Length of training: 3 days 

Price: 10 000,- CZK  

The course is intended for internal auditors or information security managers who are beginners in auditing according to ISO/IEC 27001.  

It is based on an explanation of the requirements of ISO/IEC 27001:2022 Information security, cybersecurity and privacy - Information security management systems - Requirements from the internal auditor's perspective and the security measures outlined in ISO/IEC 27002:2022. The actual auditing procedure also includes the requirements of ISO 19011:2018 Guidelines for auditing management systems and their interdependence with the organization's operations.   

The course includes training in preparing and conducting an internal audit, including conducting audit communications and preparing an audit report.  

The aim is to inform the participants about the principles and principles of auditing and to share the experience of auditing practice. 

Training programme: 

Day 1  

• Information security management systems - a basic overview for the auditor. 
• Requirements of ISO/IEC 27001:2022 and related ISO/IEC 27000 series standards.  

Day 2 

• Requirements of ISO/IEC 27002:2022 - Part 1. 

Day 3 

• Requirements of ISO/IEC 27002:2022 - Part 2. 
• Requirements ISO 19011:2018 Guidelines for auditing management systems. 
• Audit terminology.
• Setting up an audit programme. 
• Step-by-step audit process. 
• Practical audit training. 
• Managing audit non-conformities, corrective and preventive actions. 
• Audit records - audit report and non-conformity record. 
• Auditor evaluation. 

The training ends with a final test. 

Upon completion of the course, the participant will receive a Certificate of Completion.