The ISO 27001: 2022 course (internal and leader auditor) is designed to train participants in the interpretation, application and audit of the Information Security Management System (SGSI) based on ISO 27001: 2022.
This course prepares students to obtain two international certifications:
INTERNAL AUDITOR ISO 27001 (I27001A)
LEADING ISO 27001 AUDITOR (I27001LA)
The program includes the necessary training for the planning, implementation and evaluation of an SGSI, allowing participants to acquire key skills in information security audit.
Under the practical Learning Method approach, participants will work on laboratories, practical workshops and/or real projects, ensuring the effective application of knowledge acquired in business environments.
At the end of the course, participants will be able to:
- Understand and interpret ISO 27001: 2022, including its scope, requirements and application.
- Implement an Information Security Management System (SGSI) based on ISO 27001.
- Develop internal audits and leading audits, applying audit techniques and tools. Identify and evaluate information security risks, using ISO 27005 for risk management.
- Apply continuous improvement actions in an SGSI, ensuring compliance with international regulations.
Obtain international internal auditor certifications and leading ISO 27001.
To participate in this training, previous knowledge is not required. Is aimed at:
- Presidents of IT, Executive Chiefs, IT/IS Auditors, Professionals in Information Security, Consultants and Ti Managers.
- Students and professionals related to IT services management.
| Certificación internacional ISO 27001:2022 ( Auditor Interno y Lider ) | Applies |
|---|---|
| Certificación internacional ISO 27001:2022 ( Auditor Interno y Lider ) | 18 hours |
Learning Methodology
The learning methodology, regardless of the modality (in-person or remote), is based on the development of workshops or labs that lead to the construction of a project, emulating real activities in a company.
The instructor (live), a professional with extensive experience in work environments related to the topics covered, acts as a workshop leader, guiding students' practice through knowledge transfer processes, applying the concepts of the proposed syllabus to the project.
The methodology seeks that the student does not memorize, but rather understands the concepts and how they are applied in a work environment.
As a result of this work, at the end of the training the student will have gained real experience, will be prepared for work and to pass an interview, a technical test, and/or achieve higher scores on international certification exams.
Conditions to guarantee successful results:
- a. An institution that requires the application of the model through organization, logistics, and strict control over the activities to be carried out by the participants in each training session.
- b. An instructor located anywhere in the world, who has the required in-depth knowledge, expertise, experience, and outstanding values, ensuring a very high-level knowledge transfer.
- c. A committed student, with the space, time, and attention required by the training process, and the willingness to focus on understanding how concepts are applied in a work environment, and not memorizing concepts just to take an exam.
Pre-enrollment
You do not need to pay to pre-enroll. By pre-enrolling, you reserve a spot in the group for this course or program. Our team will contact you to complete your enrollment.
Pre-enroll nowInfinity Payments
Make your payment quickly, safely and reliably
- For bank transfer payments, request the details by email
capacita@aulamatriz.edu.co.
- If you wish to finance your payment through our credit options
(Sufi, Cooperativa Unimos or Fincomercio), click on the following link:
Ver opciones de crédito.
Description
The ISO 27001: 2022 course (internal and leader auditor) is designed to train participants in the interpretation, application and audit of the Information Security Management System (SGSI) based on ISO 27001: 2022.
This course prepares students to obtain two international certifications:
INTERNAL AUDITOR ISO 27001 (I27001A)
LEADING ISO 27001 AUDITOR (I27001LA)
The program includes the necessary training for the planning, implementation and evaluation of an SGSI, allowing participants to acquire key skills in information security audit.
Under the practical Learning Method approach, participants will work on laboratories, practical workshops and/or real projects, ensuring the effective application of knowledge acquired in business environments.
Objectives
At the end of the course, participants will be able to:
- Understand and interpret ISO 27001: 2022, including its scope, requirements and application.
- Implement an Information Security Management System (SGSI) based on ISO 27001.
- Develop internal audits and leading audits, applying audit techniques and tools. Identify and evaluate information security risks, using ISO 27005 for risk management.
- Apply continuous improvement actions in an SGSI, ensuring compliance with international regulations.
Obtain international internal auditor certifications and leading ISO 27001.
To participate in this training, previous knowledge is not required. Is aimed at:
- Presidents of IT, Executive Chiefs, IT/IS Auditors, Professionals in Information Security, Consultants and Ti Managers.
- Students and professionals related to IT services management.
offers
| Certificación internacional ISO 27001:2022 ( Auditor Interno y Lider ) | Applies |
|---|---|
| Certificación internacional ISO 27001:2022 ( Auditor Interno y Lider ) | 18 hours |
Learning Methodology
The learning methodology, regardless of the modality (in-person or remote), is based on the development of workshops or labs that lead to the construction of a project, emulating real activities in a company.
The instructor(live), a professional with extensive experience in work environments related to the topics covered, acts as a workshop leader, guiding students' practice through knowledge transfer processes, applying the concepts of the proposed syllabus to the project.
La metodología persigue que el estudiante "does not memorize", but rather "understands" the concepts and how they are applied in a work environment."
As a result of this work, at the end of the training the student will have gained real experience, will be prepared for work and to pass an interview, a technical test, and/or achieve higher scores on international certification exams.
