This course enables participants to develop the expertise required to audit an Information Security Management System (ISMS) and manage a team of auditors through the application of generally accepted audit principles, procedures and techniques. During this training, the participant acquires the skills and competencies required to plan and conduct internal and external audits effectively and in accordance with the ISO 19011 and ISO 17021 certification process. Through practical exercises, the participant develops the skills (mastery of audit techniques) and competencies (team and audit program management, client communication, conflict resolution, etc.) necessary to effectively conduct an audit.

If you would like to take this course by distance learning, click on the “Distance training” button to discover the program.

Overview

  • Acquire the expertise to perform an ISO 27001 internal audit following the ISO 19011 guidelines
  • Acquire the expertise to manage a team of ISMS auditors
  • Understand how an ISMS works according to ISO 27001
  • Improve the ability to analyze the internal and external environment of an organization, assess audit risks and make decisions in the context of an ISMS audit.

Course Curriculum

Day 1

ISO normative model and Management System

  • ISO 27001 Certification Process
  • Fundamentals of information security
  • Information Security Management System

Day 2

Plan and initiate an ISO 27001 audit

 

  • Fundamental audit principles and concepts
  • Evidence-based and risk-based audit approach
  • Preparing for an ISO 27001 certification audit

Day 3

Conducting the certification audit

 

  • Animation of the audit team
  • Communication during the audit
  • Interviews and evidence gathering
  • Sharing findings with the auditees

Day 4

After the audit

 

  • Formulation of audit findings
  • Drafting of the report
  • Follow-up of non-compliance issues
  • Management of the audit program
  • Relationship with the training organization
  • Revisions

Learning
Assessment

The “PECB Certified ISO/IEC 27001 Lead Auditor” exam is held on the 5th day of the course and lasts 3 hours. The exam covers the following competency areas:

  • Area 1: Fundamental Information Security Principles and Concepts
  • Area 2: Audit concepts and fundamentals
  • Area 3: Preparing for an ISO 27001 audit
  • Area 4: Conducting an ISO 27001 audit
  • Area 5: Closing an ISO 27001 audit

The +

This training is based on the alternation of theoretical and practical time:

  • Lectures illustrated with examples from real cases
  • Classroom exercises to help prepare for the exam
  • Practical tests similar to the certification exam
  • In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.

Who should attend?

  • Auditors who want to conduct certification audits or internal audits
  • Implementers who want to prepare for the certification audit or to understand the exercise for an optimal compliance
  • Anyone who is curious about the audit of an ISMS

Prerequisites

  • Have a knowledge of the ISO/IEC 27001 standard
  • Have a good knowledge of information systems security
  • Completion of the “ISO 27001 Foundation” module

How and
when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 5 working days before the start of the training.

Accessibility

Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.

To go further

You can deepen your knowledge by following the training courses below:

Duration

4,5 days (31h)

Price

€3200 excl tax

Meal

Breakfast & lunch included

For French residents

+ OPCO support

Overview

  • Acquire the expertise to perform an ISO27001 Internal Audit according to the ISO 19011 guidelines
  • Acquire the expertise to manage a team of ISMS auditors
  • Understand how an ISMS works according to ISO 27001
  • Improve the ability to analyze the internal and external environment of an organization, to assess audit risks and to make decisions in the context of an ISMS audit

Course Curriculum

Session 1

Audits

  • The different types of audit
  • The life cycle of the certification
  • The auditor and his qualities

Session 2

Prepare for the audit

  • The principles of the audit
  • The main steps of the audit

Session 3

Audit preparation

  • Audit feasibility
  • Audit plan
  • Audit team

Session 4

On-site audit

  • Conducting interviews
  • Writing the deviation sheets

Session 5

Closing of the audit

  • Conduct a closing meeting
  • Write the activity report

Session 6

Monitoring and follow-up

  • Post-audit activities
  • Overview of audits in the context of certification

Principle planning

  • 13 hours of classes with the trainer divided into 6 sessions of 1h30 to 2h
  • 8 hours of personal work time in autonomy
Monday Tuesday Wednesday Thursday Friday
Week 1 Introduction Session 1 Session 2 Session 3
Week 2 Session 4 Session 5 Session 6 Exam

Learning
Assessment

  • 2H closed book online certification exam.
    • 100 multiple choice questions

The +

  • Training provided by a cybersecurity expert
  • An intuitive and easy-to-use platform
  • Exchange moments on key concepts and experience sharing adapted to the learners’ context
  • A training pedagogy adapted to all learning profiles

Who should attend?

  • Auditors wishing to perform and lead Information Security Management System certification audits
  • Managers or consultants wishing to master the Information Security Management System audit process
  • Anyone responsible for maintaining compliance with ISMS requirements
  • Technical experts wishing to prepare an Information Security Management System audit
  • Consultants specialized in information security management

Prerequisites

  • A good knowledge of the ISO/IEC 27001 standard and a thorough knowledge of the implementation principles.
  • Completion of the “ISO 27001 Foundation” module

How and
when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 5 working days before the start of the training.

Accessibility

Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.

To go further

You can deepen your knowledge by following the training courses below:

Duration

21 hours

Price

€2000 excl tax

Package

Full pack 35h – Foundation & Lead Auditor: € 2000 excl. tax

For French residents

+ OPCO support

Download the educational sheet in PDF format

Would you like more information?

contact us by filling out this form

    Almond commits itself to ensure that the collection and processing of your data, carried out from the site https://almond.consulting/, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data.
    The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information.
    You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see cnil.fr for more information on your rights).
    You can exercise your rights by contacting Almond's Data Protection Officer at the following address: dpo@almond.consulting.
    Your data will be kept within the European Union, in accordance with the regulations in force.