hr en

Training for internal auditors in accordance with the ISO 27001:2013 standard


Intended for

This seminar is intended for people who work on the introduction of information security according to ISO 27001/27002: 2013 and / or persons who will participate in internal audits of the established system. 

Knowledge about ISO 27001/27002: 2013 is not a prerequisite for participation.


Goals

Familiarize participants with the information security system based on ISO 27001/27002: 2013. Train students for the planning, organization and implementation of internal audits and identification of non-compliance and to make proposals for corrective and preventive actions.


Content

Introduction to Information Security Management 

PDCA model in the processes of information security management 

Key concepts in the management of information security 

Understanding the requirements of ISO 27001:2013:

  • Requirement group 4: Organization context
  • Requirement group 5: Leadership
  • Requirement group 6: Planning
  • Requirement group 7: Support
  • Requirement group 8: Operations
  • Requirement group 9: Evaluating performance
  • Requirement group 10: Improvements

Understanding the requirements of Annex A - ISO 27002:2013 

  • A.5: Information security policy
  • A.6: Information security organization
  • A.7: Human resources safety
  • A.8: Asset management
  • A.9: Access control
  • A.10: Cryptography
  • A.11: Physical and environmental security
  • A.12: Operational safety
  • A.13: Communications safety
  • A.14: Nabava, razvoj i održavanje sustava
  • A.15: Odnos s dobavljačima
  • A.16: Upravljanje incidentima informacijske sigurnosti
  • A.17: Aspekti informacijske sigurnosti kontinuiteta poslovanja
  • A.18: Sukladnost

Audit types

Planning ISMS internal audits

Creating an internal audit plan

Preparing an audit checklist

Implementation of internal audits

Writing an audit report

Writing a non-compliance report

A large number of case studies with active work for the attendants

Internal auditor exam


Work methods

  • The seminar lasts 3 days
  • Theoretical and practical work with exercises
  • Exam after the seminar is finished



Certificate

All attendants that pass the intern auditor exam receive the certificate: ISO 27001:2013 internal auditor of an information security system.

Everyone else receives the participation certificate.


Lecturer

Prof.dr.sc. Zdravko Krakar and dr.sc. Silvana Tomić Rotim, Lead Auditor, CISA


Price

3.450,00 kn + VAT

The price includes: a collection of slides and work materials for the lecture and exercises, internal auditor certificate (in case of a successfully passed exam), lunch and refreshments during breaks.


Contact

ZIH d.o.o., tel: 01/4855-271, 4855-273; fax: 01/4855-272; e-mail: zih@zih.hr


Applying

By sending a filled out application.


Application form