You must be logged in to take this course → LOGIN | REGISTER NOW
ISO 27001 Internal Auditor Course
In this free online course, you’ll learn everything you need to know about ISO 27001, but also how to perform an internal audit in your company. This ISO 27001 Internal Auditor course is made for beginners in information security and internal auditing, and no prior knowledge is needed to take this course. Upon completion of the course, you can go for the certification exam.
The exam from this course is certified by ASIC. After passing the exam, you will receive a certificate proving that you attained Information Security Management Systems and Management Systems Auditing qualifications.
The course is organized into 10 modules, where each module has several video lectures and quizzes that will help you learn more quickly, as well as a recap quiz that will prepare you for the certification exam – please see below for the content of each module. All the video lectures are pre-recorded, so you can take the course from anywhere, at any time for your convenience.
- The total course duration, including the reading of required materials, is approximately 15 hours.
- Materials provided in the course (video lectures, articles, and activity questions) are everything you need to successfully pass the certification exam.
- There is no time limit for taking the course, but it is recommended that you finish it within two weeks’ time.
- Access to this course and the quizzes is completely free; the fee for the certification exam is US$ 649– after you pass the exam you’ll receive your certificate in a matter of days.
- After you purchase the exam, you will receive the completely free ISO 27001 Internal Audit Checklist document, and a bonus PDF containing scripts from all of the video lectures and quizzes, links to additional reading, and access to the practice exams.
Dejan Kosutic & Carlos Pereira Da Cruz
Course language: English
Course Curriculum
| Introduction | |||
| Introduction to the course | 04:00:00 | ||
| Module 1 - Introduction to ISO 27001 | |||
| Introduction & suggested reading | 00:00:00 | ||
| What is ISO 27001? | 01:30:00 | ||
| The structure of ISO 27001 | 02:30:00 | ||
| Information security principles | 02:30:00 | ||
| Introduction to the Information Security Management System | 02:30:00 | ||
| Implementing ISO 27001 requirements | 03:00:00 | ||
| Implementing ISO 27001 as a project | 01:30:00 | ||
| Documenting ISO 27001 requirements | 03:30:00 | ||
| ISO 27001 Benefits | 02:30:00 | ||
| ISO 27001 Benefits – Real-life exercise | 00:00:00 | ||
| Related documentation | 00:00:00 | ||
| Certification FAQs | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 2 - The planning phase | |||
| Introduction & suggested reading | 00:00:00 | ||
| Understanding your organization and its context [clause 4.1] | 02:30:00 | ||
| Understanding the needs and expectations of interested parties [clause 4.2] | 02:00:00 | ||
| Determining the scope of the ISMS [clause 4.3] | 02:00:00 | ||
| Leadership and commitment [clause 5.1] | 02:00:00 | ||
| Information Security Policy [clause 5.2] | 01:00:00 | ||
| Organizational roles, responsibilities and authorities [clause 5.3] | 02:30:00 | ||
| Information security objectives [clause 6.2] | 02:30:00 | ||
| Resources [clause 7.1] | 02:00:00 | ||
| Competence [clause 7.2] | 01:30:00 | ||
| Awareness [clause 7.3] | 01:30:00 | ||
| Communication [clause 7.4] | 01:30:00 | ||
| Documented information [clause 7.5] | 03:30:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 3 - Risk management | |||
| Introduction & suggested reading | 00:00:00 | ||
| Addressing risks and opportunities [clause 6.1.1] | 02:00:00 | ||
| Risk management process [clause 6.1.2] | 02:30:00 | ||
| Information security risk assessment – Risk identification [clause 6.1.2] | 03:00:00 | ||
| Exercise: Information security risk assessment – Risk identification | 00:00:00 | ||
| Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] | 03:00:00 | ||
| Information security risk treatment [clause 6.1.3] | 03:00:00 | ||
| Statement of Applicability [clause 6.1.3] | 02:00:00 | ||
| Risk treatment plan [clause 6.1.3] | 00:30:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 4 - The Do phase | |||
| Introduction & suggested reading | 00:00:00 | ||
| Formulating the risk treatment plan [clause 6.1.3] | 02:00:00 | ||
| Implementing the risk treatment plan [clause 8.3] | 01:30:00 | ||
| Operational planning and control [clause 8.1] | 02:30:00 | ||
| Operating the ISMS [clause 8] | 01:00:00 | ||
| Managing outsourcing of operations [clause 8.1] | 02:30:00 | ||
| Controlling changes [clause 8.1] | 02:30:00 | ||
| Risk assessment review [clause 8.2] | 02:00:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 5 - The Check and Act phases | |||
| Introduction & suggested reading | 00:00:00 | ||
| Monitoring, measurement, analysis, and evaluation [clause 9.1] | 04:00:00 | ||
| Internal audit [clause 9.2] | 01:30:00 | ||
| Management review [clause 9.3] | 03:00:00 | ||
| Nonconformities and corrective actions [clause 10.2] | 04:30:00 | ||
| Continual improvement [clause 10.1] | 02:30:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 6 - Overview of Annex A | |||
| Introduction & suggested reading | 00:00:00 | ||
| Introduction to Annex A | 00:00:00 | ||
| People controls | 00:00:00 | ||
| Physical controls | 00:00:00 | ||
| Technological controls – overview and new controls | 00:00:00 | ||
| Technological controls – software development | 00:00:00 | ||
| Technological controls – operational security | 00:00:00 | ||
| Organizational controls – policies and responsibilities | 00:00:00 | ||
| Organizational controls – information and asset management | 00:00:00 | ||
| Organizational controls – operational security | 00:00:00 | ||
| Organizational controls – supplier security | 00:00:00 | ||
| Organizational controls – incidents and business continuity | 00:00:00 | ||
| Organizational controls – compliance, privacy, and legal aspects of security | 00:00:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 7 - Introduction to the internal audit | |||
| Introduction & suggested reading | 00:00:00 | ||
| Internal vs. external audit | 00:00:00 | ||
| The main purpose of the internal audit | 00:00:00 | ||
