Day 1: Introduction to the management of an Information Security Management System based on ISO 27001
- Normative and regulatory and legal framework related to information security
- Fundamental principles in Information Security
- ISO 27001 certification process
- Information Security Management System (ISMS)
- Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard
Day 2: Launching an ISO 27001 audit
- Fundamental audit concepts and principles
- Audit approach based on evidence and on risk
- Preparation of an ISO 27001 certification audit
- Documenting of an ISMS audit
- Conducting an opening meeting
Day 3: Conducting an ISO 27001 audit
- Communication during the audit
- Audit procedures:
- observation,
- document review
- interview
- sampling techniques
- technical verification
- Corroboration and evaluation
- Drafting test plans
- Formulation of audit findings
- Drafting of nonconformity reports
Day 4: Closing an ISO 27001 audit
- Audit documentation
- Quality review
- Review of audit notes
- Conducting a closing meeting and conclusion of an ISO 27001 audit
- Evaluation of corrective action plans
- Surveillance audit
- Audit management program
- Completion of training
Day 5
- Course review
- Q&A
- Exam preparation