ISO 27001:2013 Overview with Internal Auditor

Many organizations have made the strategic decision to obtain certification to more than one management system standard. Several clients that we serve have requested a course to assist in developing their internal audit programs to address the requirements of more than one management system. This 2 day course was designed to assist those organizations who have or are seeking certification to ISO 27001 Information Security.

The course will introduce students to the concept of management system standards and the common threads found in the three standards. It will also introduce the student to the concept of auditing as found in ISO 19011 Guidelines for auditing management systems. The course will include an overview of the requirements for all of these standards. It will start with auditing concepts and the process approach.

The class will be given exercises based on real scenarios that could be addressed by either standard. Class work is hands on and the class is broken up into audit teams who work together to assess evidence and develop audit findings. The class emphasizes the Plan, Do, Check, Act cycle found in all ISO management system standards as well as using the process approach in auditing.

Students will be required to bring a copy of the ISO 27001 standard. The class is hands on and fast moving. Students are urged to read the standards before attending class. It should be emphasized that this class is an overview designed to help clients get off to a good start with their internal audit programs and/or provide basic training for new auditors.