ISO 27001 Lead Auditor - Philippines

ISO 27001 Lead Auditor Course Outline

This ISO 27001 Lead Auditor training course will explore the following modules:

Module 1: Introduction to ISO 27001

• Introduction
• ISO 27001:2022 and its Clauses

Module 2: Information Security

• Triad of Information Security
• What is Information Security? 
• Need for Information Security
• Threats to Information Security
• Active and Passive Attacks

Module 3: Context of the Organisation

• Understanding the Organisation and its Context
• Understanding the Needs and Expectations of Interested Parties
• Determining the Scope of the Information Security Management System
• Information Security Management System

Module 4: Leadership

• Leadership and Commitment
• Policy
• Organisational Roles, Responsibilities, and Authorities

Module 5: Planning

• Actions to Address Risks and Opportunities
• Information Security Objectives and Planning to Achieve Them
• Planning of Changes

Module 6: Support

• Resources
• Competence
• Awareness
• Communication
• Documented Information

Module 7: Operation

• Operational Planning and Control
• Information Security Risk Assessment
• Information Security Risk Treatment

Module 8: Performance Evaluation

• Monitoring, Measurement, Analysis, and Evaluation
• Internal Audit
• Management Review

Module 9: Improvement

• Nonconformity and Corrective Action
• Continual Improvement

Module 10: Introduction to Auditing

• Internal Audit Charter
• Communicate with Organisation and Audit Committee
• Auditing Reflects
• General and Internal Auditing Standards and Guidance
• Auditing Types, Procedures, and Planning
• Auditing Techniques
• Auditing Principles
• Phases of Audit

Module 11: Performing ISO 27001 Audits

• Preparing an Audit Report
• Assessment of Audit Reports and Documents
• Report Preparation, Findings, Reconciliation, and Conclusions
• Auditing Procedures
• Reviewing Documents and Reports
• Classifying Findings
• Reliability of Audit Findings

Module 12: Internal Auditor

• Roles, Responsibilities, and Leadership Skills
• Audit Plan
• Opening Meeting
• Record Review Activities
• Internal Auditor Checklist
• Communication Between Departments
• Drafting Reports and Test Plans

Module 13: ISMS and the ISO 27001 Standards Family

• What is an ISMS?
• Project Plan
• Management and Governance Frameworks
• ISMS Benefits
• Scope of ISMS in an Organisation
• Introduction to Management Systems
• Process Approach
• Fundamentals
• PDCA Cycle

Module 14: Interaction with ISO 27005

• What is ISO 27005?
• ISO 27001 Vs ISO 27005
• Quantifying the Business Impact
• Impact Severity

Module 15: Roles and Responsibilities of a Lead Implementer

• Roles and Responsibilities
• Case Study: ABC’s ISO 27001 

Module 16: Launch and Implement an ISMS in an Organisation

• Apply the Frameworks
• Procedures and Controls
• Implementing the Controls
• Training and Awareness Programme
• Management’s Role
• Responsibilities of Employees

Module 17: Risk Management

• Analysing and Evaluating Risks
• Managing Risk Approaches
• Case Study: Law Firm

Module 18: Risk Assessment and the Statement of Applicability (SOA)

• Risk Assessment
• Conducting Risk Assessments
• Risk Assessment Methodology
• ISMS Risk Assessment Report
• Threats and Vulnerabilities

Module 19: Introduction to ISO 27001 Lead Auditor

• Roles and Responsibilities of a Lead Auditor
• Team Selection and Planning
• Qualifications of an Auditor
• Conformance and Compliance

Module 20: Preparing and Planning an Audit

• Roles and Responsibility of an Auditor
• Auditing Schedule and Time
• Procedures and Process Flow
• Activities of an Auditor
• Audit Components
• Purpose and Extent of an Audit

Module 21: Reviewing Process and Qualities

• Different Review Stages
• Collecting Evidence
• Observation
• Audit Findings
• Conducting Follow-Ups

Module 22: Certification

• Steps Towards Successful Certification
• Selecting an ISO 27001 Registrar
• Prepare for the Certification Audits
• Certification
• Stage 1 Audit
• Stage 2 Audit
• Surveillance Audit
• Re-certification Audit

Module 23: Audit Triangle

• Fraud Triangle
• Tackling the Fraud Triangle

Module 24: Auditing Techniques

• Classifying Audit Findings
• On-Site Auditing
• Remote Auditing Methods

Module 25: Tasks of an Auditor

• Opening Meetings
• Daily Discussion Meetings
• Closing Meeting
• Monitoring and Logging
• Handling Stressful Situations
• Intrusion and Penetration Testing
• Reporting Audits
• Follow-Up Actions