Course Outline

I. Introduction to Information Security
1. Systemic information security management
2. Benefits and added value for the organization

II. Overview of ISO 27001 requirements
1. What are the requirements of the standard?
2. What should you pay special attention to?
3. Identification of documentation requirements
4. Overview of Annex A

III. Information Security Management System compliant with the requirements of ISO 27001
1. Elements of the Information Security Management System according to ISO
2. Exercises in interpreting and analysing the requirements of ISO 27001

IV. Audits – general information
1. Introduction to Audit
2. Entire audit
3. Audit criteria
4. Types of audits

V. Audit planning and preparation
1. Audit criteria and scope
2. Selection of a team of auditors
3. Process approach to internal audits
4. Important Aspects When Creating a Control Question List
5. Conducting an audit according to ISO 19011:2018
6. Practical exercises

VI. Conducting an audit – rules for conducting an on-site audit
1. Auditing techniques
2. Objective evidence
3. Identification of non-conformities and the ability to demonstrate them
4. Competencies of a watering auditor
5. Practical exercises

VII. Documenting audit results
1. Skilful formulation of inconsistencies
2. Documenting non-conformities
3. Identifying and documenting insights and potential for improvement
4. Summary of Audit Results – Audit Report
5. Practical exercises

VIII. Effective post-audit activities
1. Responsibilities related to the initiation of corrective and corrective actions
2. The Importance of Precisely Determining the Causes of Non-Conformity
3. Define corrective actions
4. Evaluation of the effectiveness of actions
5. Post-audit activities in relation to insights and potentials for improvement
6. Practical exercises

IX. Discussion and summary



  • Individuals preparing for the position of Lead Auditor 27001:2023
  • Anyone interested in the topic
 35 Hours

Number of participants

Price per participant