Companies pursuing ISO27001 compliance need to nominate qualified Internal Auditors


Given the increase of ISO27001 certificates issued over the last couple of years - as reported by the ISO 2011 Survey - it is likely that 2013 will see more companies complying with this international information security standard.

IT Governance, the UK’s leading information security and ISO27001 training provider, advises that in order to successfully achieve certification organisations need to nominate Internal Auditors whose main responsibility is to ensure the company’s information security management system (ISMS) is fit for purpose. Internal auditors can also be tasked with auditing IT Service Level Agreements.

Alan Calder, CEO of IT Governance, says, “Regular internal auditing of the organisational information security management system is important in order to ensure it is secure and meets the requirements of the ISO27001 standards.”

The decision as to how many Internal Auditors are needed is usually made by the ISO27001 Lead Implementer. Every organisation should have at least two Internal Auditors who are able to cover for each other. Bigger organisations usually need a couple of Internal Auditors due to a more comprehensive audit programme.

The ISO27001 Certified ISMS Internal Auditor Training course from IT Governance is designed on best practice principles, based on ISO 19011:2002 internal audit best practice. This course offers guidelines for information security management systems auditing.

Ensuring that audit reports follow the best format and contain all the relevant information, as well as reducing duplication of effort when conducting combined information security audits, are only some of the benefits that the course brings. Delegates will learn how to avoid confusion over the objectives of the audit programme and secure agreement of the goals for individual audits within an audit programme.

The ISO27001 Certified ISMS Internal Auditor Training course provides an excellent career progression and skills development opportunity for information security staff and internal auditors.

The next ISO27001 Certified ISMS Internal Auditor Training course takes place on 4-5 February 2013. The course is currently discounted by £100 and places can be immediately booked online at
This website uses cookies. View our cookie policy