Day 1: Introduction to the management of an Information Security Management System based on ISO 27001

• Normative and regulatory and legal framework related to information security
• Fundamental principles in Information Security
• ISO 27001 certification process
• Information Security Management System (ISMS)
• Detailed presentation of the clauses 4 to 8 of the ISO 27001 standard

Day 2: Launching an ISO 27001 audit

• Fundamental audit concepts and principles
• Audit approach based on evidence and on risk
• Preparation of an ISO 27001 certification audit
• Documenting of an ISMS audit
• Conducting an opening meeting

Day 3: Conducting an ISO 27001 audit

• Communication during the audit
• Audit procedures:
  • observation,
  • document review
  • interview
  • sampling techniques
  • technical verification
  • Corroboration and evaluation
  • Drafting test plans
  • Formulation of audit findings
  • Drafting of nonconformity reports

Day 4: Closing an ISO 27001 audit

• Audit documentation
• Quality review
• Review of audit notes
• Conducting a closing meeting and conclusion of an ISO 27001 audit
• Evaluation of corrective action plans
• Surveillance audit
• Audit management program
• Completion of training

Day 5

• Course review
• Q&A
• Exam preparation