This course enables participants to develop the expertise needed to audit an Information Security Management System (ISO 27001) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. Participants will acquire the knowledge needed to plan and perform audits compliant with the certification process of standard 27001:2005. The training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). An audit kit developed by experienced auditors will be distributed to participants. 

Students will:    

• Understand the application of the information security management system in the ISO 2701:2005 context 
• Understand the relationship between the information security management system, including the management of risks and controls, and the various stakeholders 
• Understand audit principles, procedures and techniques, and being able to apply them in an ISO 27001 audit framework 
• Understand the legal, statutory, regulatory or contract obligations relevant during an ISMS audit  
• Know how to perform an audit in an effective and cost-effective manner, and managing an audit team
• Know how to prepare and complete an audit report ISO 27001
• Know how to apply the information security management system in the ISO 2701:2005 context.