ISO 9001 2015 & ISO 27001 2022 Integrated Management System (IMS) – Internal Auditor Course
- Description
- Curriculum
The ISO 9001 standards provide guidance and tools for organizations who want to make sure that their products and services consistently meet customer’s requirements, and that quality is consistently improved. ISO 9001 standards sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. ISO/IEC 27001 information security management system (ISMS) specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. This internal auditor course on an integrated management system based on ISO 9001 2015 and ISO 27001 2022 standards will help you learn how to initiate an audit, prepare and conduct audit activities, compile and distribute audit reports and complete follow-up activities. On successful completion of this course, you will be able to optimize your auditing skills with the internationally recognized ISO 9001 2015 and ISO 27001 2022 standards and boost your audit capabilities. Also gain confidence in planning and performing an effective audit, as well as reporting and taking corrective action where necessary. This internal auditor training course develops the necessary skills to assess and report on the conformance and implementation of processes based on the requirements of ISO 9001 2015 and ISO 27001 2022 standards.
Who Should Attend?
- Anyone involved in the planning, implementing, maintaining, supervising or auditing of a management system based on ISO 9001 2015 and ISO 27001 2022 standards
- Those who like to handle the role of an internal auditor in an organisation
- Employees of any organisation who wish to audit their organisation’s quality and information security management system
- Those involved in second party audits such as vendor audits
- Personnel who wish to pursue career as an internal auditor
- Expert advisors in quality and information security management system
Key Benefits
I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Awareness training on ISO 9001 2015 & ISO 27001 2022 standards
-
1
Introduction to standards and certification- Purpose of standardization
- Benefits of certification
-
2
Introduction to ISO 9001 2015 standards
Application areas
Terms and definitions
Quality management principles
Process based approach
Plan-Do-Check-Act cycle
Risk based thinking
Benefits of certification
Certification process flow
-
3
Introduction to ISO 27001 2022 standards
1 Introduction to ISO 27001 standards
2 Scope of ISO 27001 standards
3 Key benefits of implementing ISO 27001 standards
-
4
IMS 927 Context of the organization
- Understanding the organization and its context
- Understanding the needs and expectations of interested parties
- Determining the scope of the quality & information security management system
- Quality & information security management system and its processes
-
5
IMS 927 Leadership
- Leadership and commitment
- Customer focus
- Policy
- Establishing the quality policy
- Communicating the quality policy
- Organizational roles, responsibilities and authorities
-
6
IMS 927 Planning
- Actions to address risks and opportunities
- Quality & Information security objectives and planning to achieve them
- Planning of changes
-
7
IMS 927 Support
- Resources
- People
- Infrastructure
- Environment for the operation of processes
- Monitoring and measuring resources
- Organizational knowledge
- Competence
- Awareness
- Communication
- Documented information
- Creating and updating
- Control of documented information
-
8
IMS 927 Operation
- Operational planning and control
- Requirements for products and services
- Customer communication
- Determining the requirements for products and services
- Review of the requirements for products and services
- Changes to requirements for products and services
- Design and development of products and services
- Design and development planning
- Design and development inputs
- Design and development controls
- Design and development outputs
- Design and development changes
- Control of externally provided processes, products and services
- Type and extent of control
- Information for external providers