Conditions to guarantee successful results:
- a. An institution that requires the application of the model through organization, logistics, and strict control over the activities to be carried out by the participants in each training session.
- b. An instructor located anywhere in the world, who has the required in-depth knowledge, expertise, experience, and outstanding values, ensuring a very high-level knowledge transfer.
- c. A committed student, with the space, time, and attention required by the training process, and the willingness to focus on understanding how concepts are applied in a work environment, and not memorizing concepts just to take an exam.
Infinity Payments
Make your payment quickly, safely and reliably
- For bank transfer payments, request the details by email
capacita@aulamatriz.edu.co.
- If you wish to finance your payment through our credit options
(Sufi, Cooperativa Unimos or Fincomercio), click on the following link:
Ver opciones de crédito.
Course Modules
Module I: Introduction and Background
- Introduction - ISMS
- History of the Standard
- ISO/IEC 27001:2022 Structure
- ISO 27000 Family of Standards
Module II: Key Concepts
- What is an ISMS?
- Information and General Principles
- Information Security
- The Management System
- Critical Success Factors of an ISMS
- Benefits of the ISMS Standards Family
Module III: Terms and Definitions
- Phase 2. Design and Implementation of an ISMS
- Design Phases of the ISMS
- Implementation Stages of an ISMS
- Structure of ISO/IEC 27001
- Deming Cycle PDCA and ISMS
Module IV: Context of the Organization
- Understanding the Organization and its Context
- Understanding the Needs and Expectations of Interested Parties
- Organization Priorities for an ISMS
- Determination of the Scope of the Information Security Management System 4.4
- Information Security Management System
Module V: Leadership
- Leadership and Commitment
- Policy
- Roles, Responsibilities, and Authorities in the Organization
Module VI: Planning
- Actions to Address Risks and Opportunities
- Risk Treatment Plan
- Actions to Address Risks and Opportunities
- Structure of the ISO 31000 Risk Management Guidelines
- Information Security Objectives and Planning for Their Achievement
Module VI: Planning
- Actions to Address Risks and Opportunities
- Risk Treatment Plan
- Actions to Address Risks and Opportunities
- Structure of ISO 31000 Risk Management Guidelines
- Information Security Objectives and Planning for Their Achievement
Module VII: Support
- Resources
- Competence
- Awareness
- Communication
- Documented Information
Module VIII: Operation
- Operational Planning and Control
- Assessment of Information Security Risks
- Treatment of Information Security Risks
- Risk Assessment and Treatment
Module IX: Performance Evaluation
- Monitoring, Measurement, Analysis, and Evaluation
- Internal Audit
- Audit
- Management Review
Module X: Improvement
- Non-Conformity and Corrective Actions
- Continuous Improvement
Module XI: Annex A: Regulatory
- Annex A: Domains
- Annex A: Clauses, Objectives, and Controls
- Organizational Controls
- People Controls
- Physical Controls
- Technological Controls
Module XII: Workshop - Phase 3
- Information Security Risk Management Based on ISO 27005
- Risk Management ISMS
- Why Perform Risk Management?
- Risk Management Process Based on ISO-IEC 27005
- Establishing the Context
- Identification of Assets
- Classification of Assets
- Threat
- Threat Profile
- Information Threats
- Vulnerability
- ISMS Risk Management: Workshop
- Is Risk = Uncertainty?
- Risk Management Cycle
- Risk Management ISMS
- Phase 4. Internal Audits with Emphasis on Leader Auditor Competencies
- Structure of ISO 19011:2018 Scope ISO 19011:2018
- Scope ISO 19011:2018
- Audit - Types of Audit
- Audit Criteria
- Audit Evidence
- Audit Results
- Audit Conclusions
- Audit Client
- Auditee
- Audit Team
- Technical Expert
- Observer
- Guide
- Audit Program
- Scope of the Audit Audit Plan
- Conformity
- Non-Conformity
- Audit Tests
- Audit Methods
- Clause 4: Audit Principles
- Clause 5: Audit Program
- Clause 6: Audit Activities
- Clause 7: Competence and Evaluation of Auditors Methods for Evaluating Auditors
- Clause 7: Personal Attributes
- Clause 7: Generic Knowledge and Skills
- Establishing Audit Program Objectives
- Determination and Evaluation of Risks and Opportunities of the Audit Program
- Establishing the Audit Program
- Competence of the Individual(s) Managing the Audit Program
- Establishing the Scope of the Audit Program
- Determining the Resources of the Audit Program
- Implementation of the Audit Program
- Definition of Objectives, Scope, and Criteria for an Individual Audit
- Selection and Determination of Audit Methods
- Selection of Audit Team Members
- Opening Meeting - Review of Documentation in the Audit
- Communication During the Audit
- Methods for Collecting Information
- The Interview - Key Auditor Questions and Types of Questions
- Executing the Audit - Conducting Interviews
- Time Management
- Handling Difficult Situations
- Audit Results
- Most Common Non-Conformities
- Drafting Non-Conformities
- Non-Conformity Drafting Formula
- Audit Conclusions
- Audit Report and Closing Meeting
- Preparation and Distribution of the Audit Report
- Conducting Audit Follow-Up
- Follow-Up Audits