ISO/IEC 27001:2022 Information Security Management System Internal Auditor Course

INTRODUCTION
 
The Information Security Management System (ISMS) Internal Auditor Training Program is designed to provide participants with the essential knowledge and skills needed to conduct effective internal audits in compliance with ISO/IEC 27001:2022 requirements. This course equips participants with a thorough understanding of internal audit procedures, from planning and conducting audits to reporting and following up on corrective actions, with a focus on information security, risk management, and maintaining the confidentiality, integrity, and availability of information systems.
 
Through this program, participants will:
 
- Master the principles and requirements of ISO/IEC 27001:2022.
- Learn how to plan, conduct, and report internal audit results.
- Develop analytical, communication, and problem-solving skills related to information security audits.
- Understand the role of internal auditors in maintaining and improving the effectiveness of the Information Security Management System (ISMS).
 
PARTICIPANTS
 
- Managers at all levels.
- IT supervisors and system administrators.
- Risk management and information security professionals.
- Information security management personnel.
- Individuals seeking to enhance their skills in internal auditing for information security systems.
 
TRAINING CONTENT
 
+) Introduction to Information Security Management Systems and ISO/IEC 27001
- Overview of Information Security Management Systems (ISMS) and the requirements of ISO/IEC 27001:2022.
- How to identify and comply with legal and regulatory requirements related to information security.
- Methods for controlling security risks, such as access management, data encryption, and system monitoring.
- The role and importance of internal audits in maintaining and improving ISMS.
 
+) Internal Audit Processes and Principles
- Types of internal audits and the role of information security auditors.
- The audit process: planning, execution, reporting, follow-up, and improvement.
- Information Security Risk Assessment: Identifying vulnerabilities, weaknesses, and security risks to ensure confidentiality, integrity, and availability of information systems.
 
+) Planning and Preparation for Internal Audits
- Analyzing ISO/IEC 27001:2022 requirements and organizational structure to develop an audit plan.
- Methods for gathering information, defining audit scope, and setting audit objectives.
- Identifying and Managing Information Security Risks: Developing appropriate security controls and action plans.
- Developing audit checklists.
 
+) Conducting Internal Audits
 
- Interviewing skills, reviewing security documents, and observing security processes during the audit.
- How to identify, record, and categorize findings during the audit.
- Handling and resolving information security-related situations that arise during the audit.
 
+) Reporting Audit Results and Following Up on Corrective Actions
- Methods for clearly and systematically presenting audit findings.
- Monitoring and managing corrective and preventive actions related to information security.
- Guidelines for writing effective audit reports, focusing on improving the information security management system.
 
+) Skills for Internal Auditors
- Communication, persuasion, and conflict management skills in the context of information security.
- Developing analytical thinking and problem-solving abilities during audits.
 
TRAINING METHODS
 
The ISMS Internal Auditor Training Program combines theory with practice, ensuring participants gain both knowledge and practical skills. Through structured lectures, group discussions, case studies, and hands-on exercises, participants will develop their ability to plan, conduct, and manage internal audits following ISO/IEC 27001:2022 standards.
 
TUTORS
 
The program is led by experienced professionals in information security and auditing, certified by ICQ-IRCA. With years of experience auditing various organizations, the tutors not only provide theoretical knowledge but also share practical insights and solutions to common challenges encountered during audits. They are dedicated to guiding and providing specific feedback, helping participants develop the skills to become effective internal auditors.
 
For organizations or businesses interested in ISO/IEC 27001:2022 ISMS Internal Auditor Training, please contact:
 
GIC VIETNAM
12F, 14 Lang Ha Building, Ba Dinh District, Hanoi
Tel: 024.6275 2268, Fax: 024.6275 2269, Email: tuandm@gicvn.vn
Ho Chi Minh Office: R502, 160 Nam Ky Khoi Nghia, Tel: 028.39307936