Course Information
What You Will Learn
Course Curriculum
(National and European accreditation and certification system; Regulatory references; ISO 19011, ISO/IEC 17021 and ISO/IEC 27006 standards; Principles of auditing; Auditing of security processes and controls; AICQ-SICEV certification scheme for ISMS auditors; AICQ-SICEV code of ethics for auditors).
(Risk management related to the management system and information security and the process approach; Elements of risk assessment (identification, analysis and weighting) and treatment; Applicable security controls proposed in Annex A of ISO/IEC 27001 and ISO/IEC 27002; The organizational security model: the Plan-Do-Check-Act cycle of continuous improvement; Correlation with other standards of the ISO/IEC 27000 family.)
– Legal Area
(Current legislative references (Privacy/GDPR, Workers’ Statute, Legislative Decree 231/2001, …); Contractual aspects relating to suppliers, customers, third parties).
– Technology Area
(Basic elements of ICT and information security; ICT security controls; Incident management; Business continuity, disaster recovery, and crisis management).
– Management Area
(Organizational aspects of information technology; Responsibilities involved in information security).
Get the Full Syllabus as a PDF
Curriculum, exam format & everything included — sent straight to your inbox.
All You Need to Know
IT Auditors and aspiring auditors and lead auditors ISO/IEC 27001 on information security.
– High school diploma or higher education qualification.
– Experience in Information Protection and Security management is recommended, but not mandatory.
– If you have already obtained a previous A/LA certification on another ISO standard, recognized by AICQ-SICEV or another equivalent training body, you can participate in Module 2 only. Otherwise, you are required to attend both Modules for a total of 5 days.
Study materials are provided in digital format.