| ISO Requirements for internal audits | 00:00:00 | ||
| Criteria for selecting the internal auditor | 00:00:00 | ||
| The audit findings | 00:00:00 | ||
| Nonconformities | 00:00:00 | ||
| Observations | 00:00:00 | ||
| Major and minor nonconformities | 00:00:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 8 - Organizing the internal audit | |||
| Introduction & suggested reading | 00:00:00 | ||
| Organizing the internal audit | 00:00:00 | ||
| Internal audit procedure | 00:00:00 | ||
| Annual audit program | 00:00:00 | ||
| Audit plan for an individual audit | 00:00:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 9 - Internal audit elements | |||
| Introduction & suggested reading | 00:00:00 | ||
| Internal audit elements | 00:00:00 | ||
| Document review | 00:00:00 | ||
| Creation of the checklist | 00:00:00 | ||
| Internal audit report | 00:00:00 | ||
| Corrective action requests and corrective action follow-up | 00:00:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Module 10 - The main audit | |||
| Introduction & suggested reading | 00:00:00 | ||
| Auditor assumptions | 00:00:00 | ||
| Techniques for finding evidence | 00:00:00 | ||
| Sampling the records | 00:00:00 | ||
| Recording the evidence | 00:00:00 | ||
| Interviewing techniques | 00:00:00 | ||
| Remote audits | 00:00:00 | ||
| Auditing integrated management systems | 00:00:00 | ||
| Related documentation | 00:00:00 | ||
| Recap quiz | 00:00:00 | ||
| Instructions for taking the exam and obtaining the certificate | 00:00:00 | ||
- With the purchase you get:
- Certificate approved by ASIC
- ISO 27001 INTERNAL AUDIT CHECKLIST
- Access to course script
- Free exam retake
- Access to practice exam
Leading international authority in certification of training providers
Benefits of getting the certificate
Certificate of competence proves that you attended the eTraining course, and that you passed the exam certified by ASIC. This ensures that you understand and can apply the knowledge you gained in each of the course's modules.
How to get certified?
It's simple:
1) Watch complete videos of all lectures, and answer all practice exams.
2) Pass the online certification exam.
Bonuses with the certificate
Once you purchase the certificate, you will receive the following bonuses:
Internal Audit Checklist (Word document)
The purpose of this document is to provide a list of questions in order to help perform an internal audit against ISO 27001 and/or ISO 22301. For each clause or control from the standard, the checklist provides one or more questions that should be asked during the audit in order to verify the implementation.
Course Script (PDF)
If you decide to purchase the exam you will get the PDF script from the course completely free. The script includes everything said in the videos and all quizzes.
This way, you can access course materials any time you like, making it much easier to practice and prepare for the exam.
Free exam retake
Once you purchase the exam, you will be able to retake it.
This means, if you do not pass the exam on your first attempt, you can retake it one time, free of charge.
There is no mandatory waiting period between the two attempts.
Practice Exam
With the purchase of the exam, you get access to practice exams. You can use these exams to test your knowledge and familiarize yourself with the exam environment.
The results from the practice exam do not have any effect on the results of the final exam.
Course Reviews
Frequently Asked Questions
No, you can attend the course as long as you like; however, you should try to finish it in a couple of weeks because otherwise, you won’t get enough benefits out of it.
You can access it any time – the course is a combination of recorded video lectures, quizzes, reading, and other activities, and because all those materials are readily available, you can access them at a time that is convenient for you.
None. The course was made in such a way that a beginner in this topic can easily understand it.
Well, we have to make money somehow :). We have made most of the course freely available, but to access the exam and get the certificate you’ll have to pay a fee – by the way, this fee is by far smaller than the fee for attending the classroom-type course. Additionally, when you pay for the certificate, you will be able to download a PDF scripts from all of the video lectures, activity questions, practice exams, and links to additional reading. This way, you can access the content from the course and prepare for the exam much more easily.
The exam, as well as the whole course, is completely done online, from your office, your home, or any other place convenient for you. For the exam we use an online proctoring service – click here to learn more.
After you finish attending the course, you can go for the exam – if you finish this exam successfully, i.e., if your score is above the minimum, then you will receive the certificate. By the way, during the exam we use an online proctoring service that will ask for proof of your identity, and make sure that you have taken the exam with no external help. Click here to learn more about online proctoring.
The course is a combination of recorded video lectures, quizzes, reading, and other activities – the course takes you through all these materials in an optimal way.
You can access the course using your PC, Mac, or mobile device, using any major browser (i.e., Chrome, Mozilla, Internet Explorer, Safari); a broadband Internet connection will also be needed. And, of course, enough time to attend the course.
The materials provided in the course – recorded video lectures, quizzes, readings, practice exams, and other activities – are everything you need to successfully pass the exam and obtain the certificate. The best part is: they are completely free with unlimited access!
If you decide to purchase the exam, you will receive a bonus PDF containing scripts from all of the video lectures, quiz questions, links to additional reading, and access to the practice exams. This way, you can prepare for the exam much more easily.
- With the purchase you get:
- Certificate approved by ASIC
- ISO 27001 INTERNAL AUDIT CHECKLIST
- Access to course script
- Free exam retake
- Access to practice exam
Leading international authority in certification of training providers
