Training for an internal auditor according to the ISO/IEC 27001 standard
Internal Auditor ISO/IEC 27001 – an intensive training based on the practical aspects and responsibilities arising from the PN-ISO/IEC 27001 standard (Information Security Management Systems specification) and PN-EN ISO 19011 (guidelines for auditing management systems).
About the training
Practical approach to information security management according to the ISO/IEC 27001 standard
During the training, participants will learn how to verify and assess whether the measures taken in the area of information protection are properly managed and supervised, and whether the intended results are being achieved. The skills gained during the training enable participants to independently conduct audits within an organization. The requirements of the PN-ISO/IEC 27001 standard (Information Security Management Systems specification) and PN-EN ISO 19011 (guidelines for auditing management systems) are also presented. Based on practical exercises, participants are shown how to plan and conduct internal audits.
The training is delivered in the form of lectures and workshops, ensuring an effective translation of the participants’ new knowledge and skills into practical actions. From a content perspective, particular attention is paid not only to delivering theoretical knowledge but, most importantly, to providing effective, practical methods and techniques, valuable experiences, and best practices that participants can use immediately after the training.
The offered training scope is divided into two stages, which we present below.
Training objective
- The ability to plan and conduct an information security audit in accordance with the applicable regulations.
- The ability to document and prepare an audit report, including the ability to formulate corrective actions.
- The ability to identify non-conformities and effectively highlight them.
Target audience of the training
The training is intended for individuals responsible for information security within an organization, employed at all organizational levels, with particular emphasis on current and future internal auditors according to ISO/IEC 27001.
Language of the training
The training is conducted in Polish.
There is the possibility of organizing the training in English.
Training methodology
Achieving the proper training outcomes is possible thanks to selecting the right topics and training methods tailored to the participants’ needs and the subject matter of the training. Below, we present the methods and techniques we use:
LECTURE
We deliver knowledge to the participants using dedicated teaching aids, such as multimedia presentations. This is the foundational part of the training, during which we introduce the topic, discuss key concepts, and describe roles, processes, procedures, etc.
PRACTICAL EXAMPLES
As practitioners, we base the training program on real-life events related to specific problems. We assist participants in independently reaching conclusions or solutions. Our training is strongly focused on practice and skill development.
DISCUSSION
Participants express their opinions and exchange experiences. A well-structured discussion topic, thanks to the clash of at least two arguments, usually generates strong emotional engagement. The discussion allows for the development of a common solution or prepares arguments regarding the given topic.
BRAINSTORMING
In a short time, we generate many ideas and solutions for specific problems and situations. We engage participants, stimulate their thinking, and encourage creativity.
EXERCISES
Practical tasks related to the training subject, e.g., creating a process, conducting a case study, etc. This complements the lecture and practical examples effectively.
TESTS
We verify the participant’s level of knowledge and skills. We identify competency gaps and plan the education process accordingly to improve the participant’s skills. Depending on the type of training, this may be done using various tools, such as knowledge tests and practical tasks.
SIMULATIONS
These provide an excellent representation of reality, where participants actively engage and experience the consequences of their actions.
SUMMARY
After completing each topic, we summarize the material discussed. This is done by the trainer and allows for a recap of the most important issues related to the topic while giving participants the chance to verify their understanding.
Trainer
Izabela Selwestruk
A graduate of Economics from the University of Białystok and postgraduate studies: Information Systems Auditor at the Polish Academy of Sciences in Warsaw and Computer Science at the Białystok University of Technology. An expert in the field of institutional control in government administration, information security, and risk management. She has over 18 years of experience in government administration (including managerial positions) in areas such as conducting control proceedings, conducting IT audits, and organizing training on control methodology, auditing, and risk analysis. She participated in the implementation of the information security management system. During her time in government administration, through her persistent work, she was appointed as a civil service officer. Currently, she works at PBSG as a consultant for ISMS, KSC, and business continuity. Her professional interests are currently focused on information security, including cybersecurity. In her personal life, she loves motorcycle riding and participating in ultra races, including mountain races. She has participated in half-marathons, marathons, and 50 km races. She plans to compete in 100 km and 150 km races. Her dream is to participate in the UTMB (Ultra-Trail du Mont-Blanc) race.
Training program
Day 1
9.00-16.00
- Welcome to the participants
- Introduction to information security
- Information security standards
Requirements of the PN-ISO/IEC 27001 standard - Break
- Requirements of the PN-ISO/IEC 27001 standard
- The auditing process
- Questions
Day 2
9.00-16.00
- Workshop Part I
- Audit steps and planning
- Opening meeting
- Checklists
- Identification and description of findings
- Workshop Part II
- Audit scenarios
- Interpersonal skills
- Break
- Workshop Part III
- Identification of non-conformities
- Workshop Part IV
- Closing audit meeting
- Outline of the final report and post-audit actions
- Summary
Training price
Price per participant: 3,450 PLN (net)
Conditions of participation
The training price covers the service of participation in a two-day training for one participant.
The price includes training materials, a certificate, coffee breaks, and lunch during the training. Accommodation is not included.
Payment will be made based on a correctly issued VAT invoice within 14 days from the invoice date, to the bank account provided by the organizer on the invoice.
Confirmation of registration will be sent to the email address provided in the registration form.
