Live online training via webinar

Internal audit: How to conduct it according to ISO 27001 and ISO 22301/BS 25999-2

Why is internal audit important for ISO 27001/ISO 22301/BS 25999-2?       

The key purpose of internal audit is for an organization to find out if all the processes and activities are running as they are expected. The problem behind this is that it is very difficult for employees to see if they are doing something wrong, so someone else should review their activities in an objective way.

Internal audit is usually perceived as an overhead with no real benefit – however, if approached from a more positive side, internal audit could be one of the main drivers of improvement in your organization.

To achieve the best benefits, internal audit should be done continually, but at least once a year before the certification audit.

Register for this webinar to learn:

  • ISO 27001/BS 25999-2 requirements for internal audit
  • How can ISO 19011 help you
  • The purpose of internal audit
  • Differences between internal audit and external audit
  • How to structure the procedure for internal audit
  • Requirements to become internal auditor
  • Definition of nonconformity, when to raise major or minor nonconformity
  • How to develop the Audit Program, Audit Plan
  • How to perform documentation review
  • How to develop audit checklist, how to perform on-site audit, techniques for collecting evidence, how to write corrective action requests
  • How to write audit report and follow-up

Please note: this webinar is based on ISO 27001:2005 and BS 25999-2, but the internal audit principles covered in this online training are fully compliant with ISO 27001:2013 and ISO 22301:2012 as well.


"Dejan is clearly a subject matter expert on Risk Analysis and Risk Management. His trainings are well designed and superbly and professionally delivered using the GoToTraining platform."

Bob Chaput, CEO at Clearwater Compliance LLC

Presented by:Dejan Kosutic

DejanKosutic4Dejan Kosutic is the author of documentation toolkits at 27001Academy. He has extensive working experience both as a tutor and as a consultant – he is an Approved Tutor for ISMS Lead Auditor courses at SGS, and delivers various ISO 27001 and ISO 22301/BS 25999-2 in-person courses throughout Europe, as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized businesses including IT companies.

He has an MBA from Henley Management College, and is the holder of the following certificates: Certified Management Consultant, ISO/IEC 27001 Lead Auditor, Associate Business Continuity Professional, and ISO 9001 Lead Auditor.


27001Academy live online trainings: The knowledge you can apply right away.


Other live online trainings  |  Pricing & options  |  Webinars on demand  |  FAQs