ISO 27001-compliant ISMS.
- Internal audit resources.
- The auditor’s challenges and personal traits.
- Developing an audit programme.
- The different approaches to conducting an ISO 27001 audit.
- Applying ISO 19011 and ISO 27007 audit processes.
- Planning individual internal audits.
- Conducting the internal audit and handling the interview process.
- The audit trail.
- Reporting, identifying and compiling evidence-based nonconformities of intent, implementation and effectiveness.
- Quality management principles in the audit.
- Corrective action and follow-up.
ISO27001 Certified ISMS Internal Auditor (CIS IA) examination
Take the CIS IA examination at the end of the course – a 60-minute, multiple-choice, ISO 17024-accredited exam set by IBITGQ.
There is no extra charge for taking this exam.
CIS IA is acknowledged by the Payment Card Industry Security Standards Council (PCI SSC) as an approved qualification meeting the requirements of an application for an individual to become a Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA).
Who should attend this course?
This course is aimed at individuals responsible for conducting ISO 27001 or information security internal audits. Depending on the size of your organisation, this may include a number of staff members, representing a range of departments such as HR, finance or operations.
This course also meets the requirements of the PCI SSC for additional QSA qualifications and, in the UK, is covered by the MOD ELCAS scheme.
There are no formal entry requirements but it is assumed that you will have a basic knowledge of ISO 27001 gained through practical experience, reading the ISO 27001:2013 standard, or by attending the ISO27001 Certified ISMS Foundation training course.