← Information Security & Cyber Governance
Public CourseInternal Audit
Internal Audit for Information Security Management Systems
⏱ 3 days🖥 In-person✓ HRD Corp Claimable
After this course, you will be able to
📖
Interpret each clause of ISO/IEC 27001:2022 from an internal audit perspective and identify required evidence
🔍
Design and execute a risk-based ISMS audit programme using ISO 19011:2018 principles
🎯
Test the effectiveness of Annex A controls through technical document review, process observation and interviewing
🔧
Identify and classify ISMS nonconformities as Major, Minor or Observations with clear evidential backing
📊
Write clear, defensible nonconformity statements using the Condition-Criterion-Evidence-Effect structure
✅
Prepare the ISMS for Stage 1 and Stage 2 external certification and verify corrective action effectiveness
Overview
Learn to plan, conduct and report on credible, risk-based internal audits of an ISMS in accordance with ISO/IEC 27001:2022 and ISO 19011:2018. This intensive three-day programme progresses from clause-by-clause audit analysis through practical field techniques to a full simulated ISMS audit, equipping participants to deliver meaningful assurance to top management and pass certification body scrutiny.
Learning Objectives
This course will prepare you to:
Auditing
Interpret ISO/IEC 27001:2022 from an audit perspective, plan and execute a risk-based internal audit programme, gather evidence across all four Annex A control themes, and classify nonconformities using the C-C-E-E structure.
Reporting
Draft professional audit reports and nonconformity statements, conduct closing meetings, manage auditee pushback, verify corrective action effectiveness, and prepare the ISMS for external certification assessment.
Upcoming Sessions
18
Mar
📅 18–20 Mar 2027 (3 days)📍 Kuala Lumpur💰 RM 2,800 per pax
🪑 20 seats left
3-day ISMS internal audit programme using ISO 19011:2018. Includes simulated audit exercise, SoA effectiveness testing and nonconformity writing. Prerequisites: ISO 27001 Awareness or equivalent.
2
Jun
📅 2–4 Jun 2027 (3 days)📍 Kuala Lumpur💰 RM 2,800 per pax
🪑 20 seats left
Second run. Full 3-day ISMS internal audit programme. Includes end-to-end simulated audit exercise.
Your Learning Pathway
You are here
Internal Audit for Information Security Management Systems
Broaden
Extend your auditing skills across multiple ISO management system standards.
Value Proposition
Affordability
We aim to make risk and resilience-type training affordable to everyone.
Accreditation
Fulfils the internal audit competency requirement for MIRAR's Certified Information Security System Implementer and RiSE by MIRAR™ credentialing pathways.
Practitioner's Focus
Participants conduct a full simulated ISMS audit including opening meeting, field work, nonconformity drafting, closing meeting and corrective action review.
Free Membership
Participants will be accepted as Associate Member of MIRAR upon completion.