With data security breaches increasing exponentially, the demand for qualified professionals in the field of cyber security and assurance has never been greater. Information security teams are increasingly being expected to provide their board and management team with the assurance that the risks presented by new technologies and cyber threats are being contained.
What are the benefits of an internal audit?
- Audits are a key source of information for regular security reviews
- Audits demonstrates management commitment to information security
- Audits maintain awareness and involvement by staff
- They provide an opportunity for continual improvement
- Audits improve operational performance
The internal auditor
The internal auditor is an essential role in reporting to senior management on how the company’s information security management system (ISMS) is performing, and whether the company is effectively reducing cyber risks. The internal auditor is usually an internally appointed role, or in some cases the company outsources this role to external auditors.
The internal auditor should continually monitor the effectiveness of the ISMS and help senior managers determine if the information security objectives are aligned with the organization’s business objectives.
What does ISO 27001 say?
In ISO 27001 terms, the internal auditor often helps prepare for the certification or maintenance visit by the lead auditor, and in this respect needs to have a good knowledge of the requirements and processes involved in the certification audit.
Clause 9.2 of ISO 27001:2013 says that the organization…’shall conduct internal audits at planned intervals to provide information on whether the information security management system conforms to:
1) the organization’s own requirements for its information security management system; and
2) the requirements of ISO 27001:
- Are effectively implemented and maintained
- Perform as expected
The lead auditor
A lead auditor can perform an audit of the organization’s ISMS against the specifications of ISO 27001 on behalf of a second or third party, while also having the skills to lead a team of internal auditors. A second party could be any organization who requires a supply chain audit, while a third party is usually an independent certification body such as BSI, LRQA or DNV.
The lead auditor checks that the ISMS is fully compliant with the requirements of ISO 27001 and should be able to provide an independent view of how the ISMS is performing. Lead auditors are a vital resource for establishing an organization’s supply chain risks.
Receive a recognized qualification
Receive an ISO 17024-accredited qualification, awarded by the International Board for IT Governance qualifications (IBITGQ), recognized and highly regarded by employers worldwide.
Fulfill your career aspirations by booking your seat now
ISO27001 Certified ISMS Lead Auditor Training Course
Execute an ISO/IEC 27001:2013-compliant ISMS audit, lead a team of auditors, build your career in IS audit and ensure your organization achieves ISO 27001 certification.