Course Outline

Course Title: Internal Auditor – ISMS ISO/IEC 27001:2022
Duration: 2 Days (16 Hours)
Delivery Mode: Classroom / Virtual Live / Self-Paced
Assessment Method: MCQ + Practical Audit Simulation
Certification: Internal Auditor Certificate issued by Cosmos International Training Institute (CITI)

 

Course Objectives

This course is designed to enable learners to:

• Understand the structure and requirements of ISO/IEC 27001:2022

• Gain knowledge of internal audit principles as per ISO 19011:2018

• Learn how to plan, conduct, report, and follow up on an internal audit

• Develop auditing skills with a focus on information security controls

 

Course Modules

Day 1: Standard Requirements & Audit Framework

Module 1: Introduction to Information Security and ISO/IEC 27001

• What is an ISMS and why it matters

• Evolution and overview of ISO/IEC 27001:2022

• Key information security terms and concepts

• Regulatory requirements (GDPR, data protection laws)

Module 2: Understanding the ISO/IEC 27001:2022 Framework

• Annex SL high-level structure

• Clauses 4 to 10 explained:

  • Context of the organization

  • Leadership and support

  • Risk assessment and treatment

  • Performance evaluation

  • Improvement mechanisms

Module 3: Introduction to Internal Auditing

• Definition, purpose, and types of audits

• Principles of auditing (ISO 19011:2018)

• Auditor competence and ethical conduct

Module 4: Annex A Controls (Reference Control Objectives)

• Domains and themes of Annex A

• Overview of the 93 controls (grouped under 4 themes):

  • Organizational

  • People

  • Physical

  • Technological

Day 2: Conducting Internal Audits

Module 5: Audit Planning and Preparation

• Preparing the audit programme

• Creating an audit checklist

• Determining audit scope, objectives, and criteria

• Reviewing ISMS documentation and risk treatment plans

Module 6: Performing the Audit

• Opening meetings and communication

• Evidence collection techniques (interviews, observation, records)

• Audit trail development

• Identifying and classifying nonconformities

Module 7: Audit Reporting & Follow-up

• Structuring a clear audit report

• Writing effective nonconformity statements

• Closing meetings and audit conclusion

• Corrective actions and continual improvement feedback

Module 8: Practical Audit Exercise

• Role-play based audit simulation

• Audit checklist and documentation review

• Drafting audit findings and presenting results

 

Assessment & Certification

• 25-question multiple-choice assessment

• Practical audit exercise (observed and evaluated)

• Certificate of Completion as ISMS ISO/IEC 27001:2022 Internal Auditor from CITI

 

Target Participants

• IT and InfoSec professionals

• Internal auditors and compliance officers

• ISMS implementation team members

• Anyone responsible for ISMS auditing or preparing for certification audits