ISO 27001, 20000 and 9001 Internal Auditing

Many organizations have made the strategic decision to obtain certification to more than one management system standard. Several clients that we serve have requested a course to assist in developing their internal audit programs to address the requirements of more than one management system. This 2-day class is targeted for internal auditors and process owners in your organization and includes ISO 27001 Information Security Management, ISO 20000 IT Service Management and ISO 9001 Quality Management System Requirements. While the course will address requirements found in all three standard, clients who have two of these three standards will find that students will benefit from attendance. The course will introduce students to the concept of management system standards and the common threads found in the three standards. It will also introduce the student to the concept of auditing as found in ISO 19011 Guidelines for auditing management systems. The class will be given exercises based on real scenarios that could be addressed by any of these standards. Class work is hands on and the class is broken up into audit teams who work together to assess evidence and develop audit findings. The class emphasizes the Plan, Do, Check, Act cycle found in all ISO management system standards as well as using the process approach in auditing. Students will be required to bring copies of the applicable standard: ISO 9001, ISO 20000 or ISO 27001 Standards. The class is hands on and fast moving. Students are urged to read the standards before attending class. It should be emphasized that this class is an overview designed to help clients get off to a good start with their internal audit programs and/or provide basic training for new auditors who must deal with multiple standards.