This three-day course is designed for professionals within an organisation with responsibility for auditing an information security management system (ISMS) or best practice in security controls.

The course would also benefit external consultants seeking to support the auditing activity of an information security system within client organisations. The course will not only cover the accepted principles of auditing, but will give participants a detailed understanding of audit methodology, including audit preparation, managing an audit team, determining compliance with the standard, interview technique, following audit trails and documenting evidence.

Delegates will participate in workshops and case-studies to develop their auditing technique, and will learn how to handle some of the more challenging situations an auditor may face. The course has been designed in keeping with international standards on auditing technique, including ISO 19011. The course will also familiarise participants on the challenges of auditing ISO 27001 and will cover all sections of the standard in detail, with tips on how to audit individual clauses, including risk assessments, business continuity and achieving continual improvement.