Course Id :
CERTIFIED INFORMATION SECURITY MANAGEMENT SYSTEMS LEAD AUDITOR ISO/IEC 27001:2022
2, 3, 9 & 10 December 2023
In today’s world, Information is the ultimate asset for organizations of any size and type. As an asset it has value, and that value can be denied to the organization in several ways. Some of the critical properties of Information are Confidentiality, Integrity and Availability. Malicious actors can manipulate information to violate these properties, which can threaten the existence of the organization itself. Hence, information has to be secured. For information to be secure, there is a need to assess the risks to information and protect it through effective controls, since security threats and attacks have increased and improved constantly.
With the advancement of technology, today's information is in an electronic or digital form that is contained, transacted or transmitted though information systems and digital channels. Information systems are fragile and hence vulnerable. Besides, information systems are complex structures with each of its components requiring different approaches to protection, compounding the complexity that requires different skills and competencies.
It is routine news today that some entity or the other has been affected through theft or denied access to organizational information. Hence, Organizations need to create a robust defense against such acts (called as attacks) through proper implementation and management of information security controls and best practices and termed ISMS (Information Security Management System)
Recognizing the importance of information and the manner in which it affects people, every nation in order to protect its citizenry is now regulating and mandating organizations to take effective measures of protection. Therefore, Information security is now one of the prioritized key expectations and requirement of customers, legislators, and other interested parties.
Given the above environment and scenario, there is a need to converge and manage the information, information systems and the overall information infrastructure.
ISMS was recognized and adopted as early as 1970 and has today evolved into ISO: 27001 as a global standard developed by the ISO to meet and simplify the approach to information protection, which is adopted by more than 50,000 organizations across the world. Organizations have found it convenient to adopt ISO:27001 to manage their information and information systems.
Like any other progressive activity, the standard also evolves with technological advancement and enhanced knowledge acquired over a period of time. ISO has published the latest edition in 2022 with a new set of controls and approach.
Audit is one of the pillars in the THREE LINES OF DEFENCE concept and any implementation of the ISMS under ISO:27001 requires an assurance that the requirements of the standard are met. With the new 2022 edition coming into force, the audit methodology has to change to meet the new requirements.
Hence, auditors under the earlier edition and the new entrants to this domain need to acquire the skill and competence on the same.
An ISMS Certified Auditor is a formal and independent recognition of personal competencies and helps to qualify a candidate to conduct ISMS audits with ISO:27001 as the criteria to conduct an internal audit for the organization or for a certification body.
GORISCO ACADEMY understands the importance of an effective audit and has designed this training course to prepare its delegates with the knowledge and skills to plan and carry out audits in compliance with ISO 19011 and the certification process according to ISO/IEC 17021-1 for information security management system (ISMS) in compliance with the requirements of ISO 27001:2022. Attending this course allows you to gain a comprehensive understanding of the ISO standard, industry best practices, such that you can establish a framework which enables your organization to have an effective management of information security.
After the training, you will need to sit for the certification exam. Upon successful clearance of this exam, you will receive ‘Certified ISMS Lead Auditor’ certificate and title. This certificate will prove that you have the professional capabilities, competencies and practical knowledge to audit organizations based on the requirements of ISO 27001:2022 and best practices of auditing.
• Understand the requirements and operations of Information Security Management System based on ISO/IEC 27001:2022
• Understand the relation between ISO/IEC 27001, ISO/IEC 27002, other standards and regulatory frameworks
• Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
• Learn the roles and competencies of an auditor to plan an audit, lead a team of auditors, draft reports, and follow up on an audit as per ISO 19011
• Act with due professionalism and integrity during an audit
WHO SHOULD ATTEND
• ISMS Consultants looking to become a ISMS Auditor
• Internal Auditors responsible to perform and lead information security management system audits
• Professionals responsible to maintain conformity with the ISMS requirements in an organization
• ISMS Leaders seeking to prepare for ISMS audits
• ISMS team members seeking to prepare for BCMS audits
• Expert advisors in information security management domain
Delegates of this training course are required to have a fundamental understanding of information security concepts and basic knowledge of ISMS audit principles. An experience of about 2 years in information security domain is required to be able to grasp the elements of this course.