ISO 27001 - ISMS Internal Auditing

Objectives

To give an understanding of:

• Why organisations may wish to obtain ISO 27001 certification
• The ISO 27001 standard in depth
• The documentation requirements of ISO 27001
• The mandatory procedures
• The relationship between ISO/IEC 17799:2000 & ISO 27001:2005
• A Statement of Applicability (SOA) and a Risk Treatment Plan
• The audit process utilising a Risk Treatment Plan
• Risk assessment
• The control objectives in Annex A
• The documents required by Annex A
• The requirements of the Data Protection Act
• The use of Control Objectives

Course Content

A two day course containing the following:

• Overview of what is meant by ISMS and the constituents of an ISMS
• Explanation of how an ISMS can help
• Overview of the requirements of ISO 27001:2005 and the potential benefits
• Implementation of an ISMS
• Identifying and evaluating assets and their vulnerabilities, risk assessment
• Annex A, control objectives, risk treatment plan & statement of applicability
• Process approach to auditing
• Audit planning
• Auditing against a standard
• Scripted audit
• Audit exercise
• Audit reporting

Who Should Attend

This course is designed for people who are or will be involved in the implementation and auditing of Information Security Management Systems.

What Should Have Been Learnt

• How to implement an ISMS
• About the tools and documents used to achieve results within an ISMS
• Benefits to the business of an ISMS
• How to plan audits of an ISMS
• How to carry out internal audits of an ISMS