Black Friday Deal: 25% Of All 2024 Classes!
Use Code: BLACK FRIDAY 2024

ISO/IEC 27001 and VDA ISA TISAX Internal Auditing

Course Summary

This four-day ISO/IEC 27001 and VDA ISA TISAX Internal Auditor Training course equips participants with the essential skills to audit information security management systems, covering ISO/IEC 27001:2022 requirements, TISAX-specific controls, and auditing techniques through interactive exercises and case studies.

Upcoming Events

Event Details

32 hours (4 x 8 hour days)
Combination lecture and classroom exercises
Available at QSG’s training facilities, on-site at your organization, and virtually

Description

This four-day course provides participants with the necessary knowledge to audit all requirements of the ISO/IEC 27001:2022 standard and its organizational and technical controls from Annex A.

The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems – Overview and Vocabulary), and auditing requirements from both ISO 19011:2018 (Guidelines for Auditing Management Systems) and ISO/IEC 27007:2017 (Guidelines for Information Security Management Systems Auditing).

Group exercises and case studies will be used to develop the required skills. Other topics covered include the auditing process and methodologies, e.g. planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions following the requirements of ISO 19011 and ISO 27001. Case studies to develop skills for identifying nonconformities will be used.

Who Should Attend

This class is primarily designed for internal auditor candidates but can also be valuable for Information, Cybersecurity, Privacy and IT Managers, ISO/IEC 27001:2022 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency in ISO/IEC 27001:2022 and the auditing process for first party auditing.

Learning Objectives

  • Understand the application of Information Security Management principles in the context of ISO/IEC 27001:2022, and maturity of controls.
  • Relate the Information Security Management system to the organizational processes, services, and activities.
  • Understand the application of the principles, procedures and techniques and attributes needed for effective auditing.
  • Understand the conduct of an effective audit in the context of the auditee’s organizational situation.
  • Understand the application of the regulations, and other considerations that are relevant to the management system, and the conduct of the audit.
  • Understand the importance of risk assessments for protection of organizational assets.
  • Understand the need for a robust Information Security Management System that forms the basis for a TISAX label and maturity levels of required ISMS controls.

Course Outline

Day One

  • TISAX: Trusted Information Security Assessment Exchange
  • The need to protect assets.
  • Information Security Assessment (ISA) Methodology
  • Process Maturity Levels
  • VDA ISA TISAX and ISO/IEC 27001 Controls
  • ISO/IEC 27001:2022 Annex A Controls
  • TISAX Additional Controls not in ISO/IEC 27001
  • TISAX ISA Controls
  • Information Security Controls
  • Prototype Protection Controls
  • Data Protection Controls
  • Group Exercise:
  • Participants will engage in a number of group exercises to gain understanding of the ISA process

Day Two

  • Fundamentals of Information Security Management Systems (ISMS)
  • ISO/IEC 27001:2022 Requirements Descriptions
  • ISO/IEC 27001:2022 Clauses
  • Annex A Organizational and Technical Controls
  • Risk-based Thinking
  • ISMS Risks
  • ISMS Risk Assessment
  • ISMS Risk Treatment
  • Group Exercise 1: Risk Identification Discussion
  • ISO/IEC 27001 Clause 4 – Context of the Organization
  • ISO/IEC 27001 Clause 5 – Leadership
  • Group Exercise 2: Audit Scenarios
  • ISO/IEC 27001 Clause 6 – Planning

Day Three

  • ISO/IEC 27001 Clause 7 – Support
  • ISO/IEC 27001 Clause 8 – Operation
  • A look at and understanding of Annex A Controls
  • Group Exercise 3: Audit Scenarios
  • ISO/IEC 27001 Clause 9 – Performance Evaluation
  • ISO/IEC 27001 Clause 10 – Improvement
  • Group Exercise 4: Audit Scenarios
  • Understanding the ISMS Final Exam
  • Process Approach to Auditing, Turtle Diagrams and Audit Trails
  • Breakout Exercise 1: Create a Turtle Diagram
  • Audit Guidance, Definitions and Principles
  • The Need for an Audit Program
  • Audit Planning and Preparation – Using the Guidelines for Information Security Management Systems Auditing
  • Breakout Exercise 2: Documentation Review
  • Breakout Exercise 3: Create an Audit Plan
  • Seminar Agenda

Day Four

  • Conducting the Audit
  • Conducting the Closing Meeting
  • Breakout Exercise 4: Conduct an Audit Interview
  • Writing Nonconformity Statements
  • Breakout Exercise 5: Write Nonconformity Statements
  • Conducting the Closing Meeting
  • Completing the Audit Report
  • Corrective Action and Close-Out
  • Management Systems Auditing Final Exam

Prerequisites

An understanding of the ISO/IEC 27001:2022 requirements and/or work experience in applying ISO/IEC 27001:2022 is recommended.

Instructors

Webinar Testimonials

0
    Your Cart
    Your cart is emptyReturn to Shop
    Reap the benefits

    Login with your Membership Credentials

    Not Yet a Member? Request Membership Now

    Interested in this course for the Future?

    Thanks for letting us know!
    Please fill in the information below so that we can keep you informed.

    Name
    I'm not registering yet because
    This field is for validation purposes and should be left unchanged.

    GRANT FUNDING FOR TRAINING.

    Enhancing Skills, Advancing Quality!

    QSG has secured over $20M in training grants for companies across the USA. We specialize in expert grant writing and comprehensive support, creating tailored training solutions for organizations in states like in Massachusetts, Connecticut, Florida, Ohio, Michigan, and beyond!

    Thank you for visiting QSG!

    If you have any questions, would like more information, or would like to speak with a QSG representative, please contact us at any time!