ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.
ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.
This course helps practitioners to systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts; design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment; and adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
For Team Leaders / Supervisors / Managers to help drive Security Awareness in the organization. Professionals desirous of becoming ISMS Consultants. Management Representative of organisation, Audit Programme Manager for ISMS internal and external audits.
- Holders of the ISO 27001 Lead auditor Certification, will be able to demonstrate their knowledge and understanding of:
- Background and overview of the ISO 27001 and other Information Security Standards
- An introduction to auditing and implementing an audit system and the auditor’s role in the process
- Management’s role in reviewing risk and the effectiveness of the overall ISMS
- Planning and managing a process based audit, resources and timing
- use of checklists and the selection of audit teams
- Conducting the audit – skills, techniques and auditor competence:
- evaluating the significance of audit findings
- communicating and presenting audit reports
- Nonconformities and improved security as a result of corrective actions
- Management of the third-party assessment and certification process