The organizer reserves the right to cancel the course. In case of cancellation by the organizer, participants will receive a full refund of the course fee. A written withdrawal of registration at least 10 working days before the course start date will incur a fee of 30% of the training price. A written cancellation made less than 10 working days before the course start date will incur a fee of 100% of the training price.
The training price listed in the training schedules is net and should be increased by the applicable VAT rate.
The person/organization submitting the registration authorizes PBSG SA, located at Szyperska 14, Poznań, to process the personal data provided for the purpose of fulfilling the order.
Certificates of participation will be sent to the participants after meeting the condition of at least 70% correct answers during the knowledge test and after payment has been settled.
To participate in the training, the registration form must be filled out.
Submitting the registration means acceptance of the participation conditions and consent to the processing of personal data by PBSG SA for the purpose of fulfilling the order, as well as for promotion and marketing of the activities conducted by PBSG SA.
Organizational information
- Quality of training
The training is conducted in accordance with the Training Services Quality Standards Manual.
Registration for the in-person training
Fill out this form if you want to participate in the in-person training. If you’re interested in online participation, please sign up here: Online Training Registration Form.
Submitting the registration means you accept the terms and conditions of participation.
Training program
Day 1
9.00-16.00
- Welcome to the participants
- Introduction to information security
- Information security standards
- Requirements of the PN-ISO/IEC 27001 standard
- Break
- Requirements of the PN-ISO/IEC 27001 standard
- The auditing process
- Questions
Day 2
9.00-16.00
- Workshop Part I
- Audit steps and planning
- Opening meeting
- Checklists
- Identification and description of findings
- Workshop Part II
- Audit scenarios
- Interpersonal skills
- Break
- Workshop Part III
- Identification of non-conformities
- Workshop Part IV
- Closing audit meeting
- Outline of the final report and post-audit actions
- Summary
Training price
Price per participant: 2,150 PLN (net)
Conditions of participation
The price of the training covers the service, which grants the right to participate in a two-day training session for one participant.
The price includes training materials and a certificate.
Payment will be made based on a correctly issued VAT invoice within 14 days from the invoice date, to the bank account provided by the organizer on the invoice.
Registration acceptance will be confirmed by email to the address provided in the registration form.
The organizer reserves the right to cancel the course. In case of cancellation by the organizer, participants will receive a full refund of the course fee. Written withdrawal of registration at least 10 business days before the course start date will incur a 30% cancellation fee. Written cancellation made less than 10 business days before the course start date will incur a 100% cancellation fee.
The price of the training listed in the training schedules is net and must be increased by the applicable VAT rate.
The person/organization registering participation in the training authorizes, by expressing this consent, PBSG SA, located at Szyperska 14, Poznań, to process the provided personal data for the purpose of fulfilling the order.
Certificates of participation will be sent to training participants upon meeting the conditions of at least 70% correct answers on the knowledge test and after payment is settled.
To participate in the training, the registration form must be filled out.
Submitting the registration means acceptance of the participation conditions and consent to the processing of personal data by PBSG SA for the purpose of fulfilling the order, as well as for promotion and marketing of PBSG SA’s activities.
Organizational information
Participants in online training will receive access to the training platform. On the training day, you must log in to the platform. The training will begin at the designated time. During the session, the screen will be divided into three parts: presentation, trainer, and chat. Communication during the training will take place via chat.
Technical Requirements:
-
Hardware Requirements: A computer with internet access, a minimum 1.6 GHz processor, and at least 4GB of RAM.
-
Browser: The latest version of Chrome, Mozilla Firefox, or Safari is recommended.
Quality of Training:
The training is conducted in accordance with the Training Services Quality Standards Manual.
Online training registration
Fill out this form if you want to participate in the online training. If you’re interested in in-person participation, please sign up here: Offline Training Registration Form.
Submitting the registration means you accept the terms and conditions of participation.
Dedicated exclusively to your organization – this approach guarantees comfort and freedom to discuss in detail specific issues and situations within your organization. We know that every business is different, so to effectively translate the acquired knowledge into your organization’s context, we adapt the examples presented to your specific needs and business situation.
Training program
Day 1
9.00-16.00
- Welcome to participants
- Introduction to Information Security
- Information Security Standards
- Requirements of the PN-ISO/IEC 27001 Standard
- Break
- Requirements of the PN-ISO/IEC 27001 Standard
- Auditing Process
- Questions
Day 2
9.00-16.00
- Workshop Part I
- Steps and Planning of the Audit
- Opening Meeting
- Checklists
- Identification and Description of Observations
- Workshop Part II
- Audit Scenarios
- Interpersonal Skills
- Break
- Workshop Part III
- Identification of Non-Conformities
- Workshop Part IV
- Closing Audit Meeting
- Outline of Final Report and Post-Audit Actions
- Summary
How does it work?
Step 1
REGISTRATION
In the first step, fill out the registration form to express your interest in organizing a dedicated training for your company.
Step 2
DATE
We will set the date and location of the training – we will adjust to your availability and individual expectations.
Step 3
PRICE
We will present the terms and conditions for organizing the training based on the agreed parameters and number of participants.
Step 4
TRAINING
We will deliver the dedicated training according to the agreed terms.
Would you like to request a quote for an internal training session?
Organizers
