ISO 27001:2013 Information Security Management System (ISMS)

For individuals and organisations seeking an understanding of ISO 27001:2013 and it’s requirements including Annex SL and the High Level Structure (HLS) with an introduction to Annex A and ISMS controls.

ISO 27001:2013 Introduction Course Information

Duration: 1 day

Module 1: Introduction

  • Principles of an ISMS and ISO 27001:2013
  • ISO 27001:2013 and the related family standards
  • Understanding Terms and Definitions key to the ISMS and ISO 27001:2013

Module 2: Systematic Approach

  • Understanding Annex SL & the High Level Structure (HLS)
  • Understanding the scope of an ISMS and its importance
  • Requirements of ISO 27001:2013 and clauses 4 to 10
  • Clauses 4 to 10 exercises & workshops for understanding of each requirement
  • Risks & Opportunities; Management of Change; Legal & Other Requirements; Operations; Objectives; Information Security Risk Assessment and Risk Treatment Overview
  • ISO 27001:2013 PDCA Improvement Cycle
  • Annex A controls and overview

Module 3: ISMS Improvements

  • ‘ICE’ Conformance; Effectiveness & Improvement of your ISMS
  • Understanding ISO 27001:2013 and it’s requirements

For individuals and organisations seeking to understand how to undertake a holistic and systematic approach to internally auditing an Information Security Management System against the requirements of ISO 27001:2013.

ISO 27001:2013 Internal Auditor Course Information

Duration: 2 days

Module 1: Introduction to ISO 27001:2013

  • Terms and definitions of an Information Security Management Systems & the Standard
  • Requirements and purpose of ISO 27001:2013 and an ISMS
  • ISO 27001:2013 & the related family of standards
  • PDCA (Plan, Do, Check, Act) Understanding the Improvement Cycle
  • ISMS Principles

Module 2: Internal Auditing a Systematic Approach

  • Types of audits
  • Auditing techniques & skills, risk based and evidenced based approach
  • Phases of an audit (Prepare; Perform; Report; Revisit)
  • Clauses 4 to 10 understanding of requirements for audit
  • Risks & Opportunities; Management of Change; Legal & Other Requirements; Operations; Objectives; Information Security Risk Assessment and Risk Treatment Overview
  • Auditing Against Annex A and controls including the SOA (Statement of Applicability)
  • What we audit for: ‘ICE’ Conformance; Effectiveness & Improvement
  • Non-Conformance; Correction; Corrective Action; Root Cause Analysis
  • Assessment of Audit documentation (Objective & Subjective Evidence)
  • Audit reporting and follow up
  • Case studies

Module 3: Internal Auditor 

  • Roles, responsibilities and leadership skills of an internal auditor and their team members
  • Managing the audit programme; scheduling of internal audits
  • Auditor Attributes & Behaviours
  • ISO 19011:2018

Module 4: Information Security Management System & Controls

  • Evaluation of the internal audit process and improvement
  • Understanding the benefits of an ISMS and ISO 27001:2013

Contact us now to discuss how we can help partner you in your training journey.