ISO 27001 Internal Auditing
How to Plan an Effective Audit Programme
DATE:
Wednesday
26
February
2025
TIME:
11:00
-
12:00
location:
Online
ISO 27001 provides the framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) to protect your organisation's critical information assets. Internal auditing serves as a cornerstone of this framework, playing a vital role in ensuring ongoing conformance and effectiveness, and in identifying areas for improvement.
A well-executed ISO 27001 internal audit programme will do more than just identify nonconformities, assess control effectiveness, and highlight improvement areas; it will support cultural change, understand and respond to audit ‘fatigue’ and shine a light on good practice. Through systematic evaluation, internal audits strengthen your security posture whilst also ensuring conformance and minimising risk exposure.
Drawing from our experience supporting hundreds of organisations in developing and implementing effective and responsive ISO 27001 internal audit programmes, URM’s upcoming webinar on 26 February 2025 will share proven strategies to maximise the value of your audit programme and navigate common challenges.
Key areas we will be addressing include:
Developing Your Audit Programme
- Scope Definition: Learn how to effectively and efficiently cover your entire ISMS within a 3-year cycle, providing you with the flexibility to pay special attention to critical controls, key business processes, and high-risk areas.
- Standards Alignment: Design your programme to fully conform to ISO 27001 Clause 9.2, emphasising compliance, risk management, and continuous improvement.
- Policy Validation: Implement effective methods to confirm your organisation’s adherence to its internal security policies, procedures, and controls as well as the ‘requirements’ of the Standard.
- Build in Flexibility: Create a framework that responds to evolving business needs, emerging risks, and security incidents.
- Identify Relevant Assessment Approaches: Learn how to structure your audit programme to meet your business needs, considering audit by processes, departments, sites, controls, and infrastructure.
Planning Audits
- Choosing Suitable Auditors: How to select qualified, independent, and impartial auditors with the necessary auditing expertise and knowledge of ISO 27001.
- Integration with Other Standards: Combine ISO 27001 audits with other management system assessments to maximise efficiency and minimise audit fatigue.
- Maintaining Objectivity: Ensure auditors maintain impartiality to avoid conflicts of interest and guarantee the integrity of the audit process.
Register for the event
Please note, we can only process business email addresses.
Submit your question
If you have any immediate questions, please use the form provided below to ask up to 3 questions. You will also be able to ask additional questions during the session. No question will be left unanswered.
Did you miss the live event? Do not worry. We are recording the webinar and make the recording available within 24 hours after the webinar.
Did you miss the live event? Do not worry. We have recorded the webinar for you. Please watch the introduction to the webinar below. For the full recording please register using the form below the video.
Please register using the form below and we will provide you with the link to the recorded webinar.
Register to watch recording
Please note, we can only process business email addresses.
Event
URM can provide a range of ISO 27002:2022 transition services including conducting a gap analysis, supporting you with risk assessment and treatment activities as well as delivering a 2-day transition training course.
Find out more