ISO 27001 Lead Auditor Training

 

ISO 27001 Relevance to Business and Customers

ISO 27001 involves establishing and maintaining a documented system of controls whereby management of risks can be possible; risks can be identified and reduced. Achieving ISO 27001 certification shows that a business has protected information from getting into unauthorized hands, ensures information is accurate, and can only be modified by authorized users.

Organizations that process client data, provide business products and solutions make ISO 27001 not only an internal control requirement but also a business requirement. Often ISO 27001 is implemented in response to a business requirement raised by the Chief Operating Officer.

Organizations that are awarded ISO 27001:2013 certification can claim that they:

  • Are taking appropriate control measures to protect confidential and privileged information.
  • Are following international best practices to mitigate cyber threats and have a cyber incident response and management processes to respond to cyberattacks.
  • Have established a formal information risk management process and a functioning ISMS or Information Security Risk Management System.

More tangible business benefits of having formal risk management processes and an ISMS include:

  • Building a solid foundation to comply with existing and upcoming national and international regulations (like the EU GDPR, for example) thereby, possibly, avoiding costly regulatory penalties and financial loss.
  • Increasing the overall security maturity of your business.
  • Assuring customers and regulators that the business takes cyber security risks seriously.
  • Protecting and enhancing your brand reputation.
  • Satisfying audit requirements by internal teams, customers, and or regulators.
  • Possibly realizing financial savings in the long run (reduce expenditure on technology incidents, regulatory fines, and non-compliance).

ISO 27001 covers the following areas of security:

  • Risk assessment
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental controls
  • Communication & operations control
  • Access management
  • Information Systems Acquisitions, development, and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

Not only does ISO 27001 certification help you demonstrate good security practices, thereby improving working relationships and retaining existing clients, but it also gives you a proven marketing edge against your competitors, putting you alongside the likes of Google, Microsoft, and Amazon. Organizations dealing with ISO 27001 certified organizations have a level of confidence in safe operations and the existence of business continuity management. This ensures a secure dealing and security of their data residing in the organization.

Course Objective

To have a comprehensive understanding of the ISO 27001 standard and key processes for the implementation of ISO 27001 in an organization, steps in certification, and attaining the knowledge to become a key implementer

Schedule For Training-

Section 1

  • Introduction to the ISO 27001 standard and the management of an Information Security Management System (ISMS) based on ISO 27001 requirement.
  • Comparison of current ISO 27001 with proposed changes to the standard
  • Explanation of key definitions and terms used in ISO 27001
  • Fundamental principles of Information Security
  • Introduction of Clauses 4-10 and Annexure A controls
  • Preliminary preparedness analysis and determining the level of maturity of the existing management of the Information Security
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2013

Section 2

  • Initiating the ISO 27001 project
  • Definition of roles & responsibilities
  • Drafting of the ISMS policy
  • Defining the scope of the ISMS
  • Drafting the Statement of Applicability (SOA)
  • Risk management methodology, risk assessment & risk treatment under ISO 27001

Section 3

  • Implementing the ISMS based on ISO 27001 standard
  • Preparation of mandatory documentation
  • Design of controls and writing procedures
  • Assessing risk as per ISO 27001 requirement
  • Implementation of controls
  • Development of a training & awareness program and communicating about the significance of the implementation program.
  • Incident Management procedures
  • Operations management of an ISMS

Section 4

  • Internal audit of the controls, policies, and overall status of isms
  • Certification audit of the ISMS according to ISO 27001
  • Performance monitoring and setting of metrics; key performance indicators, and the dashboard
  • Management review of the ISMS
  • Implementation of a continuous improvement program

Final Assessment

  • Q/A session & some case studies
  • Small test (MCQ)
  • Any clarification on the request

Training Dates & Timing:

Sections 1 - 4 will be covered from 22nd – 29th March 2022 from 5:30 PM - 8:30 PM IST

Final Assessment will take place on 30 March 2022 from 10 AM to 11:30 AM IST

Trainer Profiles

Priti Sikdar (EVP, Risk Advisory & Training, Riskpro India)

Priti is an Information security and Data privacy professional with over 25 years of experience in the IT sector. She has vast experience in the implementation of systems to comply with ISO 27001, GDPR, Privacy Shield, and GLBA, conducting ISMS audits, security, and privacy risk assessments as well as SOC 2 audits. Priti has worked for leading firms such as Grant Thornton, KPMG London, and Sharp & Tannan.

Ritu A Thakkar (Vice President- IT Risk Advisory)

17+ years of experience in implementing, training, and audits in ISMS, ISO 27001, 9001, 31000, 22301, SOC 2, ISAE 3402, ERM, ITIL, GDPR, PCI DSS, HIPAA, NIST & COSO, Enterprise Risk Management, ITGC, ITAC, Quality Management, QMS, Lean, QAI, Process Implementation, IT operations, CMMI, Agile and Software Development Lifecycle (SDLC), internal audits,
threat intelligence, data protection, and compliance management.

Latha Sunderkrishnan (Consultant)

Overall 25+ years of experience in the IT field. An Information Security professional with 10+ years of consulting experience in information security. Rich experience in consulting and managing projects for ISO 27001:2013, ISO 22301, PCI DSS, Migration Audit for CBS, CMMI, IT ACT Compliance, Data Privacy, Cyber Security for various international and Indian clients.

Monika M Mankar (SVP IT Risk Advisory, Riskpro, India)

An Information Security Professional having over 25 years of experience in Information Security, Compliance, and IS Audit and Assessments (SOX, HIPPAA, SAS 70, PCI DSS, ISO 27001, Data Privacy). She handled various roles; Practice Lead - Information Security Compliance and Assurance, Information Security Compliance Manager (ISM), ISMS awareness and
training.

Training Takeaway

  • Comparison with proposed changes to ISO 27001
  • A greater understanding of ISO 27001
  • Practicing your internal auditing skills
  • Understanding areas to be audited
  • Understanding techniques/approaches to consider
  • Understanding organization issues when maintaining and auditing framework processes

Training Dates/Duration: 22nd – 30th March 2022

Training Fees Per Person: Rs. 21,000 + GST

To enroll in the training or for any queries, please email monalisa.bhagat@riskpro.in or call 9820170528