ISO 27001:2013 Overview with Internal Auditor

Many organizations have made the strategic decision to obtain certification to more than one management system standard. Several clients that we serve have requested a course to assist in developing their internal audit programs to address the requirements of more than one management system. This 3 DAY course was designed to assist those organizations who have or are seeking certification to ISO 9001 Quality Management System Requirements, and ISO 27001 Information Security Management.

The course will introduce students to the concept of management system standards and the common threads found in the three standards. It will also introduce the student to the concept of auditing as found in ISO 19011 Guidelines for auditing management systems. The course will include an overview of the requirements for all of these standards. It will start with auditing concepts and the process approach. The first system examined will be an overview of ISO 9001 followed by exercises designed to reinforce auditing concepts and the ISO 9001 requirements. These modules will take up about half of the class.

An overview of ISO 27001 will follow. The class will be given exercises based on real scenarios that could be addressed by either standard. Class work is hands on and the class is broken up into audit teams who work together to assess evidence and develop audit findings. The class emphasizes the Plan, Do, Check, Act cycle found in all ISO management system standards as well as using the process approach in auditing.

Students will be required to bring copies of the ISO 9001 and the ISO 27001 Standards. The class is hands on and fast moving. Students are urged to read the standards before attending class. It should be emphasized that this class is an overview designed to help clients get off to a good start with their internal audit programs and/or provide basic training for new auditors who must deal with multiple standards.