Internal Auditor of Privacy Information Management System (ISO 27701, ISO 19011)

This online course provides the necessary knowledge and skills to conduct internal audits of a privacy information management system based on the standards ISO/IEC 27701:2019 and ISO 19011:2018. For better comprehension of the material, all course slides are voiced. Real-world case studies will help to apply theory more effectively in practice, particularly in matters of personal data protection. Structured information – the learning material is divided into modules, making the learning process even more efficient.

Internal audit plays a critically important role in ensuring compliance with privacy and personal data protection requirements. The relevant qualification of an internal auditor is necessary for the effective identification and assessment of risks in this area, as well as for ensuring compliance with regulatory requirements and standards, including GDPR and other data protection laws, as well as the requirements of ISO/IEC 27701. This course enables participants to acquire the necessary qualification, providing them with practical skills and knowledge to conduct internal audits in accordance with ISO 27701 and ISO 19011.

Course program
Application

Duration

36 hours

Language

English/Ukrainian

Format

100% online

Course objective

The goal of the course “Management System Auditor” is to provide participants with the knowledge and skills necessary to conduct audits of management systems in accordance with the requirements of ISO 27701, ISO 19011, ISO 17021 standards, and SIC Rules.

The main objectives of the course include:

  1. Understanding Standards: Familiarizing participants with the requirements and principles of ISO 27701, ISO 19011, ISO 17021 standards, and SIC Rules.
  2. Privacy Management: Studying the key provisions of ISO 27701, including personal information management systems (PIMS), privacy risk identification, compliance with legislative requirements, and data lifecycle management.
  3. Audit Planning and Execution: Training participants in methods for planning, conducting, and documenting management system audits.
  4. Conformity Assessment: Developing skills to evaluate the conformity of management systems to established standards.
  5. Ensuring Impartiality: Ensuring objectivity and impartiality during the audit process.

Target audience

The target audience for the course “Internal Auditor of Management System (ISO 27701, ISO 19011)” includes:

  1. Information Security Specialists: Those responsible for protecting confidential information within the organization.
  2. Internal Auditors: Employees who are already conducting internal audits or planning to expand their knowledge in this area.
  3. Risk Managers: Individuals responsible for managing risks and ensuring compliance with standards.
  4. Management Consultants: Professionals providing consultancy services on information security and confidentiality issues.
  5. Department Heads: Managers who wish to improve their knowledge of internal audits and confidentiality management.
  6. IT Department Employees: Specialists dealing with the technical aspects of information protection and confidentiality.

Document on completion

Certificate of internal auditor of the QMS, listed in SIC international register

Thematic plan

===

Objectives

Internal Auditor of Privacy Information Management Systems (ISO 27701, ISO 19011)

hours

І module. Privacy information management systems ISO 27701

18

1

Introduction to the PIMS and the GDPR

3

2

Specific PIMS requirements in accordance with ISO/IEC 27001

4

3

Specific PIMS requirements in accordance with ISO/IEC 27002

4

4

Objectives and controls for PII controllers

4

5

Objectives and controls for PII processors

2

 

Test

1

ІІ module. Internal audit ISO 19011

18

1

Audit classification and objectives

3

2

Audit terminology and principles

4

3

Audit program management

3

4

Audit conducting and reporting

4

5

Competence and personal qualities of the auditor

2

 

Test

1

 

Case-reviews

1