The setting of standards is generally aimed at ensuring the safety, reliability and quality of the products and services offered by companies. Sometimes perceived as constraints, they are also often strategic tools for companies to lower costs, increase productivity and reduce risks, waste and errors. The ISO27001 standard describes, for example, the requirements linked to the implementation of an Information Security Management System (ISMS). This training provides the necessary expertise to carry out Information Security Management System (ISMS) audits by applying generally accepted principles, procedures and auditing techniques. During this training, participants will acquire the knowledge and skills necessary to plan and carry out internal and external audits, in accordance with the ISO 19011 standard and the ISO / IEC 17021-1 certification process. Through the practical exercises offered, They will be able to master audit techniques and have the skills required to manage an audit program, an audit team, client communication and conflict resolution. During the last day of training, participants will take an exam allowing them to obtain the title of "PECB Certified ISO / CEI 27001Lead Auditor".
Introduction to the Information Security Management System and the ISO / CEI 27001 standard
Objectives and structure of the training
Normative and regulatory frameworks: organization and basic principles of ISO, integrated management system, information security standards, advantages of ISO27001
Certification process: certification scheme, accreditation authority, certification body
Fundamental principles of the Information Security Management System: asset, information and information asset, information security, confidentiality, integrity and availability, vulnerability, threats and impacts, definition and implementation of an ISMS
Principles, preparation and initiation of the audit
Fundamental audit principles and concepts: audit standards, types of audits, actors, audit objectives and criteria, combined audit
Evidence-based audit approach: types of evidence, quality of evidence
Risk-based audit approach: materiality and audit planning, reasonable assurance
Triggering the audit: review of the request, appointment of a manager, validation of objectives, scope and audit criteria
Stage 1 of the audit: objective, site visit, interviews, review of documentation, audit report (stage 1)
Preparation of stage 2 of the audit (on-site audit): preparation of the audit plan, assignment of auditors, use of technical experts, preparation of working documents, use of a checklist, implementation of '' a documentation standard
Stage 2 of the audit (first part): lead the opening meeting, collect information, conduct the audit tests with the appropriate procedures, write audit findings and non-compliance reports
On-site audit activities
Stage 2 of the audit (second part): write audit and non-compliance findings, perform the quality review of audit findings
Communication during the audit: behavior during site visits, communication during the audit, audit team meetings, roles of guides and observers, conflict management, cultural aspects of the audit, communication with management
Drafting of audit test plans
Drafting of audit findings and non-conformity reports: types of possible audit findings, drafting of audit findings, drafting of non-conformity reports, benefit of the doubt
Conclusion of the audit
Audit documentation and audit quality review: working documents, audit records, quality review, quality review documentation
Closure of the audit: preparation of the audit conclusions, discussion of the conclusions with the auditee, closing meeting, audit report, follow-up audit, certification decision, content of a certificate
Assessment of action plans by the auditor: submission of action plans by the auditee, content of action plans, evaluation of action plans
Continuation of the initial audit: surveillance activity, surveillance audit, renewal audit, use of ISO trademarks
Management of an internal audit program: particularities of internal audit, independence and impartiality, the role of the internal audit function, internal audit resources and tools, program monitoring
Competence and assessment of auditors: qualification, competence of audit team leaders, certification scheme, certification, maintenance of certification
Certification exam
Review of concepts for certification
Mock exam
Taking the written certification exam in French which consists of answering 12 questions in 3 hours
A minimum score of 70% is required to pass the exam
It is necessary to sign the code of ethics of the PECB in order to obtain the certification
Candidates are authorized to use not only the course materials but also the ISO / IEC 27001 and ISO / IEC 27002 standards which will be given to them.
In case of failure, candidates are given a second chance to take the exam within 12 months of the first attempt
The exam covers the following skill areas: Domain 1: Fundamental principles and concepts of the ISMS - Domain 2: The ISMS - Domain 3: Fundamental principles and concepts of the audit - Domain 4: Preparation for an ISO / IEC 27001 audit - Domain 5: Carrying out an ISO / CEI 27001 audit - Domain 6: Closing an ISO / CEI 27001 audit - Domain 7: Managing an ISO / CEI 27001 audit program.
Elgon
6
Rue d'Arlon Windhof Luxembourg
find out about all the networking events and trainings tailored for you!
find out about all the networking events and trainings tailored for you!
With you consent, we collect data such as your advertising ID and your IP address.
They allow us to provide our services 100% free of charge and to continue improving them so that we provide you with relevant content.
For more information, please refer to our data privacy policy
To check your Favorites, connect to your account!
To check your Favorites, connect to your account!
Sign in to get access to your preferences!
Sign in to follow this category!
Sign in to follow this Good Address!
Sign in to follow this business!
Yes I want to delete it
