Gain the ability to assess an organisation’s capability to manage its ISMS
The Information Security Management Systems, or ISMS, standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.
This two-day course begins with the understanding of the concept of Information Security Management, the requirements of ISO/IEC 27001:2013 certification standard, and its relation to the ISO 27000 series of standards for information security management. This Internal Auditor course is based on the principles of ISO 19011:2011. It is designed for those people who wish to understand and conduct internal audit assessments to the ISO/IEC 27001:2013 certification standard and its relation to the ISO 27000 series of standards for information security management.
Duration: 2 - day course
The course consists of the following 2 parts:
At the end of this course, participants will be able to:
• To gain an understanding of the ISO/IEC 27001:2013 requirements
• Prepare, conduct and follow-up on ISO/IEC 27001:2013 audit activities
• Gain the skills to assess an organisation’s capability to manage its ISMS
• Write factual audit reports
Note: The purpose of the course ensures a comprehensive transfer of knowledge and understanding on internal audit process with respect to ISO/IEC 27001:2013 requirements.
Topics to be covered in this course include:
• Introduction to information security management systems
• Objectives and benefits of an ISMS
• Key Principles and Concepts of the ISMS
• Code of practice ISO/IEC 27002:2013
• Certification specification ISO/IEC 27001:2013
• Certification to ISO/IEC 27001:2013
• The ISO 27000 series of standards
• Essentials of the Standard
• The ISMS Audit Planning
• The ISMS Audit Preparation
• Conducting an ISMS Audit
• Recording the results
• Root Cause Identification
• Presenting reports
• Conducting Audit Follow-Up
Participants will learn through lectures, case studies, group exercises and discussions.
This course is specially designed for:
• managers or executives responsible for the security and confidentiality of their business-critical information
• those people who wish to understand and conduct internal audit assessments to the ISO 27001:2005 certification standard and its relation to the emerging ISO 27000 series of standards for information security management
The course content and structure are designed by the domain experts from TÜV SÜD Malaysia and global
With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.
World-class training – by learning from TÜV SÜD’s industry experts and training specialists
Interactive learning style – with interactive formats such as lectures, illustrations and simulations are used
Networking opportunity – where you can meet and build network with like-minded individuals at our instructor-led training
Gain a competitive edge – by getting trained by experts known in the fields of safety, security and sustainability
To know more about TÜV SÜD, please click here.
Select Your Location
Bosnia and Herzegovina