Show me desktop version

Webinar – Internal audit: How to conduct it according to ISO 27001 and ISO 22301/BS 25999-2

Webinar on demand



In this webinar you’ll learn:

  • ISO 27001/BS 25999-2 requirements for internal audit
  • How can ISO 19011 help you
  • The purpose of internal audit
  • Differences between internal audit and external audit
  • How to structure the procedure for internal audit
  • Requirements to become internal auditor
  • Definition of nonconformity, when to raise major or minor nonconformity
  • How to develop the Audit Program, Audit Plan
  • How to perform documentation review
  • How to develop audit checklist, how to perform on-site audit, techniques for collecting evidence, how to write corrective action requests
  • How to write audit report and follow-up


Target Audience:

Professionals with little or moderate experience in internal audit according to ISO 27001/ISO 22301, including:

  • ISO 27001/ISO 22301 internal auditors
  • Chief Information Security Officers (CISOs)
  • Chief Information Officers (CIOs)
  • Business continuity managers/coordinators
  • Compliance managers
  • ISO 27001/information security consultants
  • ISO 22301/business continuity consultants
  • Members of top management responsible for information security/business continuity
  • All information security/business continuity practitioners

Presenter: Dejan Kosutic
Language: English
Format: Recorder webinar
Duration: 111m 29s (1h 51m 29s)





Why is risk treatment important?                                                                                                                  


Risk treatment is the second part of the risk management, right after the risk assessment process – the purpose of risk treatment is, once you know where the risks are, to define how to control those risks.

During risk treatment the controls from ISO 27001 Annex A are usually selected as a means to decrease risk – while doing it, it is very important to balance between decreasing the risks and the cost of controls, because you may end up investing too much in a certain control while you may have had a cheaper alternative.

Statement of Applicability is the key document listing all the controls from Annex A – not only does it define which controls will be used, but it also defines what should those controls achieve, why they were selected etc. This document serves as the starting point for the implementation process of the controls.