Information security threats and attacks grow and evolve continuously. As such, organisations are increasingly concerned about how their valuable information is handled and protected. The best form of defense against threats and attacks is the proper implementation, auditing, and management of information security controls and best practices. Information security is a key expectation and requirement of customers, legislators, and other interested parties.
ISO/IEC 27001 Lead Auditor training course is designed to prepare you to audit an information security management system (ISMS) based on ISO/IEC 27001. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits.
The training content is comprised of practical exercises and case studies which bring you real-world expertise that you can apply to your day-to-day operations and activities. Through practical exercises, you will be able to master audit techniques and become competent to manage an audit programme, audit team, communication with customers, and conflict resolution.
What is ISO/IEC 27001 ?
ISO/IEC 27001 provides requirements for organisations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organisation.
Day 1 – Introduction to the information security management system (ISMS) & ISO/IEC27001
- Training course objectives and structure
- Standards and regulatory frameworks
- Certification process
- Fundamental concepts and principles of information security
- Information security management system (ISMS)
Day 2 – Audit principles, preparation, and initiation of an audit
- Fundamental audit concepts and principles
- The impact of trends and technology in auditing
- Evidence-based auditing
- Risk-based auditing
- Initiation of the audit process
- Stage 1 audit
Day 3 – On-site audit activities
- Preparing for stage 2 audit
- Stage 2 audit
- Communication during the audit
- Audit procedures
- Creating audit test plans
Day 4 – Closing the audit
- Drafting audit findings and nonconformity reports
- Audit documentation and quality review
- Closing of the audit
- Evaluation of action plans by the auditor
- Beyond the initial audit
- Managing an internal audit program
- Closing of the training course
- Duration: 3 hours
- Online examination to be booked after completion of the training course.
Who Should Attend
- Individuals who are interested in mastering the audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001
- Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
- Managers or consultants seeking to master an Information Security Management System (ISMS) audit process
- Individuals responsible for maintaining conformance with Information Security Management
- System (ISMS) requirements
- Technical experts seeking to prepare for an Information Security Management System (ISMS) audit
- Expert advisors in Information Security
Cantonese with English terminology
HK$16,800 per person
RTTP Training Grant Application
This course is applying Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details: https://rttp.vtc.edu.hk.
Companies should submit their RTTP training grant application for their employee(s) via https://rttp.vtc.edu.hk/rttp/login at least two weeks before course commencement. Alternatively, application form could be submitted by email to email@example.com along with supporting documents.
Mr Poon Wai Tung, Keith
Mr Poon Wai Tung, Keith is the Principal Consultant of an IT security consultancy company. Mr Poon has been instrumental in developing professional consulting solutions, auditing and training courses in the increasingly vital areas of business risk assessment, business continuity management, information security and IT service management with a particular focus on services companies and manufacturing.
Mr Leung Wai Leung, Terry
Mr Lau Wai Leung, Terry is the Senior Consultant of an IT security consultancy company. Mr Lau has conducted many IMS audit in Hong Kong, Macau and China and provided various in-house and public ISO training to ensure the clients meet the standard requirements and achieve certification. The clients focus on MNC and SME.
Mr Chung Tin Cheuk, Aidan
Mr Chung Tin Cheuk, Aidan is the Senior Consultant of an IT security consultancy company. Mr Chung has implemented ISO 14000, ISO/IEC 20000, ISO/IEC 27001 & ISO 50001 certification for a professional data centre companies in Hong Kong, designed and delivered training course on information security management system, service management system and quality management system.
Mr Lo Hok Sik, OK
Mr Lo Hok Sik, OK is the Senior Consultant of an IT security consultancy company. Mr Lo has conducted many risk assessment and business continuity management in government sector in systems integrator industry and IT infrastructure virtualisation and VDI project in local and countries in overseas.
Certificate of Training
Participants who have attained at least 75% attendance of lecture will be awarded an Attestation of Course Completion for claiming Continuing Professional Development (CPD) credits.