Course Outline
I. Introduction to Information Security
1. Systemic information security management
2. Benefits and added value for the organization
II. Overview of ISO 27001 Requirements
1. Understanding the standard's requirements
2. Key areas requiring special attention
3. Identification of documentation requirements
4. Overview of Annex A
III. Information Security Management System Aligned with ISO 27001
1. Elements of the Information Security Management System per ISO 27001
2. Exercises in interpreting and analyzing ISO 27001 requirements
IV. Audits – General Information
1. Introduction to Auditing
2. The complete audit process
3. Audit criteria
4. Types of audits
V. Audit Planning and Preparation
1. Audit criteria and scope
2. Selection of the audit team
3. Process approach to internal audits
4. Key aspects in creating a control questionnaire
5. Conducting audits in accordance with ISO 19011:2018
6. Practical exercises
VI. Conducting the Audit – Rules for On-Site Audits
1. Auditing techniques
2. Objective evidence
3. Identifying and demonstrating non-conformities
4. Competencies of an effective auditor
5. Practical exercises
VII. Documenting Audit Results
1. Articulating inconsistencies skillfully
2. Documenting non-conformities
3. Identifying and documenting insights and improvement opportunities
4. Summary of Audit Results – Audit Report
5. Practical exercises
VIII. Effective Post-Audit Activities
1. Responsibilities regarding the initiation of corrective actions
2. The importance of precisely determining the root causes of non-conformities
3. Defining corrective actions
4. Evaluating the effectiveness of actions taken
5. Post-audit activities related to insights and improvement potentials
6. Practical exercises
IX. Discussion and Summary
Requirements
Target Audience
- Professionals preparing for the role of ISO 27001:2023 Lead Auditor.
- Anyone interested in the subject matter.
