ISO 27001:2013 Internal Auditor
The ISO 27001:2013 Internal Auditor training course teaches the fundamental requirements of the ISO 27001:2013 standard and the skills necessary to conduct internal audits of Information Security Management Systems in accordance with the ISO 19011:2011 Guidelines for Auditing Management Systems standard.
3-Day ISO 27001:2013 Internal Auditor
Role-playing and audit scenarios help attendees develop a hands-on understanding that will facilitate the implementation of a robust ISMS, risk assessment, and audit program. The internal audit is a mandatory requirement of the ISO 27001 Information Security Management Systems standard.
ISO 27001 Internal Auditor Training Target Audience
This course is designed for employees or individuals responsible for managing, maintaining, or participating in an Information Security Management System, risk assessment process, and/or ISMS Internal Audits, including:
- Information Systems MIS/IT Directors or IT Managers
- Compliance Officers or Managers
- IT Professionals and Network Engineers
- Information Security Officers, Managers, ISM or ISMS Managers
- ISO Coordinators or Management Representatives
This course is also suitable for people who just want to get a firm understanding of the ISO 27001:2013 standard and their role in ensuring conformance to the organization’s information security management system.
- Understand information security definitions, background, and objectives of ISO 27001:2013
- Understand the requirements of the ISO 27001:2013 standard
- Understand risk assessment process by conducting a full risk assessment cycle
- Learn the controls of Annex A
- Prepare and conduct all phases of an internal audit (plan, execute, report, follow-up)
Duration and Class Hours
The duration of this course is three days, each day from 8:30 AM to 4:30 PM.
The ISMS Internal Auditor course is designed for individuals with little knowledge of ISO 27001. The first three days of the course are dedicated to learning and understanding the ISO 27001:2013 standard and risk assessment process.Course Materials Students receive comprehensive course manuals with reference materials, including:
- Presentation information
- Case studies
- Workshop exercises
- Forms used throughout the course
- Training copy of the standard and Annex A
Lunch, beverages, and snacks are provided throughout the day at no additional cost for each day of training. We accept menu requests to accommodate attendees with food allergies or specific dietary requirements.
Lunch: Fajitas, deli meals, or hot plates
Snacks: Breakfast bars, fruit, desserts, cookies, or pastries
Beverages: Coffee, soda, and water is served all day.
This course is taught in English. For information on a similar course in Spanish, please contact Mireaux’s office at 713-589-4680.
The topics in this course include:
- Information Security, Risk Assessment and Asset concepts and definitions
- Structure of the ISO 27001:2013 Standard
- The ISO 27001:2013 Standard – Clauses 4 through 8
- Control Objectives and Controls of Annex A
- Employee, Contractor, Vendor, and Customer Security
- Physical Security
- Network, IT Systems, Web, and Mobile Security
- Information Security Incident Handling
- Business Continuity and Disaster Recovery
- The Risk Assessment Process Lifecycle
- Risk Assessment
- Introduction to Risk Assessment
- Mireaux’s Selected Asset Risk Assessment (SARA) Method
- Asset Valuation
- Threat Identification
- Analysis and calculation of initial risk
- Residual risk management
- Selection of controls for risk treatment
- Other Risk Assessment Methods
- Introduction to Internal Auditing
- Principles of Auditing and Auditor Competence
- Audit Planning
- Document Review and Checklists
- The Opening Meeting
- Audit Performance and Audit Findings
- Writing a Nonconformity
- Audit Report and Closing Meeting
- Audit Follow-Up
- Keeping Your Auditing Skills Sharp
- Various workshops throughout the course.
Training Center Information
12802 Willow Centre Dr.
Houston, TX 77066