The ISO/IEC 27000 Auditor course addresses the standard from an audit requirements point of view. It highlights the audit activities set by the ISO/IEC 19011 standard, and trains the participant to carry out audits in an organization that has implemented an information security management system based on ISO/IEC 27000.

The student who completes the course will have developed the capabilities needed to carry out internal audits of an information security management system.


Objectives

To provide the students with practical knowledge about the audit cycle and with the skills and knowledge for:

  • To carry out internal audits against the ISO/IEC 27001 requirements and the ISO/IEC 27002 controls, conducted according to ISO 19011 and contribute to the Information Security Management System continual improvement.
  • To describe referring to the Plan, Do, Check, Act (PDCA) cycle, the purpose, structure and requirements of ISO/IEC 27001 from an internal auditor point of view.
  • To describe the internal auditor responsibilities and to describe the role of internal audit in the management system improvement and maintenance.

Audience

This course is aimed to:

  • Internal and external service provider staff with a defined role of ISO/IEC 27000 or who have interest in these standards.
  • Management and staff of all corporate divisions, particularly quality management managers and individuals interested in carry out audits.

Note: It is expected that participants have Information Security System Management and ISO/IEC 27001 and ISO/IEC 27002 before attending the training course.


Prerequisites

It is recommended that the participant has obtained the Information Security Foundation based on ISO/IEC 27002 certificate and attended the IT Risk Management training course, but it is not mandatory if he/she has knowledge about ISO/IEC 27002 and IT Risks.


Characteristics

The course has the following characteristics:

  • It is structured in thematic units, each of them presents a part of the theory followed by practical exercises of review and understanding.
  • The material used is in Spanish and English and includes theory, practical exercises and complementary information.
  • Includes a knowledge exam applied by Global Lynx.
  • An assistance certificate is delivered.
  • Has a duration of 3 days.
  • Has a minimum capacity of 5 and a maximum of 25 participants.

Exam

The certification exam has the following characteristics:

  • Its applied under customer request.
  • It does NOT issue any certification accredited by any ITSM organization.
  • Includes 60 multiple choice questions.
  • Has a duration of 105 minutes.
  • Is a closed book exam, using only the ISO/IEC 27001 and ISO/IEC 27002 standards as reference.
  • A minimum of 65% is required to approve.
  • Is a paper based exam.

Topics

The course has the following topics:

  1. Introduction
  2. Requirements for an Information Security Management System
  3. Basic Concepts of Auditing
  4. Planning Audit Programs for an ISMS
  5. Implementing Internal Audits for an ISMS
  6. Measuring, Monitoring and Reporting Internal Audits
  7. Improving Internal Audits for an ISMS
  8. Qualification Scheme
  9. Exam Description
  10. Review, Evaluation and Examination

Advantages offered by Global Lynx

Our instructors are certified in different ITSM, ISO, Information Security and Risk Management disciplines and have an extensive experience in:

  • The design and implementation of Information Security Management Systems in the private and in the public sector.
  • The selection, implementation and configuration of tools and controls which support the Information Security management and which are the ones of most standing and acknowledgement in the market.
  • First and second level audits for Information Security Management Systems.
  • Teaching various ITSM, ISO, Information Security and Risk Management courses in the academic and professional field.
The participant receives a high quality, didactic material in Spanish and English, accredited by EXIN (Examination Institute for Information Science).