| Module 1: Introduction about ISO 27001:2013 and process approach |
|
| | Introduction - ISO 27001:2013 - Internal Auditor |
|
| | Objectives of the Course - Internal Auditor |
|
| | Contents - ISO 27001 Internal Auditor |
|
| | ISMS Audit Training course |
|
| | About ISO |
|
| | Basics of Information security |
|
| | Basics of Information security |
|
| | What is ISO 27001 Standards? |
|
| | What is Management System |
|
| | Why Implement ISO 27001:2013 |
|
| | What is an Information security Management System (ISMS)? |
|
| | History of ISO 27001 |
|
| | Background of ISO 27001 |
|
| | To Whom Do the Standards Apply? |
|
| | What Benefits Will it Bring to My Business or Organization? |
|
| | Section 1 Assessment ISO 27001 |
|
| Module 2: Information security Management System Principles & HLS |
|
| | Introduction to ISO 27001:2013 |
|
| | Structure of ISMS |
|
| | Number of domains and controls |
|
| | Mangement framework |
|
| | 0.1 General |
|
| | 0.2 Compatibility with other management system standards |
|
| | 1.0 Scope |
|
| | 2.0 Normative reference |
|
| | 3.0 Terms and definition |
|
| | 3.0 Terms and definition |
|
| | 3.0 Terms and definition |
|
| | 3.0 Terms and definition |
|
| | Selecting Controls |
|
| | Developing your own guidelines |
|
| | Lifecycle considerations |
|
| | Summary of What We learnt |
|
| | Section 2 assessment ISO 27001 |
|
| Module 3: Context of the Organization |
|
| | 4.0 Context of the organization |
|
| | 4.1 Understanding the organization and its context |
|
| | 4.2 Understanding the needs and expectations of workers and other interested parties |
|
| | 4.3 Determining the scope of the information security management system |
|
| | 4.4 Information security management system |
|
| | Summary of What We learnt |
|
| | ISO 27001 Section 3 |
|
| Module 4: Leadership |
|
| | 5.0 Leadership |
|
| | 5.1 Leadership and commitment |
|
| | 5.2 Policy |
|
| | 5.3 Organizational roles, responsibilities and authorities |
|
| | Summary of What We learnt |
|
| | ISO 27001 Section 4 assessment |
|
| Module 5: Planning |
|
| | 6.0 Planning |
|
| | 6.1 Actions to address risks and opportunities |
|
| | 6.1 Actions to address risks and opportunities |
|
| | 6.1 Actions to address risks and opportunities |
|
| | 6.1 Actions to address risks and opportunities |
|
| | 6.1 Actions to address risks and opportunities |
|
| | 6.2 Information security objectives and planning to achieve them |
|
| | 6.2 Information security objectives and planning to achieve them |
|
| | Summary of What We learnt |
|
| | ISO 27001 Section 5 assessment |
|
| Module 6: Support |
|
| | 7.0 Support |
|
| | 7.1 Resources |
|
| | 7.2 Competence |
|
| | 7.3 Awareness |
|
| | 7.4 COMMUNICATION |
|
| | 7.5.1 General |
|
| | 7.5.2 Creating and Updating |
|
| | 7.5.3 Control of documented information |
|
| | 7.5.3 Control of documented information |
|
| | Summary of What We learnt |
|
| | ISO 27001 Section 6 assessmenet |
|
| Module 7: Operation |
|
| | 8.0 Operation |
|
| | 8.1 Operational planning and control |
|
| | 8.2 Information security risk assessment |
|
| | 8.3 Information security risk treatment |
|
| | Summary of What We learnt |
|
| | ISO 27001 section 7 assessment |
|
| Module 8: Performance Evaluation |
|
| | 9.0 Performance evaluation |
|
| | 9.1.1 General |
|
| | 9.2 internal audit |
|
| | 9.2 internal audit |
|
| | 9.3 Management review |
|
| | 9.3 Management review |
|
| | Summary of What We learnt |
|
| Module 9: Improvement & Annex A |
|
| | 10.0 Improvement |
|
| | 10.1 Nonconformity and corrective action |
|
| | 10.1 Nonconformity and corrective action |
|
| | 10.2 Continual improvement |
|
| | Summary of What We learnt |
|
| | Annexure A |
|
| | A.5 Information security policies |
|
| | A.6 Organization of information security |
|
| | A.6 Organization of information security |
|
| | A.7 Human resource security |
|
| | A.7 Human resource security |
|
| | A.7 Human resource security |
|
| | A.8 Asset management |
|
| | A.8 Asset management |
|
| | A.8 Asset management |
|
| | A.9 Access control |
|
| | A.9 Access control |
|
| | A.9 Access control |
|
| | A.9 Access control |
|
| | A.9 Access control |
|
| | A.9 Access control |
|
| | A.10 Cryptography |
|
| | A.11 Physical and environmental security |
|
| | A.11 Physical and environmental security |
|
| | A.11 Physical and environmental security |
|
