ISO 27001:2022. How to prepare for a certification audit
What you'll learn
- Identify the crucial steps and tasks involved in preparing for a certification audit
- Identify mandatory ISMS documented information
- Be ready for auditors' requests
- Avoid common mistakes
- Navigate the certification audit smoothly and effectively
- Basic knowledge of ISO 27001 and a Information Security Management System (ISMS)
The ISO 27001:2022 certification is an internationally recognized standard for establishing, implementing, maintaining, and continuously improving an information security management system (ISMS). This course is designed to provide participants with the knowledge and skills necessary to effectively prepare for a certification audit according to the ISO 27001:2022 standard. The course will cover essential tasks that need to be addressed Before, During, and After the certification audit process.
0. General information about audits
1. Before the audit
Choose a certification body
Review a non-disclosure agreement (NDA)
Request and check the audit plan in advance
Conduct a brief self-assessment
Check the mandatory ISMS documents
Prepare and send documents to the lead auditors
Take care of the auditors
Strengthen the motivation of employees
Hold an internal briefing meeting
Send a reminder to employees
Train your employees to avoid common mistakes
Prepare a detailed presentation about the company and the ISMS
Check again that the clear desk and clear screen policy is followed by employees
Print the most important documents
2. During the audit
Invite top management to the meetings
Adhere to high standards of communication
Hold a meeting with the ISMS team after each audit day
Take notes during the audit
3. After the audit
Check the audit report
Plan for improvements and corrective actions
Check the certificate
Discuss the results and thank the team
Join this course to gain the knowledge and skills necessary to successfully prepare for an ISO 27001:2022 certification audit and establish a robust information security management system within your organization.
!This is important! This course is not about how to implement an ISMS, but how to prepare for the certification audit when the ISMS is already implemented.
Who this course is for:
- Information Security Managers
- GRC Managers
- Compliance Managers
- Internal Auditors
- Quality Managers
- Information Security Consultants
Greetings, colleagues! My name is Andrey Prozorov, and I am a highly experienced Cybersecurity and Privacy Expert based in Finland. With a career spanning 16 years in the field, I bring a wealth of expertise and knowledge to my roles: Information Security Manager and Data Protection Officer.
I hold several certifications, including Certified Information Security Manager (CISM), Certified Information Privacy Professional / Europe (CIPP/E), Certified Data Privacy Solutions Engineer (CDPSE), and ISO 27001 Lead Auditor. These credentials, combined with my hands-on experience, have equipped me with the skills and knowledge to provide practical solutions in the field of Cybersecurity and Privacy.
I specialise in designing and implementing management systems that align with international regulations, standards, and best practices such as ISO 27001, ISO 27701, COBIT, ISF SoGP, NIST CSF, and GDPR.