ISO/IEC 27701 Lead Auditor

Audience
The course is aimed at auditors, internal/external auditor teams, consultants, advisors, compliance and privacy managers, IT security and data protection professionals working with information security and privacy. It is suitable for those who will conduct or lead audits of privacy and personal data processing (PII), for data processors and data controllers, as well as consultants and advisors who assist organizations with privacy and data protection compliance.

Learning objectives
Participants will gain a good understanding of the principles and structures of a Privacy Information Management System (PIMS) based on ISO/IEC 27701. The course provides competence to interpret the requirements of the standard from an audit perspective and assess how an organization handles personal data in accordance with PIMS requirements. Participants learn audit principles, procedures and techniques in line with ISO 19011 and ISO/IEC 17021-1, as well as how to plan, conduct and conclude audits, including documentation, reporting, evaluation of controls, findings and areas for improvement. The course also provides knowledge on how to evaluate the effectiveness of controls against PII processing (controller and processor).

After completing the course you will be able to

• ‍‍Explain the fundamental concepts and principles of PIMS based on ISO/IEC 27701
• Interpret and apply the requirements of ISO/IEC 27701 in audit context (for both PII controller and PII processor)
• Plan, conduct and complete an audit of privacy and information security management systems in accordance with audit standards and best practices
• Lead an audit program: coordinate teams, conduct evidence collection, document findings, report discrepancies, and recommend measures for improvement
• Evaluate organizations' ability to maintain, monitor and continuously improve privacy and information security management systems (PIMS) over time