In today’s digital environment, organisations face increasing threats to information security, data privacy, and cyber resilience. The ACS – GP USA ISO 27001:2022 Internal Auditor Course is designed to equip professionals with the knowledge and practical auditing skills required to evaluate, monitor, and improve an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022. ISO/IEC 27001 is the internationally recognised standard for establishing, implementing, maintaining, and continually improving information security management systems.
This course provides a comprehensive understanding of ISO 27001:2022 requirements, internal auditing principles, risk-based thinking, audit planning, evidence gathering, reporting, and corrective action processes. Learners will gain the competence to conduct effective internal audits, identify nonconformities, assess security controls, and support continual improvement initiatives within their organisations.
Through practical examples and real-world audit scenarios, learners will develop the skills needed to plan, conduct, report, and follow up internal ISMS audits in accordance with recognised auditing guidelines such as ISO 19011. The course is ideal for professionals seeking to strengthen information security governance, support ISO 27001 certification efforts, and enhance organisational compliance and risk management capabilities.
Program Highlights
Course Objective
- Understand ISO/IEC 27001:2022 requirements and their application to ISMS auditing.
- Learn audit principles and techniques per ISO 19011:2018 guidelines for information security.
- Develop skills to plan and conduct internal ISMS audits effectively.
- Identify information security-related non-conformities and compliance issues.
- Learn to evaluate ISMS effectiveness and recommend improvements.
- Gain knowledge of audit reporting and follow-up processes for information security.
- Understand risk assessment and security control evaluation methods.
- Learn to assess information security policies and procedures compliance.
Entry Requirements
The following entry requirements are recommended to ensure learners can successfully complete the program:
- Age Requirement: Learners must be 18 years of age or older.
- Educational Background: There are no strict academic prerequisites for this course. However, a secondary school qualification or equivalent is recommended. Individuals with education in Information Technology, Cyber Security, Computer Science, Business Management, or related disciplines may find the course particularly beneficial.
- Professional Experience: Prior experience in information security, IT operations, risk management, compliance, governance, data protection, or management systems is advantageous but not mandatory. The course is suitable for professionals involved in implementing, maintaining, or auditing Information Security Management Systems (ISMS).
- English Proficiency: Learners should have a good understanding of English and strong communication skills.
Course Learning Outcomes
- Conduct internal Information Security Management System (ISMS) audits in line with ISO/IEC 27001:2022 requirements
- Plan and execute structured information security audits using recognized auditing methodologies
- Identify information security risks, weaknesses, and nonconformities during audit activities
- Evaluate information security controls, risk management processes, and compliance effectiveness
- Prepare clear, accurate, and professional ISMS audit reports with actionable findings
- Support organizations in maintaining and improving effective information security management systems
- Contribute to continual improvement of information security practices and cyber risk management performance
Target Audience
The ACS – GP USA ISO 27001:2022 Internal Auditor Course is designed for professionals who are responsible for maintaining, auditing, or improving information security management systems within their organisations. It is particularly suitable for individuals seeking to develop practical internal auditing skills and support compliance with ISO 27001:2022 requirements.
This course is ideal for:
- Information Security Officers and Information Security Managers
- Internal Auditors and Compliance Auditors
- ISO 27001 Implementation Team Members
- Information Security Management System (ISMS) Coordinators
- Risk Management and Governance Professionals
- IT Managers and IT Administrators
- Cyber Security Professionals and Analysts
- Data Protection and Privacy Officers
- Quality Assurance and Quality Management Professionals
- Compliance and Regulatory Affairs Personnel
- Business Continuity and Risk Management Specialists
- Consultants involved in ISO 27001 implementation and maintenance
- Professionals preparing for Information Security auditing roles
- Individuals seeking to enhance their career in Information Security, Cyber Security, Governance, Risk, and Compliance (GRC)
Whether you are supporting an organisation’s ISO 27001 certification journey, conducting internal audits, or looking to strengthen your information security auditing expertise, this course provides the knowledge and practical skills required to effectively assess and improve Information Security Management Systems in accordance with ISO 27001:2022.ment use, and material handling activities. It helps Learners develop the knowledge needed to recognise workplace hazards, follow safe work procedures, support regulatory compliance, and contribute to a safer construction environment.
