Mastering the audit of an Information Security Management System (ISMS) based on ISO/IEC 27001
About the Course
This ﬁve-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proﬁciently plan and perform internal and external audits in compliance with ISO 19011 the certiﬁcation process according to ISO 1702. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conﬂict resolution, etc.) necessary to eﬃciently conduct an audit.
WHO SHOULD ATTEND?
Auditors wanting to perform and lead Information Security Management System (ISMS) certiﬁcation audits
Project managers or consultants wanting to master the Information Security Management System audit process
CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
Members of an information security team
Expert advisors in information technology
Technical experts wanting to prepare for an Information security audit function
To acquire the expertise to perform an ISO 27001 internal audit following ISO 19011 guidelines
To acquire the expertise to perform an ISO 27001 certiﬁcation audit following ISO 19011 guidelines and the speciﬁcations of ISO 17021 and ISO 27006
To acquire the necessary expertise to manage an ISMS audit team
To understand the operation of an ISO 27001 conformant information security management system
To understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of diﬀerent stakeholders of the organization
To improve the ability to analyze the internal and external environment of an organization, its risk assessment and audit decision-making
Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001
Normative, regulatory and legal framework related to information security
Fundamental principles of information security ISO 27001 certiﬁcation process
Information Security Management System (ISMS)
Detailed presentation of the clauses 4 to 8 of ISO27001
Day 4: Concluding and ensuring the follow-up of an ISO 27001 audit Audit documentation
Conducting a closing meeting and conclusion of an
ISO 27001 audit
Evaluation of corrective action plans
ISO 27001 Surveillance audit
Internal audit management program
Day 5: Certiﬁcation Exam
CERTIFICATE: ISO/IEC 27001 LEAD IMPLEMENTER EXAM
The “Certiﬁed ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certiﬁcation Programme (ECP). The exam covers the following competence domains:
Domain 1: Fundamental principles and concepts of information security
Domain 2: Information Security Management System (ISMS)
Domain 3: Fundamental audit concepts and principles
Domain 4: Preparation of an ISO 27001 audit
Domain 5: Conducting an ISO 27001 audit
Domain 6: Closing an ISO 27001 audit
Domain 7: Managing an ISO 27001 audit program The “Certiﬁed ISO/IEC 27001 Lead Auditor” exam is available in diﬀerent languages (the complete list of languages can be found in the examination application form).
Duration: 3 hours.
After successfully completing the exam, participants can apply for the credentials of Certiﬁed ISO/IEC 27001 Provisional Auditor, Certiﬁed ISO/IEC 27001 Auditor or Certiﬁed ISO/IEC 27001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors. A certiﬁcate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. For more information about ISO 27001 certiﬁcations and PECB certiﬁcation process, refer to PECB section on ISO 27001 Lead Auditor.
ISO 27001 Foundation Certiﬁcation or basic knowledge of ISO 27001 is recommended.
Great understanding of infrastructure services, suppliers & especially value creation and customer satisfaction. Trainer has an expert knowledge and he delivered knowledge in effective way.
Shahbaz Ali Imran – Integration and Support Engineer ((CONCURRENT SYSTEM)
The overall course was very effective. It gave the clear understanding of policies should be followed in order to have better customer satisfaction and values. The trainer was so cooperative, the way of communication delivering course contents was very effective and efficient.
Ali Ahmed – Support & Integration Engineer (CONCURRENT SYSTEM)
Good, effective and useful for our day to day activities. Trainer delivery training smart, efficient and extremely professionally.
Muhammad Abdullah – Support and Integration Engineer (CONCURRENT SYSTEM)
Afzaal Mehdi – Telecommunication Technician (UNMOGIP)
Excellent course delivered by PRAGO’s Trainer.
Amir Rashid – Inventry & Supply Assistant (UNMOGIP)
Excellent Training, Examples provided are easy to understand.
Pichct Chartsakulkanajarn – Customer Support (UNMOGIP)
The respected instructor is genuinaly a professional and master in delivering the knowledge.
Qazi saif-ur-Rehman – IT Assistant (UNMOGIP)
A very useful and can enhance/Improve our organizations’s operations. Thank you!
Noel Buscaino – IT Assistant (UNMOGIP)
Very professional Training and the Trainer is highly qualified. Well done & Keep it up!
Tala Tolo – Network Supervisor (UNMOGIP)
ITIL 4 Foundation course will certainly help me in effectively implementing IT Service Management policies with in our organization. It is always a pleasure and enriching learning experience with PRAGO. Mr. Muhammad Ali’s style of delivering the course is truly commendable and it helps the participants to grasp the concepts with much ease.
Mariam Raza, Senior Manager IT Process, Performance & Service Management (IT Governance) | Bank Al Habib
Everything was good specially the course content and the Trainer, he has excellent grip on the topics and excellent way of communication.
Mohsin Iqbal Khan, Senior Manager IT | Bank Al Habib
Good style of teaching and very good training session indeed.
S. Asim Hasan Zaidi, Senior Manager | Bank Al Habib
Very comprehensive in approach and guidance. Very helpful and cooperative.
Haris Lateef, Manager IT | Bank Al Habib
Overall training was excellent. Mr. Muhammad Ali lead the session interactively and make us understand each point. Simply the Best instructor from PRAGO.
Hunain Khanani, Manager IT | Bank Al Habib
Trainer is good and knowledge full.
Muzammil Ayub, Manager | Bank Al Habib
Instructor have good knowledge relates to this course and I had a great time to learn ITIL 4. Ut will help us to build good strategies to implement in the banking environment.
Muhammad Arsalan Khan, OG2 | Bank Al Habib
Instructor have good knowledge and I have found a great time in ITIL training.
Hassan Rizvi, OG2 | Bank Al Habib
As per my understanding, Trainer has an in-depth knowledge, explaining all queries in simple and easy way. Always welcome the questions and encourage participants to ask questions.
Mudassir Ahmed, Assistant Manager | Bank Al Habib
Trainer transformed great knowledge and sharpen our skills.
Ather Zaidi, OG2 | Bank Al Habib
Trainer was well prepared and way of teaching was very effective and he involved everyone in all exercises and activities so that they can participate, share their views and learn effectively. I am very much satisfied and I would like to have more training from him.
Syed Muhammad Raza, Manager - IT Governance | Bank Al Habib
Excellent knowledge, exposure and way of transferring the knowledge
Muhammad Raheel Khan, Senior Manager - Bank Al Habib
Sir Ali is an Excellent Trainer with great knowledge.
S. Ather Abbas, Chief Manager, Bank Al Habib
I attended ITIL4 foundation training from PRAGO in June 2019. The instructor Mr. Ali was well prepared for the training. His skill and knowledge about ITIL 4 was excellent. I would recommend others to attend this training from PRAGO.
Muhammad Tariq, Manager Information System -FFC
I have a wonderful Training Experience with PRAGO. Trainer’s teaching method is demonstrating & Interactive.
Neelam Nasir, Assistant Manager - CPEC Center (Ministry of Planning & Development
The trainer was very experienced and easy to understand. Learnt a lot of things and enjoyed the course.
Fiza Minal Mazhar, Partnership Development Assistant - UNOPS
I really recommend PRAGO for Prince2 courses. The trainer was very knowledgeable and down to earth, I felt extremely comfortable and took everything in at a steady pace.
Shumaila khan, Research Officer - EAD
The training provided was of a very high standard. The information and facilities were great
Ayesha Javed, Section Officer - Ministry of Planning,Development & Reform
“Very good course clearly presented and explained. A good grounding in Service Management concepts.”
Israr Ahmed, Sr. Exective IT - FFC
Very flexible training regime to a highly accepted certification in the industry.
Muhammad Asghar, IT Services Delivery Manager - Save the Children
The trainer enthusiasm towards this objective is very motivational i wish him best of luck for the further
Shaabaz Sheraz, - TERA DATA
“I’m very happy with the course, as it was well conducted and delivered by a very knowledgeable trainer.
Semra Sheikh, SDM - TERA DATA
The training was very informative and explains the service life cycle well. highly recommended to others
Saad Butt, Delivery Consultant - GDC Pakistan
Very good course clearly presented and explained very well
Fahad Shakeel, P.S Consultant - TERA DATA
It was well organized training and instructor had a great knowledgeable and very helpful
Afzal Baig, P.S Consultant - TERA DATA
“ The trainer was extremely professional and infused the course with pertinent and valuable real-world examples”
Syed Muhammad Mujtaba Tirmazi, Consultant - TERA DATA
The course was good and the trainer made the course interesting and enjoyable
Ali Bin Shahid, Service Desk Manager - TERA DATA
I was very impressed with the constant level of energy that trainer put into his teaching and the real life examples. Thoroughly enjoyed my time on this course expectation was exceeded by the course
Malik Hanif Shabir, Service Desk Manager - TERA DATA
The trainer tailored the material to meet the needs of students with varying skills and abilities. I found that PRAGO has successful programs to accommodate people who are just starting out and up skill those looking to get ahead.
Sheraz Arshad, Associate Practice Manager - TERA DATA
Competent and have though knowledge on subject matter.
Asim Ahmed, Senior System Admin-Pakistan Petroleum Limited
Good teaching style and effective techniques..
M.Rehan Qureshi, CBS-Pakistan Petroleum Limited
Always ready to take question, confident, kept the audience active 🙂
Really impressed by the PRAGO arrangements, trainer delivered PRINCE2 training very professionally, he engaged the participants very well. We all liked the way quizzes were planed after every module. Strongly recommend PRAGO.
