Course Outline
I. Introduction to Information Security
1. Systemic management of information security.
2. Benefits and added value for the organization.
II. Overview of ISO 27001 Requirements
1. Key requirements of the standard.
2. Critical areas of focus.
3. Identification of documentation requirements.
4. Overview of Annex A.
III. Information Security Management System Compliant with ISO 27001
1. Components of the ISMS according to ISO 27001.
2. Exercises in interpreting and analysing ISO 27001 requirements.
IV. Audits – General Information
1. Introduction to auditing.
2. Comprehensive audit process.
3. Audit criteria.
4. Types of audits.
V. Audit Planning and Preparation
1. Defining audit criteria and scope.
2. Selecting the audit team.
3. Process approach to internal audits.
4. Key aspects of creating a control question list.
5. Conducting audits in accordance with ISO 19011:2018.
6. Practical exercises.
VI. Conducting an Audit – Rules for On-Site Audits
1. Auditing techniques.
2. Objective evidence.
3. Identifying and demonstrating non-conformities.
4. Competencies of the lead auditor.
5. Practical exercises.
VII. Documenting Audit Results
1. Effective formulation of observations.
2. Documenting non-conformities.
3. Identifying and documenting insights and improvement opportunities.
4. Summary of Audit Results – Audit Report.
5. Practical exercises.
VIII. Effective Post-Audit Activities
1. Responsibilities regarding the initiation of corrective actions.
2. The importance of precisely determining the causes of non-conformity.
3. Defining corrective actions.
4. Evaluating the effectiveness of actions.
5. Post-audit activities related to insights and improvement potentials.
6. Practical exercises.
IX. Discussion and Summary
Requirements
Target Audience
- Professionals preparing for the role of Lead Auditor under ISO 27001:2023.
- Anyone with an interest in the subject matter.
