Incorporating Information Security within a Quality Management System Audit – for Existing QMS Auditors

Information Security has evolved to become an essential part of everyday business. Breaches of information security not only affect a business’s brand and reputation, but it can also impact on day to day operations (including meeting customer requirements) and carries legal implications that frequently lead to companies being fined for breaching data protection. This, in addition to GDPR, means there is a stronger need for stricter information security practices in companies than ever before.

As Internal auditing is one of the fundamental activities for maintaining and improving a Management System, the internal auditor plays a highly important role in determining the effectiveness of an organisation’s information security processes. This two-day Integrated  Information Security Management System (ISMS) & Quality Management System (QMS) Auditor training course is designed to provide students with an understanding of ISO 27001 and Information Security, both from an implementation and auditing perspective, so that they can incorporate information security criteria into their existing Quality Management System audits.

  • Introduction to Information Security and Information Security Management Systems
  • Integrating Information Security criteria into Quality Management System audits
  • Integrating Information Security into an existing QMS
  •  ISO/IEC 27001:2013 Requirements
  • ISO 9001:2015 clauses that relate to the management of
    information security
  • The Integrated Management System Internal Audit Process
    • Planning the audit (including QMS/ISMS checklist)
    • Conducting an integrated QMS/ISMS audit
    • Reporting, including non-conformity statements
    • Follow-up

This Integrated ISMS & QMS Auditor Training Course is highly suitable for:

  • Existing 1st, 2nd and 3rd party QMS auditors looking to expand their knowledge to be able to incorporate Information Security within their QMS audits
  • Staff who will be involved in performing ISMS Internal Audits
  • Managers responsible for Information Security within their department or organisation

By the end of this course, delegates will have gained:

  • knowledge of the principles of Information Security
  • an understanding of the key elements of ISO 27001:2013
  • an appreciation of how Information Security forms part of ISO 9001:2015
  • the skills to audit a process with Information Security requirements
  • the skills to audit a process in an integrated way with Quality Management and Information Security requirements.