hr en

Training for internal auditors in accordance with the ISO 27001:2013 standard

Intended for

This seminar is intended for people who work on the introduction of information security according to ISO 27001/27002: 2013 and / or persons who will participate in internal audits of the established system. 

Knowledge about ISO 27001/27002: 2013 is not a prerequisite for participation.


Familiarize participants with the information security system based on ISO 27001/27002: 2013. Train students for the planning, organization and implementation of internal audits and identification of non-compliance and to make proposals for corrective and preventive actions.


Introduction to Information Security Management 

PDCA model in the processes of information security management 

Key concepts in the management of information security 

Understanding the requirements of ISO 27001:2013:

  • Requirement group 4: Organization context
  • Requirement group 5: Leadership
  • Requirement group 6: Planning
  • Requirement group 7: Support
  • Requirement group 8: Operations
  • Requirement group 9: Evaluating performance
  • Requirement group 10: Improvements

Understanding the requirements of Annex A - ISO 27002:2013 

  • A.5: Information security policy
  • A.6: Information security organization
  • A.7: Human resources safety
  • A.8: Asset management
  • A.9: Access control
  • A.10: Cryptography
  • A.11: Physical and environmental security
  • A.12: Operational safety
  • A.13: Communications safety
  • A.14: Nabava, razvoj i održavanje sustava
  • A.15: Odnos s dobavljačima
  • A.16: Upravljanje incidentima informacijske sigurnosti
  • A.17: Aspekti informacijske sigurnosti kontinuiteta poslovanja
  • A.18: Sukladnost

Audit types

Planning ISMS internal audits

Creating an internal audit plan

Preparing an audit checklist

Implementation of internal audits

Writing an audit report

Writing a non-compliance report

A large number of case studies with active work for the attendants

Internal auditor exam

Work methods

  • The seminar lasts 3 days
  • Theoretical and practical work with exercises
  • Exam after the seminar is finished


All attendants that pass the intern auditor exam receive the certificate: ISO 27001:2013 internal auditor of an information security system.

Everyone else receives the participation certificate.

Lecturer Zdravko Krakar and Silvana Tomić Rotim, Lead Auditor, CISA


3.450,00 kn + VAT

The price includes: a collection of slides and work materials for the lecture and exercises, internal auditor certificate (in case of a successfully passed exam), lunch and refreshments during breaks.


ZIH d.o.o., tel: 01/4855-271, 4855-273; fax: 01/4855-272; e-mail:


By sending a filled out application.

Application form