ISO 27001 - ISMS Internal Auditing
Course
In Manchester
Description
-
Type
Course
-
Location
Manchester
-
Duration
2 Days
To give an understanding of: Why organisations may wish to obtain ISO 27001 certification. The ISO 27001 standard in depth. The documentation requirements of ISO 27001. The mandatory procedures. The relationship between ISO/IEC 17799:2000 & ISO 27001:2005. A Statement of Applicability (SOA) and a Risk Treatment Plan. The audit process utilising a Risk Treatment Plan. Risk assessment. The control objectives in Annex A. The documents required by Annex A. The requirements of the Data Protection Act. The use of Control Objectives. Suitable for: This course is designed for people who are or will be involved in the implementation and auditing of Information Security Management Systems.
Facilities
Location
Start date
Start date
Reviews
Course programme
Objectives
To give an understanding of:
- Why organisations may wish to obtain ISO 27001 certification
- The ISO 27001 standard in depth
- The documentation requirements of ISO 27001
- The mandatory procedures
- The relationship between ISO/IEC 17799:2000 & ISO 27001:2005
- A Statement of Applicability (SOA) and a Risk Treatment Plan
- The audit process utilising a Risk Treatment Plan
- Risk assessment
- The control objectives in Annex A
- The documents required by Annex A
- The requirements of the Data Protection Act
- The use of Control Objectives
Course Content
A two day course containing the following:
- Overview of what is meant by ISMS and the constituents of an ISMS
- Explanation of how an ISMS can help
- Overview of the requirements of ISO 27001:2005 and the potential benefits
- Implementation of an ISMS
- Identifying and evaluating assets and their vulnerabilities, risk assessment
- Annex A, control objectives, risk treatment plan & statement of applicability
- Process approach to auditing
- Audit planning
- Auditing against a standard
- Scripted audit
- Audit exercise
- Audit reporting
Who Should Attend
This course is designed for people who are or will be involved in the implementation and auditing of Information Security Management Systems.
What Should Have Been Learnt
- How to implement an ISMS
- About the tools and documents used to achieve results within an ISMS
- Benefits to the business of an ISMS
- How to plan audits of an ISMS
- How to carry out internal audits of an ISMS
ISO 27001 - ISMS Internal Auditing