Course Content
Participants learn how to perform an audit in accordance with ISO 19011:2011 Guidelines for Auditing Management Systems. The course provides a comprehensive and practical understanding of how to conduct a successful internal or external audit, either as part of an audit team or as the team leader. We focus in particular on the principles and procedures of auditing, the importance of planning, the roles and responsibilities of an auditor, how to gather effective audit evidence and report on the audit findings, and the required follow up activities as an auditor.
Participants also learn the auditing requirements of ISO 27001, and how to best apply and integrate the standard for the benefit of an organisation.
This course is divided into two modules, enabling participants to attend both modules in the one week, or spread across different sessions. The first 2 day module is equivalent to our ‘Becoming a Skilled Lead Internal/External Auditor’ course, where participants learn to conduct management systems audits. The remaining 3 day module covers the requirements of the Information security management systems standard, ISO 27001 and Information Security controls.
Day 1
Introduction to Management Systems Auditing
- Introduction to auditing
- Roles and responsibilities of an auditor
- Principles and procedures of auditing
- Communication skills and interview techniques
- Setting appropriate audit objectives, goals, and criteria
- Planning a Management systems audit
Day 2
Management Systems Auditing
- How to ensure that audits add value to an organisation
- Auditing as a Team Leader
- Effective audit evidence
- Management Systems auditing scenarios
- Writing audit findings and the audit report
- Developing the audit report and writing audit findings
- Reviewing corrective action
Day 3
Information Security Management Systems
- Introduction to Information Security
- Context of Information Security
- Information Security management systems requirements
- Risk-based approach to information security
Day 4
Information Security controls
- ISO 27001 – Code of practice for Information Security management
- Information classification
- Documentation requirements of Information security management systems
Day 5
Information Security application
- Statement of applicability
- Information security audit scenarios
- Course review