Cloud Service Provider Auditor Training

The three-day workshop-based training provides participants the knowledge and skills to plan, conduct, report and follow up an internal audit of an information security management system based on ISO/IEC 27001:2013, ISO/IEC 27017 and in accordance with ISO 19011. Internal audit is a mandatory requirement as per Clause 9.2 of ISO/IEC 27001:2013. It covers the aspects of how to perform audit using the ISO/IEC27017 requirements.

By the end of the training, participants will be able to:

• Understand the requirements of ISO/IEC 27017 as part of controls in ISMS ISO 27002
• Develop personal skills & knowledge required to conduct the internal audit
• Apprehend the internal audit activities
• Understand the method of conducting audit for the CSP or any intended parties such as cloud broker, cloud data processor etc. in compliance to ISO/IEC 27017.
• Develop checklist for audit by defining such questionnaires, aspects to ask during audit and simplify ISO requirements (simplify, understood by CSP) and relevant information that able to assist in creating the checklist.
• Develop techniques to collect and record audit evidence
• Write an effective non-conformity (NCR)
• Learn how to prepare Internal Audit Report