- Production and service provision
- Control of production and service provision
- Identification and traceability
- Property belonging to customers or external providers
- Preservation
- Post‐delivery activities
- Control of changes
- Release of products and services
- Control of nonconforming outputs
- Information security risk assessment
- Information security risk treatment
-
9
IMS 927 Performance evaluation
- Monitoring, measurement, analysis and evaluation
- Customer satisfaction
- Analysis and evaluation
- Internal audit
- Management review
- Management review inputs
- Management review outputs
-
10
IMS 927 Improvement
- Nonconformity and corrective action
- Continual improvement
-
11
ISO 27001A5 Organizational controls
ISO 27001 2022 A5 Organizational controls
ISO 27001 2022 A5.1 Policies for information security
ISO 27001 2022 A5.2 Information security roles and responsibilities
ISO 27001 2022 A5.3 Segregation of duties
ISO 27001 2022 A5.4 Management responsibilities
ISO 27001 2022 A5.5 Contact with authorities
ISO 27001 2022 A5.6 Contact with special interest groups
ISO 27001 2022 A5.7 Threat intelligence
ISO 27001 2022 A5.8 Information security in project management
ISO 27001 2022 A5.9 Inventory of information and other associated assets
ISO 27001 2022 A5.10 Acceptable use of information and other associated assets
ISO 27001 2022 A5.11 Return of assets
ISO 27001 2022 A5.12 Classification of information
ISO 27001 2022 A5.13 Labelling of information
ISO 27001 2022 A5.14 Information transfer
ISO 27001 2022 A5.15 Access control
ISO 27001 2022 A5.16 Identity management
ISO 27001 2022 A5.17 Authentication information
ISO 27001 2022 A5.18 Access rights
ISO 27001 2022 A5.19 Information security in supplier relationships
ISO 27001 2022 A5.20 Addressing information security within supplier agreements
ISO 27001 2022 A5.21 Managing information security in the ICT supply chain
ISO 27001 2022 A5.22 Monitoring, review and change management of supplier services
ISO 27001 2022 A5.23 Information security for use of cloud services
ISO 27001 2022 A5.24 Information security incident management planning and preparation
ISO 27001 2022 A5.25 Assessment and decision on information security events
ISO 27001 2022 A5.26 Response to information security incidents
ISO 27001 2022 A5.27 Learning from information security incidents
ISO 27001 2022 A5.28 Collection of evidence
ISO 27001 2022 A5.29 Information security during disruption
ISO 27001 2022 A5.30 ICT readiness for business continuity
ISO 27001 2022 A5.31 Legal, statutory, regulatory and contractual requirements
ISO 27001 2022 A5.32 Intellectual property rights
ISO 27001 2022 A5.33 Protection of records
ISO 27001 2022 A5.34 Privacy and protection of PII
ISO 27001 2022 A5.35 Independent review of information security
ISO 27001 2022 A5.36 Compliance with policies, rules and standards for information security
ISO 27001 2022 A5.37 Documented operating procedures
-
12
ISO 27001A6 People controls
ISO 27001 2022 A6 People controls
ISO 27001 2022 A6.1 Screening
ISO 27001 2022 A6.2 Terms and conditions of employment
ISO 27001 2022 A6.3 Information security awareness, education and training
ISO 27001 2022 A6.4 Disciplinary process
ISO 27001 2022 A6.5 Responsibilities after termination or change of employment
ISO 27001 2022 A6.6 Confidentiality or non-disclosure agreements
ISO 27001 2022 A6.7 Remote working
ISO 27001 2022 A6.8 Information security event reporting
-
13
ISO 27001A7 Physical controls
ISO 27001 2022 A7 Physical controls
ISO 27001 2022 A7.1 Physical security perimeters
ISO 27001 2022 A7.2 Physical entry
ISO 27001 2022 A7.3 Securing offices, rooms and facilities
ISO 27001 2022 A7.4 Physical security monitoring
ISO 27001 2022 A7.5 Protecting against physical and environmental threats
ISO 27001 2022 A7.6 Working in secure areas
ISO 27001 2022 A7.7 Clear desk and clear screen
ISO 27001 2022 A7.8 Equipment siting and protection
ISO 27001 2022 A7.9 Security of assets off-premises
ISO 27001 2022 A7.10 Storage media
ISO 27001 2022 A7.11 Supporting utilities
ISO 27001 2022 A7.12 Cabling security
ISO 27001 2022 A7.13 Equipment maintenance
ISO 27001 2022 A7.14 Secure disposal or re-use of equipment
