ISO 27701 Lead Auditor Training Course Outline
Module 1: Introduction to ISO 27701
- Introduction
- Scope
- Normative References
- Terms, Definitions, and Abbreviations
Module 2: General
- Structure of this Document
- Application of ISO/IEC 27001:2013 Requirements
- Application of ISO/IEC 27002:2013 Guidelines
- Customer
Module 3: Information Management
- What is Information Management?
- Importance of Information Management
- Areas of Information Management
- Challenges Involved in Information Management
Module 4: PIMS-Specific Requirements Related to ISO/IEC 27001
- General
- Context of the Organisation
- Leadership
- Planning
- Support
- Operation
- Performance Evaluation
- Improvement
Module 5: PIMS-Specific Guidance Related to ISO/IEC 27002
- General
- Information Security Policies
- Organisation of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptography
- Physical and Environmental Security
- Operations Security
- Communications Security
- Systems Acquisition, Development, and Maintenance
- Supplier Relationships
- Information Security Incident Management
- Information Security Aspects of Business Continuity Management
- Compliance
Module 6: Personally, Identifiable Information (PII)
- What is Personally Identifiable Information (PII)?
- Compliance Environment
- PII Security Controls
- Sensitive Vs Non-Sensitive PII
- Safeguarding PII
- PII Vs Personal Data
Module 7: Introduction to Internal Auditing
- What is Internal Audit?
- Who is an Internal Auditor?
- Types of Internal Audit
- Internal Audit Functions
- Internal Vs External Audit
Module 8: Information System Audit
- Need for Information System Audit
- Information System Auditing Standards
- Auditing Guidelines
Module 9: Audit Preparation and Planning
- Audit Scope and Charter
- Audit Planning
- Risk-Based Approach
- Audit Staffing
- Audit Schedule
- Communication of Audit Plan
- Computer-Assisted Auditing Techniques
Module 10: Information Security Risk Assessment
- Introduction to Risk Management
- Why Perform an Information Security Risk Assessment?
- Principles of Risk Assessment
- Risk Assessment Process
- Quantitative Vs Qualitative Security Risk Assessment Methods
Module 11: Additional ISO/IEC 27002 Guidance for PII Controllers and Processors
- General
- Conditions for Collection and Processing
- Obligations to PII Principals
- Privacy by Design and Privacy by Default
- PII Sharing, Transfer, and Disclosure
Module 12: Implementation of Information Management System
- Steps for Successful Systems Implementation
- Considerations When Implementing an Information Management System
- Potential Pitfalls of New IT System Implementation
Module 13: Implementing ISO 27701
- Requirements of ISO 27701
- Why Implementing ISO 27701:2019 Matters?
- Managing Personal Information with ISO/IEC 27701
- Common Fallacies in Implementing ISO 27701
- Maintenance and Continuous Improvement
Module 14: Correlation Between ISO/IEC 27701, ISO/IEC 27001, and ISO/IEC 27002
- Relationship Between ISO/IEC 27701, ISO/IEC 27001, and ISO/IEC 27002
- How Does ISO 27701 Relate to ISO 27001?
- Implement Security Controls
- Be Compliant with the GDPR, ISO 27001, and ISO 27002
Module 15: PII Compliance
- What is PII Compliance?
- PII Data Classification
- PII Compliance Checklist
- Identify and Classify PII
- Create a PII Compliance Policy
- Implement Data Security Tools
- Practice IAM
- Monitor and Respond
Module 16: Logging and Monitoring
- Event Logging
- Event Types
- Log Protection
- Log Analysis
- Log Monitoring
- Clock Sychronisation
- Control
- Implementation Guidance
- Other Information
Module 17: Lead Auditor
- Introduction to Lead Auditor
- Responsibilities of Lead Auditor
- Management Tools for ISO Auditors
- Protecting PII
Module 18: On-Site Audit Activities
- Opening Meeting
- Document Review
- Detailed Site Inspection
- Staff Interview
- Review Audit Evidence
- Closing Meeting
Module 19: Conducting an Audit
- Audit Methodology
- Pre-Audit Activities
- Information System Audit Process
- Documenting Observations and Findings
Module 20: Follow-Up Activities
- Usage of Audit Reports
- Reporting of Information System Audit Report
- Follow Up Audit Procedure