Tel: 010 010 0685

Driving Business Excellence


ISMS – Information Security Lead Auditor Training – 2 days

ISMS – Information Security Lead Auditor Training – 2 days

isc-isms-iso27001-highres-no3Information Security Lead Auditor Training – ISMS 
2 Days

ISMS – Information Security Management Systems – ISO 27001:2013. The information presented in this two day course forms the basis for a systematic and integrated approach to audit of an Information Security Management System (ISMS). It also enables participants to gain an understanding of the requirements of all the elements in ISO/IEC 27001:2013.

The course examines the compatibility of ISMS with other management systems and explains the significant features of ISMS and the terminology & methodology used in the ISO/IEC 27001:2013 Standard.  The Delegate Manual provides plain English explanation, ISMS audit tools and sample checklists.

“ISMS is a systematic approach that ensures sensitive company information remains secure – your risk management process includes people, processes and systems and gives your customers confidence that you are deploying best practices”

tick-tick-logoKey Learning Objectives

  • The intent and the requirements of each clause and its relationship with the organisation’s operational information security requirements and legal compliance requirements
  • The documentation requirements, and gain the ability to analyse the interrelationships among various ISMS documents
  • How ISMS planning, policy, objectives and processes are implemented according to the ISO/IEC 27001:2013 standard and in relation to the context of the organization
  • The process of addressing improvements in the organization’s ISMS and verify that identified improvements are effectively managed


Review Risk Assessment

  • Assess the effectiveness of an organisation’s information security Risk Assessment (RA) methodologies
  • Analyse the controls identified in the Statement of Applicability (SOA) and the controls of the ISO/IEC 27001:2013 Annex A as they apply to the treatment of risk
  • Assess the organisation’s operational control, information security RA and the implementation of the Risk Treatment (RT) plan
  • Evaluate RA and RT results to ensure they are appropriately identified within the organization’s SOA
  • Assess an organization’s monitoring, measurement, analysis and evaluation activities