About ISO 27001 Internal Auditor

Your learning will rapidly develop using a balance of theory and practical activity, so that you can apply your knowledge effectively during an audit.

Who can take this training?

This is intended for those who will be involved in conducting internal audits of an ISMS that conforms to ISO/IEC 27001:2013 in an organization.
Suggested job roles and their teams include:
✓ Information security managers
✓ IT and corporate security managers
✓ Corporate governance managers
✓ Risk and compliance managers
✓ Information security consultants


You should already have knowledge how ISO/IEC 27001:2013 works

Course Outline

Introduction to the course
Module 1 – Introduction to ISO 27001
Introduction & suggested reading
What is ISO 27001?
The structure of ISO 27001
Information security principles
Introduction to the Information Security Management System
Implementing ISO 27001 requirements
Implementing ISO 27001 as a project
Documenting ISO 27001 requirements
ISO 27001 Benefits
Related documentation
Practice exam
Module 2 – The planning phase
Introduction & suggested reading
Understanding your organization and its context [clause 4.1]
Understanding the needs and expectations of interested parties [clause 4.2]
Determining the scope of the ISMS [clause 4.3]
Leadership and commitment [clause 5.1]
Information Security Policy [clause 5.2]
Organizational roles, responsibilities and authorities [clause 5.3]
Information security objectives [clause 6.2]
Resources [clause 7.1]
Competence [clause 7.2]
Awareness [clause 7.3]
Communication [clause 7.4]
Documented information [clause 7.5]
Related documentation
Practice exam
Module 3 – Risk management
Introduction & suggested reading
Addressing risks and opportunities [clause 6.1.1]
Risk management process [clause 6.1.2]
Information security risk assessment – Risk identification [clause 6.1.2]
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2]
Information security risk treatment [clause 6.1.3]
Statement of Applicability [clause 6.1.3]
Risk treatment plan [clause 6.1.3]
Related documentation
Practice exam
Module 4 – The Do phase
Introduction & suggested reading
Formulating the risk treatment plan [clause 6.1.3]
Implementing the risk treatment plan [clause 8.3]
Operational planning and control [clause 8.1]
Operating the ISMS [clause 8]
Managing outsourcing of operations [clause 8.1]
Controlling changes [clause 8.1]
Risk assessment review [clause 8.2]
Related documentation
Practice exam
Module 5 – The Check and Act phases
Introduction & suggested reading
Monitoring, measurement, analysis, and evaluation [clause 9.1]
Internal audit [clause 9.2]
Management review [clause 9.3]
Nonconformities and corrective actions [clause 10.1]
Continual improvement [clause 10.2]
Related documentation
Practice exam
Module 6 – Annex A – Control objectives and controls
Introduction & suggested reading
Introduction to Annex A – Reference control objectives and controls
Structure of Annex A
Information security policies [A.5]
Organization of information security [A.6]
Human resources security [A.7]
Asset management [A.8]
Access control [A.9]
Cryptography [A.10]
Physical and environmental security [A.11]
Operational security [A.12]
Communications security [A.13]
System acquisition, development and maintenance [A.14]
Supplier relationships [A.15]
Information security incident management [A.16]
Information security aspects of business continuity management [A.17]
Compliance [A.18]
Related documentation
Practice exam
Module 7 – Introduction to the internal audit
Introduction & suggested reading
Internal vs. external audit
The main purpose of the internal audit
Requirements of ISO 27001
Criteria for selecting the internal auditor
The audit findings
Major and minor nonconformities
Definition of major nonconformity
ISO 19011
Related documentation
Practice exam
Module 8 – Organizing the internal audit
Introduction & suggested reading
Organizing the internal audit
Internal audit procedure
Annual audit program
Audit plan for an individual audit
Related documentation
Practice exam
Module 9 – Internal audit elements
Introduction & suggested reading
Internal audit elements
Document review
Creation of the checklist
Internal audit report
Corrective action requests
Corrective action follow-up
Related documentation
Practice exam
Module 10 – The main audit
Introduction & suggested reading
Auditor assumptions
Techniques for finding evidence
Sampling the records
Recording the evidence
Interviewing techniques


Call Now- +91-921-276-0556

Send a Query

Tai Infotech Pvt Ltd, 2017 All Rights Reserved