Autoplay
Autocomplete
Previous Lesson
Complete and Continue
ISO 27001: 2022 Internal Auditor Course
Training Overview
Description of Training
Introduction
Introduction to the course (4:07)
Module 1 - Introduction to ISO 27001
Introduction & suggested reading
What is ISO 27001? (1:32)
The structure of ISO 27001 (2:34)
Information security principles (2:51)
Introduction to the Information Security Management System (2:57)
Implementing ISO 27001 requirements (3:03)
Implementing ISO 27001 as a project (1:34)
Documenting ISO 27001 requirements (3:55)
ISO 27001 Benefits (2:44)
Certification FAQs (2:59)
Related documentation
Recap quiz
Module 2 - The planning phase
Introduction & suggested reading
Understanding your organization and its context [clause 4.1] (2:34)
Understanding the needs and expectations of interested parties [clause 4.2] (2:04)
Determining the scope of the ISMS [clause 4.3] (2:16)
Leadership and commitment [clause 5.1] (2:11)
Information Security Policy [clause 5.2] (1:29)
Organizational roles, responsibilities and authorities [clause 5.3] (2:42)
Information security objectives [clause 6.2] (2:43)
Resources [clause 7.1] (2:05)
Competence [clause 7.2] (1:38)
Awareness [clause 7.3] (1:40)
Communication [clause 7.4] (1:44)
Documented information [clause 7.5] (3:44)
Related documentation
Recap quiz
Module 3 - Risk management
Introduction & suggested reading
Addressing risks and opportunities [clause 6.1.1] (2:08)
Risk management process [clause 6.1.2] (2:38)
Information security risk assessment – Risk identification [clause 6.1.2] (3:25)
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] (3:13)
Information security risk treatment [clause 6.1.3] (3:27)
Statement of Applicability [clause 6.1.3] (2:17)
Risk treatment plan [clause 6.1.3] (0:52)
Related documentation
Recap quiz
Module 4 - The Do phase
Introduction & suggested reading
Formulating the risk treatment plan [clause 6.1.3] (2:26)
Implementing the risk treatment plan [clause 8.3] (1:32)
Operational planning and control [clause 8.1] (2:51)
Operating the ISMS [clause 8] (1:27)
Managing outsourcing of operations [clause 8.1] (2:33)
Controlling changes [clause 8.1] (2:29)
Risk assessment review [clause 8.2] (2:08)
Related documentation
Recap quiz
Module 5 - The Check and Act phases
Introduction & suggested reading
Monitoring, measurement, analysis, and evaluation [clause 9.1] (4:04)
Internal audit [clause 9.2] (3:05)
Management review [clause 9.3] (3:15)
Nonconformities and corrective actions [clause 10.1] (4:33)
Continual improvement [clause 10.2] (2:37)
Related documentation
Recap quiz
Module 6 - Overview of Annex A
Introduction & suggested reading
Introduction to Annex A (5:18)
People controls (2:05)
Physical controls (3:37)
Technological controls – overview and new controls (4:13)
Technological controls – software development (2:51)
Technological controls – operational security (4:48)
Organizational controls – policies and responsibilities (3:22)
Organizational controls – information and asset management (1:52)
Organizational controls – operational security (2:43)
Organizational controls – supplier security (3:14)
Organizational controls – incidents and business continuity (4:52)
Organizational controls – compliance, privacy, and legal aspects of security (2:49)
Related documentation
Recap quiz
Module 7 - Introduction to the internal audit
Introduction & suggested reading
Internal vs external audit (2:06)
The main purpose of the internal audit (1:31)
ISO Requirements for internal audits (2:14)
Criteria for selecting the internal auditor (1:37)
The audit findings (1:30)
Nonconformities (2:09)
Observations (1:50)
Major and minor nonconformities (3:57)
Related Documentation
Recap quiz
Module 8 - Organizing the internal audit
Introduction & suggested reading
Organizing the internal audit (1:08)
Internal audit procedure (1:56)
Annual audit program (3:48)
Audit plan for an individual audit (1:52)
Related Documentation
Recap quiz
Module 9 - Internal audit elements
Introduction & suggested reading
Internal audit elements (2:36)
Document review (2:02)
Creation of the checklist (3:01)
Internal audit report (1:29)
Corrective action requests and corrective action follow-up (2:00)
Related Documentation
Recap quiz
Module 10 - The main audit
Introduction & suggested reading
Auditor assumptions (1:24)
Techniques for finding evidence (2:54)
Sampling the records (1:35)
Recording the evidence (2:22)
Interviewing techniques (4:05)
Remote audits (1:50)
Auditing integrated management systems (2:02)
Related Documentation
Recap quiz
Instructions for taking the exam and obtaining the certificate
The main purpose of the internal audit
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock