ISO/IEC 27001:2022 Awareness & Internal Audit
| Location | : Arrowhead Consulting |
| Date | : 1-2 August 2024 |
| Duration | : 2 Days |
| Investment | : IDR. 4,000,000 / person |
Objective
To provide delegates with a thorough understanding of:
- The requirements and implementation methodology of ISO/IEC 27001
- Identify corrective action, verify of findings and identify areas for improvement
Course Description
- Background ISO/IEC 27001
- Information Security Management Manual and Scope
- Policy and Objective
- Roles, Responsibility and Authority
- Risk Assessment and Risk Treatment
- Statement of Applicability (SoA)
- Risk Treatment Plan and Report
- Inventory of Assets
- Acceptable use of Assets and Access Control Policy
- Operation Procedures for IT Management
- Secure System Engineering Principles
- Supplier Security Policy
- Incident Management Procedures
- Business Continuity Procedures
- Legal, Regulatory and Contractual Requirements
- Training and Competence
- Corrective Action
- Documented Information
- Mobile Device, Teleworking, Password, Information classification Policy
- Disposal and Destruction
- Change Management
- Clear Desk, Clear Screen and Back Up Policy
- Audit Principle
- Duties, Responsibilities and Personality of Auditor
- Auditor Qualification
- Process Analysis Tools & Audit Planning
- Method & Scope of Audit
- Preparation of Audit and Audit Checklist
- Workshop to Develop Checklist Audit
- Conducting the Audit, Interview and Communication
- Type of Question or Statement
- Opening & Closing Meeting
- Interview Process
- Objective Evidence
- Sampling Method
- Audit Reporting
- Major, Minor, Observation and Opportunities for Improvement Finding
- Corrective Action & Verification
- Case Study & Examination
