Course Overview

This two-day course develops the practical skills required to plan, conduct, and report internal audits of an Information Security Management System against ISO/IEC 27001:2022. Participants learn to audit the risk treatment plan, the Statement of Applicability, and all 93 Annex A controls – applying ISO 19011:2018 audit technique to the specific demands of information security.

Who Should Attend

• InfoSec and IT security staff
• Internal auditors, GRC, and compliance team members
• Risk and audit committee members
• Cybersecurity professionals new to ISMS auditing

What You Will Learn

• Plan and conduct internal ISMS audits in accordance with ISO 19011 principles
• Audit risk assessment, risk treatment, and the Statement of Applicability
• Evaluate Annex A controls across all four themes
• Identify, classify, and report nonconformities against ISO/IEC 27001:2022
• Verify corrective actions and contribute to ISMS continual improvement
• Apply the roles and responsibilities of an internal ISMS auditor

Course Content

• ISO/IEC 27001:2022 refresher and audit terminology
• ISMS audit programme and audit plan development
• Auditing risk assessment, risk treatment, and the Statement of Applicability
• Auditing Annex A controls – organizational, people, physical, technological
• Audit reporting, nonconformity writing, and corrective action follow-up
• Practical exercises with ISMS audit case studies

Methodology

A blend of trainer-led sessions, group work, role-play audits, and case-based discussion. Participants conduct simulated audits drawn from technology, fintech, and regulated-sector scenarios.

Assessment

Continuous assessment through case studies and exercises, complemented by a written end-of-course assessment.

Certificate

Prerequisites