CQI - IRCA ISO 27001:2013 ISMS Lead Auditor هذه الدورة تدرس باللغة الإنجليزية

تفاصيل الدورة

Learning Outcomes

• Understand the application of the information security Management System in the context of ISO 27001
• Understand the relationship between an Information Security Management System, including Risk Management, controls and compliance with the requirements of different stakeholders of the organization.
• Improve the ability to analyze the internal and external environment of an organization, risk assessment and audit decision making in the context of an ISMS.

Day 1: Introduction to the management of an Information Security Management System based on ISO 27001

• Normative and regulatory and legal framework related to information security
• Fundamental principles in Information Security
• ISO 27001 certification process
• Information Security Management System (ISMS)
• Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard

• Fundamental audit concepts and principles
• Audit approach based on evidence and on risk
• Preparation of an ISO 27001 certification audit
• Documenting of an ISMS audit
• Conducting an opening meeting

• Communication during the audit
• Audit procedures:
• observation,
• document review
• interview
• sampling techniques
• technical verification
• Corroboration and evaluation
• Drafting test plans
• Formulation of audit findings
• Drafting of nonconformity reports

• Audit documentation
• Quality review
• Review of audit notes
• Conducting a closing meeting and conclusion of an ISO 27001 audit
• Evaluation of corrective action plans

• Surveillance audit
• Audit management program
• Completion of training
• Course review
• Exam preparation
• IRCA Certificate exam