Additional Course Information
-
This course represents a one step approach to achieving information security auditor credentials with Exemplar Global. Day one is a detailed examination of the ISO 27001 requirements and explains what one needs to do to achieve certification. Day two is focused on Annex A Controls. We review all 114 that will need to be your Statement if Applicability (SoA). We also teach how to implement. Day 3 is focused on fundamental auditor skills and ISO 19011: 2019 is a guide. Day 4 is focused on Leading Audits.
-
Day 1: Understanding ISO 27001: 2022 Requirements (Learning Objectives):
• Understand the Management System Reg Process
• Be able to interpret the ISO 27001 Requirements - each clause
• Understand examples of satisfactory evidence for ISO 27001
• To be able to demonstrate understanding of process approach
• Understand the documentation required in ISO 27001
• Understand the interrelationships b/n ISO 27001 & other docs
• Be able to use the terms in ISO 27000 & ISO 27001 correctly
• Be able to evaluate the effectiveness of the ISMS, including metrics
• Understand the relationship b/n legal compliance & conformity
• Understand the relationship of IS requirements derived from ISO 27001
• Understand the process of addressing improvements in the ISMS
Day 2: Understanding ISO 27001: 2022 Annex A Controls (Learning Objectives):
• Understand/analyze Controls in Annex A
• Assess the effectiveness of Risk Assessment methodologies
• Understand artifacts for all 114 Controls in Annex A
• Understand the Statement of Applicability
• Be familiar with ISO 27006: 2015 (Specifically Annex D: Guidance for review of Annex A controls)
• Be capable of applying this knowledge to scenarios
• To understand the categories of findings
• To Understand how the Controls are implemented
• To assess the organization’s Risk Assessment and Risk Treatment processes
• To analyze how IS objectives & legal requirements fit into RA
• To assess an organization’s monitoring, measurement & analysis
Day 3: Planning & Conducting Effective Management System Audits (Learning Objectives):
• Be capable of applying terms, definitions and concepts to MS auditing
• Be capable of recognizing examples of Auditing Principles
• To recognize the types of audits these principles apply
• To learn the roles & responsibilities of Audit Program Manager
• To understand the Audit Lifecycle - IPERC
• To understand the role of the Auditor through each step
• To learn the layers of planning 1) Program 2) Audit and 3) Interview
• Be capable of conducting a Process Audit
• Be able to write clear NC reports and communicate findings
• To understand differences b/n 1st & 3rd Party audits
• To understand the corrective action process and role of the auditor
• To understand your personality type to solicit optimal outcomes
Day 4: Leading Management System Audits (Learning Objectives):
• To learn the roles & responsibilities of Audit Team Leader
• To be able to write an audit plan - applying the risk-based approach
• To be able to run an Opening & Closing Meeting
• To be able to handle difficult situations - professionally
• To be able to discuss strategic issues with Top Management
• To be able to demonstrate conflict management skills - including diverging opinions
• To be able to identify and manage audit risk
• To recognize the nuances of Joint & Combined audits
• To be able to conduct virtual/remote audits
• To understand required report content & who gets the report
• To be capable of verifying effectiveness & completeness of corrective actions
• To gain familiarity with ISO 17021-1
• To gain familiarity with IAF documents and how to use them
• To exhibit auditor communication skills - w/ wide range of people w/ range of topics
• To ensure audit plans include objectives, scope & criteria (and are understood)
• To understand the process for selecting overall team competence is understood
• To ensure work assignments to teammates are clear & documented info for audit is prepared
• To confirm H&S considerations are planned and related risks are understood
• To assure auditors are capable of progressing the audit and keep on schedule
• To assure the purpose of team briefings is understood - including the content of the briefings
• The TL can lead the team to reach a consensus on audit findings
• The TL objectives, purpose, and content of the Closing Meeting are understood
• The TL understands to distribute the audit report as per the audit plan
• The TL demonstrates the ability to develop a complete, accurate, concise and clear audit record
• The TL ensures audit report details audit completion and follows up actions
• To understand the completion and effectiveness of corrective actions are verified
-
Precision Execution is an Exemplar Global certified provider. Those who successfully demonstrate competence during this course and pass the final exam will receive a Certificate of Attainment from Exemplar Global as an ISO 27001 Lead Auditor.
-
• Basic familiarity and understanding of information security principles
• Some familiarity with management systems