ISO 55001: 2024 Internal Auditor Training
Introduction to ISO/IEC 27701:2019 and its importance in extending an Information Security Management System to include privacy controls and Personally Identifiable Information (PII) management
Understanding the purpose, scope, and structure of internal auditing within a Privacy Information Management System (PIMS)
Overview of internal audit principles, including independence, objectivity, evidence-based evaluation, and risk-based thinking
Detailed understanding of how ISO 27701 integrates with ISO/IEC 27001 and supports privacy governance
Planning internal audits, including defining audit scope, objectives, criteria, frequency, and audit program development
Preparing for audits by reviewing documentation, policies, procedures, and applicable legal and regulatory privacy requirements
Conducting effective audit activities such as opening meetings, process walkthroughs, interviews, sampling, and observation techniques
Evaluating the effectiveness of privacy controls for both PII controllers and PII processors
Identifying gaps, nonconformities, risks, and opportunities for improvement within the PIMS framework
Applying audit methodologies to assess compliance with organizational policies and privacy requirements
Collecting, verifying, and documenting objective audit evidence to support findings
Preparing structured, clear, and concise audit reports for stakeholders and senior management
Communicating audit results effectively, including nonconformities and recommended corrective actions
Managing corrective action processes, including root cause analysis and verification of implementation
Conducting follow-up audits to ensure closure of findings and effectiveness of corrective actions
Ensuring auditor independence, ethical behavior, and professional conduct throughout the audit lifecycle
Supporting continual improvement of the organization’s privacy management system and strengthening data protection maturity
