ISO 27001 Internal Auditor

This course is for anyone who is going to be responsible for conducting information security internal audits and benefits everyone who is involved in information security, in internal audit, in the development and deployment of an Information Security Management System ('ISMS') or in auditing IT Service Level Agreements.

Designed on best practice principles, based on ISO 19011:2002 internal audit best practice, this course offers guidelines for information security management systems auditing.

There are no formal entry requirements, although it is assumed that delegates will have a working knowledge of information security management and the requirements of ISO27001.

Designed on best practice principles, based on ISO 19011:2002 internal audit best practice, this course offers guidelines for information security management systems auditing. Using ISO 19011 as the basis for internal audit, organizations can save time, effort and money by:

Avoiding confusion over the objectives of the audit programme;
Securing agreement of the goals for individual audits within an audit programme;
Reducing duplication of effort when conducting combined information security/quality audits;
Ensuring audit reports follow the best format and contain all the relevant information;
Evaluating the competence of members of an audit team against appropriate criteria.
Whatever the reason for the audit (eg: certification, internal review, continuous improvement, contract compliance, etc) this course enables internal auditors to move efficiently through the process by applying internationally recognized guidelines, including:

A clear explanation of the principles of management systems auditing.
Guidance on the management of audit programmes.
Guidance on the conduct of internal or external audits.
Advice on the competence and evaluation of auditors.

None