Intermediate

CIISA

ISO 27001

Information security

Certified Internal Information Security Auditor

QMS Certification Services

14h Duration

Course Outline

Introduction to Information Security Management

Importance of information security in organizations
Benefits of implementing ISO/IEC 27001
Key concepts: confidentiality, integrity, and availability (CIA)
Relationship between ISO 27001, ISO 27002, and other standards

Overview of ISO/IEC 27001:2022

Structure of the standard (High-Level Structure – Annex SL)
Key terms and definitions
Risk-based approach and the Plan–Do–Check–Act (PDCA) cycle
Understanding the ISMS scope and organizational context

ISMS Requirements

Context of the organization (Clause 4)
Leadership and commitment (Clause 5)
Planning, including risk assessment and risk treatment (Clause 6)
Support, resources, competence, awareness, and communication (Clause 7)
Operational control, monitoring, and measurement (Clauses 8–9)
Improvement and corrective actions (Clause 10)

Introduction to Auditing Concepts

Purpose and principles of internal auditing
Types of audits: first-party (internal), second-party, third-party
Auditor responsibilities, competencies, and ethics
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems

Internal Audit Planning

Establishing an internal audit program for ISMS
Developing audit plans and checklists
Document review and preparation
Sampling techniques for information security processes

Conducting the Internal Audit

Opening meeting and interview techniques
Collecting and verifying objective evidence
Evaluating ISMS processes, controls, and risk treatment effectiveness
Identifying nonconformities, observations, and opportunities for improvement

Audit Reporting and Corrective Actions

Writing audit findings and reports
Communicating results to management
Root cause analysis for nonconformities
Implementing corrective actions and follow-up

Auditor Skills and Professional Development

Effective communication during audits
Handling sensitive information and confidentiality
Managing challenging audit situations professionally

Practical Exercises and Case Studies

Audit planning and simulation exercises
Interview role-plays and evidence verification
Writing nonconformity reports
Risk-based audit evaluation exercises

Free

Register Now

14h

Last Updated: March 29, 2026

This course includes

- Comprehensive understanding of ISO/IEC 27001:2022 Information Security Management System (ISMS) requirements.
- Learn how to plan, conduct, and report internal audits of ISMS.
- Practical guidance on risk assessment, controls evaluation, and information security processes.
- Skills to collect, verify, and analyze objective evidence for audit findings.
- Training on root cause analysis and corrective action processes.
- Hands-on exercises with audit simulations, interviews, and reporting.
- Guidance for establishing and maintaining an internal ISMS audit program.
- Enhances auditor communication, professionalism, and handling of sensitive information.