ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The purpose of this two-day Internal Auditor Training course is to give delegates the necessary skills to perform internal audits on an organization’s Information Security Management Systems (ISMS) and to contribute to its continual improvement. The training helps participants identify and control threats an organization faces from any information security controls lapses and how to effectively put in place measures to address those risks.
This course will also explain the role and responsibilities that the auditor must consistently demonstrate, including the need to display fairness, integrity, confidentiality and a focus on evidence-based decision making.