Course objectives
After completing this course, students will be able to:
- Interpret Requirements: View the ISO 27001 standard through the lens of an auditor to determine "Conformity" vs. "Non-conformity."
- Manage Audit Programs: Plan and lead an entire audit life cycle in accordance with ISO 19011.
- Gather Evidence: Master interviewing techniques, document review, and technical verification to find objective evidence.
- Lead Teams: Coordinate a team of auditors, assign tasks, and handle on-site challenges or auditee pushback.
- Report Findings: Draft clear, concise audit reports and categorize findings as Major, Minor, or Observations.
- Evaluate Corrective Actions: Determine if an organization's response to a finding is sufficient to close the gap.
Course outlines
- Day 1: Audit Fundamentals & ISO 27001
- Introduction to ISMS and the 2022/2023 version updates.
- Fundamental audit concepts (Integrity, Fair Presentation, Due Professional Care).
- The certification process and accreditation bodies.
- Day 2: Audit Simulation & Planning
- Establishing the audit objectives, scope, and criteria.
- The Audit Plan: Designing the schedule and allocating resources.
- Preparing audit working documents (Checklists).
- Day 3: On-Site Audit Activities
- Conducting the Opening Meeting.
- The Interview: Techniques for questioning top management and technical staff.
- Evidence collection and technical verification.
- Day 4: Closing the Audit
- Evaluating audit findings and writing Non-Conformity Reports (NCRs).
- Conducting the Closing Meeting and presenting the audit conclusion.
- Drafting the final Audit Report.
- Day 5: Examination
- Review of key domains.
- Final Lead Auditor Examination (covering audit principles and standard interpretation).