Good facilitation skills with excellent knowledge about PRINCE2, very effectively delivered with good teaching methodology.
Aamir B. Malik, Director Projects - RAPID FUND
Trainer has good command and grip on the contents and he effectively deliver this session more than expectation. Further, he provided enough time to participants to ask question and provided satisfactory responses to them. He manage the time in well manner.
Shahid Mahmood, Program Manager- Concern Worldwide
Its is good and informative course, trainer seems well up in heath and safety knowledge.
Lt Col Habib Gul (Retd) Mari Petroleum
That was a wonderful experience and i really enjoyed the training session.That was in a friendly environment and all the arrangements were excellent.
Nouman Tariq, Sr. Engineer-Multinet Pakistan
I have never been trained in such a friendly and cohesive environment and Prago team provided the right form of support required for me to qualify PRINCE2 practitioner exam.
Ahad Nazir,PMP, Consultant- Economic Growth Unit (EGU)
I learned alot from this training, trainer was very well prepared and helped alot in understanding topics from basic to intermediate level, i highly recommend others. Executive
Wajahat Amjad, IT Executive - Nestle
This course is very much relevant to my job, and would help me to carry out my daily tasks in effective way. Trainer delivered this session in a very effective way which is greatly appreciated.
Anam Javaid, Service Desk - Nestle Pakistan
The course was an excellent opportunity to review & discuss each of the knowledge areas. Ali shows a genuine interest in the groups success & really makes an effort for the team. I am very happy to have Ali as a facilitator & a subject matter expert. Excellent PRAGO.
Imran Saeed, Deputy Director - SECP
The course contents and training delivery was excellent and useful for both my current position and my future plans. I chose the right course and thanks to PRAGO for the assistance and guidance.
Zahid Hussain, Joint Director IT - SECP
very helpful in understanding the ITIL framework and trainer was very helpful and had good grip of the subject
Aamir Waheed, Director IT - SECP
Great course! Excellent materials and presentations. I can take what I learned and start applying ‘best practices’ directly to my current organization.
Sagheer Abbas – Oxfam Novib, IT Officer
It was an excellent course and it will contribute a lot towards our professional growth.
M. Sajid, Risk Automation - ABL
The training has been excellent in all respect. Thank You!
Mian Usman, Planning & Control - SAGEMCOM
My training experience with PRAGO has been thoroughly professional and the trainer was well experienced.
Muhammad Noman, AVP IT - ZTBL
I gained a lot of knowledge in this session. I am now able to apply the learning at my workplace. The training program has made me more employable.
Khalid usman, HR Head
The best part of the training was that trainer customized training in a manner that helped us to understand the subject in detail.
M Jawad, IT Operations Manager
The training was very well organized. With the case study approach, I was able to understand the concept with clarity.
Awan Ahmed, Manager service desk
The trainer has an excellent command over the subject and has very good method of teaching. He is outstanding. He answered all the questions. It was the best among all the trainings I attended
Jameel ahmed, Director operations
The training was very well organized. With the case study approach, I was able to understand the concept with clarity.
Fahim Ullah Baig, CS Manager North
It was very informative and was a wonderful opportunity to know the process of ITIL. After attending the course, I now understand the importance of the ITIL process.
Ali Maken, Wi-Tribe
ITIL® – The trainer was excellent and helped in understanding the details very well. Training was handled effectively. I will personally recommend PRAGO to all professionals. 24 Dec,2015
Sohail Kanwar – MULTILYNX, IT Networks
The training material is very good and exhaustive. The trainer has great knowledge on the course and on practical examples as well. The course shall be of great help for preparing for the exam. Excellent trainer for this course
Nadir Zaidi, Manager PM
Training was very useful, content of the training material was great and very good explanation & presentation by the trainer.
Malik Etisham, Business analyst
ITIL® Practitioner Certification
PRAGO helps organizations form, execute, and thrive
To take the ITIL Practitioner exam, individuals must hold an existing ITIL Foundation certificate.
ITIL Practitioner is not a prerequisite for the ITIL Intermediate Level qualifications.
ITIL Practitioner is worth three credits towards the ITIL Expert qualification.
The examination is open book and made up of multiple choice questions based on a scenario.
ITIL®, PRINCE2®, PRINCE2 Agile® and MSP® are registered trademarks of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. The Swirl logo™ is a trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. All online courses are offered with the partnership of IT Training Zone Ltd. PMBOK is a registered mark of the Project Management Institute, Inc. PMP is a registered mark of the Project Management Institute, Inc. PMI is a registered mark of the Project Management Institute, Inc. The PMI Registered Education Provider logo is a registered mark of the Project Management Institute, Inc.