Certification of an organization’s Information Security Management System (ISMS) against ISO/IEC 27001 is one means of providing assurance that the certified organization has implemented a system for the management of information security in line with the global standard.
Credibility is the key advantage of being certified by a respected, independent and competent third party. The assurance it provides gives confidence to management, business partners, customers and auditors that the organization is serious about information security management.
The ISO/IEC 27000 standard consists of two parts:
ISO/IEC 27000 Part 1 is a Standard Code of Practice that provides an organization with default guidelines on the types of security controls an organization should implement to safeguard their assets. The scope of this standard covers all communication systems such as voice, internet, phones, faxes, etc.
ISO/IEC 27000 Part 2 is Management Standard Specification which outlines the necessary steps required in establishing a management framework. It encompasses people, IT systems and the processes within the organization.
About this workshop
The workshop is aimed at providing an in-depth understanding of how to conduct audit of the ISO/IEC 27001 standard. Participants understand
- Alternative IT related standards and their focus and strengths
- Overview of other standards in comparison with ISMS
- Need for ISMS
- Detailed review of ISO 27001 clauses
- Detailed steps for auditing ISO 27001
- How scope of ISMS can be limited by management and what are acceptable limitations
- Statement of Applicability
- Vulnerability & Risk assessment
- Raising NCs and closing NCs based on corrective actions
The workshop includes exercises, case studies and role plays to help participants gain a better understanding on how to conduct an ISMS audit.
Benefits
On completion of this workshop, participants will get a better understanding of
- The business drivers for information security
- ISMS Compliance using the PDCA (Plan-Do-Check-Act) cycle
- Auditing sample documentation
- Creating checklists
- Conducting opening and closing meeting
- Conducting Audit along with role play
- NCR writing exercises
- CA/PA evaluation during audit follow up
Who should attend
This workshop is meant for professionals responsible for Information Security Management Systems (ISMS) in key functions such as
- Security Management
- Facilities Management
- Human Resource Department
- Administration Department
- Financial Department
- Emergency Unit
- Operations
- Supply Chain
- Risk and Crisis Management
Anyone aspiring to implement / audit ISO/IEC 27001 standard would benefit from this workshop. Prior knowledge on information security management and the ISO 27001 series of standards is desirable.
Workshop Outline
- ISMS Scope and Benefits
- ISO 27001: Process Framework Requirements
- ISO 27001: Control Objectives and Controls
- Asset Identification and Classification
- Risk Identification
- Risk Assessment
- Risk Management
- Statement of Applicability
- Information Security Incident Management
- Business Continuity
- Auditing Concepts
- Audit Planning & Execution
- Audit Reporting & Follow up
- Dos and Don’ts of Auditing