-
14
ISO 27001A8 Technological controls
ISO 27001 2022 A8 Technological controls
ISO 27001 2022 A8.1 User endpoint devices
ISO 27001 2022 A8.2 Privileged access rights
ISO 27001 2022 A8.3 Information access restriction
ISO 27001 2022 A8.4 Access to source code
ISO 27001 2022 A8.5 Secure authentication
ISO 27001 2022 A8.6 Capacity management
ISO 27001 2022 A8.7 Protection against malware
ISO 27001 2022 A8.8 Management of technical vulnerabilities
ISO 27001 2022 A8.9 Configuration management
ISO 27001 2022 A8.10 Information deletion
ISO 27001 2022 A8.11 Data masking
ISO 27001 2022 A8.12 Data leakage prevention
ISO 27001 2022 A8.13 Information backup
ISO 27001 2022 A8.14 Redundancy of information processing facilities
ISO 27001 2022 A8.15 Logging
ISO 27001 2022 A8.16 Monitoring activities
ISO 27001 2022 A8.17 Clock synchronization
ISO 27001 2022 A8.18 Use of privileged utility programs
ISO 27001 2022 A8.19 Installation of software on operational systems
ISO 27001 2022 A8.20 Networks security
ISO 27001 2022 A8.21 Security of network services
ISO 27001 2022 A8.22 Segregation of networks
ISO 27001 2022 A8.23 Web filtering
ISO 27001 2022 A8.24 Use of cryptography
ISO 27001 2022 A8.25 Secure development life cycle
ISO 27001 2022 A8.26 Application security requirements
ISO 27001 2022 A8.27 Secure system architecture and engineering principles
ISO 27001 2022 A8.28 Secure coding
ISO 27001 2022 A8.29 Security testing in development and acceptance
ISO 27001 2022 A8.30 Outsourced development
ISO 27001 2022 A8.31 Separation of development, test and production environments
ISO 27001 2022 A8.32 Change management
ISO 27001 2022 A8.33 Test information
ISO 27001 2022 A8.34 Protection of information systems during audit testing
Internal auditor training on ISO 9001 2015 & ISO 27001 2022 standards
-
15
Introduction to ISO 19011 2018 Guidelines for auditing management systems
- Scope
- Normative references
- Terms and definitions
-
16
ISO 19011 Principles of auditing
-
17
ISO 19011 Managing an audit program
- Establishing audit programme objectives
- Determining and evaluating audit programme risks and opportunities
- Establishing the audit programme
- Roles and responsibilities of the individual(s) managing the audit programme
- Competence of individual(s) managing audit programme
- Establishing extent of audit programme
- Determining audit programme resources
- Implementing audit programme
- Defining the objectives, scope and criteria for an individual audit
- Selecting and determining audit methods
- Selecting audit team members
- Assigning responsibility for an individual audit to the audit team leader
- Managing audit programme results
- Managing and maintaining audit programme records
- Monitoring audit programme
- Reviewing and improving audit programme
-
18
ISO 19011 Conducting an audit
- Initiating audit
- Establishing contact with auditee
- Determining feasibility of audit
- Preparing audit activities
- Performing review of documented information
- Audit planning
- Assigning work to audit team
- Preparing documented information for audit
- Conducting audit activities
- Assigning roles and responsibilities of guides and observers
- Conducting opening meeting
- Communicating during audit
- Audit information availability and access
- Reviewing documented information while conducting audit
- Collecting and verifying information
- Generating audit findings
- Determining audit conclusions
- Conducting closing meeting
- Preparing and distributing audit report
- Preparing audit report
- Distributing audit report
- Completing audit
- Conducting audit follow-up
-
19
ISO 19011 Competence and evaluation of auditors
- Determining auditor competence
- Personal behavior
- Knowledge and skills
- Achieving auditor competence
- Achieving audit team leader competence
- Establishing auditor evaluation criteria
- Selecting appropriate auditor evaluation method
- Conducting auditor evaluation
- Maintaining and improving auditor competence
Evaluation - ISO 9001 2015 & ISO 27001 2022 (IMS) – Internal Auditor Course
Course details
Duration
16 hr
Lectures
20
Quizzes
1
Level
Beginner
Popular courses
