What to read at ISMS

What is an ISMS? - ISO Consultant | Occupational Hygiene | Leverage  Technology

ISMS Internal Auditor Course Syllabus

This course is designed to provide knowledge and understanding of internally auditing ISO 270012005 – Information Security Management Systems.


Explain the purpose and structure of ISO 27001• 

Explain the principles, processes and selected techniques used for the assessment and management of information security management system (ISMS) controls and measures and the significance of these• 

Describe the responsibilities of an internal auditor• 

Describe the role of internal audit in the maintenance and improvement of management systems, in accordance with ISO 19011• 

Plan, conduct and report an internal ISMS audit 

After attending this course, you will be able to:• 

Explain why organizations use ISO 27001•

 Explain the purpose and structure of ISO 27001, with reference to the PDCA cycle• 

Outline the principles, processes and techniques used for the assessment and management of environmental aspects/impacts, including the significance of these for ISMS auditors• 

Explain the relationship between environmental management processes and implementation of an ISMS, and the implications for auditing• 

Explain the ISO 27001 clause 4.2.4 requirements for ‘improvement’ and the requirements for internal audit as described in clause 6.• 

Define an internal audit, including the terms and definitions used in auditing, referencing 19011 and ISO 27001• 

Explain objectives for audits, including conformance, effectiveness and improvement, and suggest how these different types of audit can add value to an organization• 

Explain the audit cycle, responsibilities of auditors and principles of auditing• 

Explain significance of audit criteria, including relevant legislation to applicable information security requirements• 

Outline different audit methods• 

Understand the audit of the effective implementation of on-going hazard identification, risk assessment and determination of necessary controls• 

Understand conformance to the relevant ISMS management system requirements requirements of a particular area of the business operation.• 

Explain the purpose and typical content of an internal audit report, corrective action process and audit follow-up activities• 

Describe the role and responsibilities of the auditor and the need for effective communication with the auditee• 

Explain the principle of confidentiality

Wish you all the best with these topics.

Leave a Comment

Your email address will not be published. Required fields are marked *