While ISO/IEC 27001 Internal Auditor Training is given, internal auditor training is given in accordance with ISO 19011 requirements. Thus, personnel with internal auditor competence do not receive training only on standard articles. They also learn the criteria that an auditor should have. Internal Auditor training is more comprehensive than Information Security Practice Training. In practice training, the standard articles are not digressed. Trainings are given by our personnel who have ISO/IEC 27001 Lead Auditor Certificate and provide active consultancy support. The training process is evaluated as one day on average.


The topics of the training are;

  • • Definition and scope of the ISO/IEC 27001 standard
  • • Information Security Asset Management
  • • Information Security Risk Management
  • • Information Security Policies
  • • BGYS ANNEX-A Controls
    • A.5 OrganisaEonal controls
      A.6 People controls
      A.7 Physical controls
      A.8 Technological controls
    • • Internal Audit Criteria and Application
    • • Planning of Internal Audit
    • • Preparation of Internal Audit Question List
    • • Deviations and actions that may occur during the Internal Audit
    • • Reporting and Tracking of Internal Audit
    • • Examination