| | A.11 Physical and environmental security |
|
| | A.11 Physical and environmental security |
|
| | A.11 Physical and environmental security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.12 Operations security |
|
| | A.13 Communications security |
|
| | A.13 Communications security |
|
| | A.13 Communications security |
|
| | A.14 System acquisition, development and maintenance |
|
| | A.14 System acquisition, development and maintenance |
|
| | A.14 System acquisition, development and maintenance |
|
| | A.14 System acquisition, development and maintenance |
|
| | A.14 System acquisition, development and maintenance |
|
| | A.14 System acquisition, development and maintenance |
|
| | A.15 Supplier relationships |
|
| | A.15 Supplier relationships |
|
| | A.15 Supplier relationships |
|
| | A.15 Supplier relationships |
|
| | A.16 Information security incident management |
|
| | A.16 Information security incident management |
|
| | A.16 Information security incident management |
|
| | A.16 Information security incident management |
|
| | A.17 Information security aspects of information security management |
|
| | A.17 Information security aspects of information security management |
|
| | A.18 Compliance |
|
| | A.18 Compliance |
|
| | A.18 Compliance |
|
| | A.18 Compliance |
|
| | Three year external audit cycle |
|
| | Thank you |
|
| Module 10: Internal Audit introduction ISO 19011:2018 |
|
| | Introduction to ISO 19011- Internal audit- ISO 27001 |
|
| | Audit definition |
|
| | Audit Terms and Definitions |
|
| | Principles of Auditing |
|
| | Principles of Auditing |
|
| | Audit Objectives |
|
| | Internal Vs External Audits |
|
| Module 11: Planning and preparation for an audit |
|
| | Audit Management |
|
| | Internal Audits |
|
| | Planning and preparation for an audit |
|
| | Planning and preparation of audit |
|
| | Planning and preparation for an audit- Initiating the audit |
|
| | Audit criteria Vs audit scope |
|
| | Planning & Preparation of an Audit Selection of an audit team |
|
| | Planning and preparation of audit - different stages in an audit cycle |
|
| | Planning & Preparation of an Audit - Document review |
|
| | Planning & Preparation for an Audit Preparation for on-site audit |
|
| Module 12: Performing an audit |
|
| | Performing an audit- Audit Management |
|
| | Performance of an Audit |
|
| | Performing an Audit – From collecting information to audit conclusions |
|
| | Audit team - Participants |
|
| | Key qualities of an auditor |
|
| | Performing an Audit – Audit Approach – Attitude of Auditor |
|
| | Audit approach - Communication process |
|
| | Audit approach - Communication process |
|
| | Audit approach - Communication process |
|
| | Audit approach - Communication process |
|
| | Audit approach - Communication process |
|
| | Audit approach - Communication process |
|
| | Audit approach - Communication process |
|
| | Audit Approach – Questioning techniques |
|
| | Audit Approach – Questioning techniques |
|
| | Audit approach - Communication process- clarifying questions |
|
| | Documentary evidence and follow up actions |
|
| | Performing an Audit – How do auditors find evidence ? |
|
| | Time management - Preparing a Checklist Format |
|
| | Preparing a Checklist Format |
|
| | Purpose of checklists |
|
| | Visit the field – Move around |
|
| | Performing an Audit -Observe Operational Control |
|
| | Performing an Audit -Observe Operational Control |
|
| | Follow Audit trials |
|
| | Section Quiz IQA |
|
| Module 13: Audit reporting and NCR writing tips |
|
| | Audit Management - reporting an audit |
|
| | Audit reporting |
|
| | Audit reporting – Writing Non-conformity reports |
|
| | Audit reporting – Writing Non-conformity reports |
|
| | NCR’s and Corrective actions -Examples of Objective Evidence |
|
| | Audit reporting – Writing Non-conformity reports |
|
| | Audit reporting – Writing Non-conformity reports |
|
| | NCR’s & Corrective actions Concepts relating to requirements |
|
| | NCR’s and Corrective action |
|
| | NCR Scenario 1 |
|
| | NCR scenario 2 |
|
| | Writing Non-conformity reports Do and donts |
|
| | Writing Non-conformity reports- matrix |
|
| | Writing Non-conformity reports- corrective action |
|
| | Difficulties encountered during internal audits |
|
| | Writing Non-conformity reports- auditor and auditee |
|
| | A piece of counsel |
|
| Final Assessment - ISO 27001- 45Min |
|