ISO 27001- Lead Auditor Training

 

ISO 27001 Relevance to Business and Customers

ISO 27001 involves establishing and maintaining a documented system of controls whereby management of risks can be possible; risks can be identified and reduced. Achieving ISO 27001 certification shows that a business has protected information from getting into unauthorized hands, and ensured information is accurate and can only be modified by authorized users.

Organizations that process client data, and provide business products and solutions make ISO 27001 not only an internal control requirement but also a business requirement. Often ISO 27001 is implemented in response to a business requirement raised by the Chief Operating Officer.

Organizations that are awarded ISO 270012013 certification can claim that they:

  • Are taking appropriate control measures to protect confidential and privileged information.
  • Are following international best practices to mitigate cyber threats and have a cyber incident response and management processes to respond to cyber-attacks.
  • Have established a formal information risk management process and a functioning ISMS or Information Security Risk Management System.

More tangible business benefits of having formal risk management processes and an ISMS include:

  • Building a solid foundation to comply with existing and upcoming national and international regulations (like the EU GDPR, for example) thereby, possibly, avoiding costly regulatory penalties and financial loss.
  • Increasing the overall security maturity of your business.
  • Assuring customers and regulators that the business takes cyber security risks seriously.
  • Protecting and enhancing your brand reputation.
  • Satisfying audit requirements by internal teams, customers, and or regulators.
  • Possibly realizing financial savings in the long run (reduce expenditure on technology incidents, regulatory fines, and non-compliance).

ISO 27001 covers the following areas of security

  • Risk assessment
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental controls
  • Communication & operations control
  • Access management
  • Information Systems Acquisitions, development, and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

Not only does ISO 27001 certification help you demonstrate good security practices, thereby improving working relationships and retaining existing clients, but it also gives you a proven marketing edge against your competitors, putting you alongside the likes of Google, Microsoft, and Amazon. Organizations dealing with ISO 27001 certified organizations have a level of confidence in safe operations and the existence of business continuity management. This ensures a secure dealing
and security of their data residing in the organization.

Course Objective

To have a comprehensive understanding of the ISO 27001 standard and key processes for the implementation of ISO 27001 in an organization, steps in certification, and the attaining the knowledge to become a key implementer.

Schedule For Training

Section 1 

  • Introduction to the ISO 27001 standard and the management of an Information Security Management System (ISMS) based on ISO 27001 requirements.
  • Comparison of current ISO 27001 with proposed changes to the standard
  • Explanation of key definitions and terms used in ISO 27001
  • Fundamental principles of Information Security
  • Introduction of Clauses 4-10 and Annexure A controls
  • Preliminary preparedness analysis and determining the level of maturity of the existing management of the Information Security
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance with ISO/IEC 27001:2013

Section 2

  • Initiating the ISO 27001 project
  • Definition of roles & responsibilities
  • Drafting of the ISMS policy
  • Defining the scope of the ISMS
  • Drafting the Statement of Applicability (SOA)
  • Risk management methodology, risk assessment & risk treatment under ISO 2700

Section 3

  • Implementing the ISMS based on ISO 27001 standard
  • Preparation of mandatory documentation
  • Design of controls and writing procedures
  • Assessing risk as per ISO 27001 requirement
  • Implementation of controls
  • Development of a training & awareness program and communication about the significance of the implementation program.
  • Incident Management procedures
  • Operations management of an ISMS

Section 4

  • Internal audit of the controls, policies, and overall status of isms
  • Certification audit of the ISMS according to ISO 27001
  • Performance monitoring and setting of metrics, key performance indicators, and the dashboard 
  • Management review of the ISMS
  • Implementation of a continuous improvement program 

Final Assessment

  • Q/A session & some case studies
  • Small test (MCQ)
  • Any clarification on the request

Training Dates & Timing:

  • Sections 1 - 4 will be covered from 23 - 30 May 2022 from 5:30 PM - 8:30 PM IST
  • The final Assessment will take place on 31 May 2022 from 10 AM to 11:30 AM IST

Training Profiles

Priti Sikdar (EVP Risk Advisory & Training, Riskpro India)
Priti is an Information security and Data privacy professional with over 25 years of experience in the IT sector. She has vast experience in the implementation of systems to comply with ISO 27001, GDPR, Privacy Shield, and GLBA, conducting ISMS audits, security, and privacy risk assessments as well as SOC 2 audits. Priti has worked for leading firms such as Grant Thornton, KPMG London, and Sharp & Tannan.

Latha Sunderkrishnan (Consultant)
Overall 25+ years of experience in the IT field. An Information Security professional with 10+ years of consulting experience in information security. Rich experience in consulting and managing projects for ISO 27001:2013, ISO 22301, PCI DSS, Migration Audit for CBS, CMMI, IT ACT Compliance, Data Privacy, and Cyber Security for various international and
Indian clients.

Monika M Mankar (SVP IT Risk Advisory, Riskpro India)
An Information Security Professional having over 25 years of experience in Information Security, Compliance, and IS Audit and Assessments (SOX, HIPPAA, SAS 70, PCI DSS, ISO 27001, Data Privacy). She handled various roles; Practice Lead - Information Security Compliance and Assurance, Information Security Compliance Manager (ISM), and ISMS awareness and
training.

Training Fees Per Person: Rs. 22,000 + GST

Training Takeaway:

  • Comparison with proposed changes to ISO 27001
  • A greater understanding of ISO 27001
  • Practicing your internal auditing skills
  • Understanding areas to be audited
  • Understanding techniques/approaches to consider
  • Understanding organization issues when maintaining and auditing framework processes

 

To enroll for the training or for any queries, please email varsha.sunar@riskpro.in or call 8779250357
 

City
Online