Training for an internal auditor according to the ISO/IEC 27001 standard

• The ability to plan and conduct an information security audit in accordance with the applicable regulations.
• The ability to document and prepare an audit report, including the ability to formulate corrective actions.
• The ability to identify non-conformities and effectively highlight them.

The training is intended for individuals responsible for information security within an organization, employed at all organizational levels, with particular emphasis on current and future internal auditors according to ISO/IEC 27001.

The training is conducted in Polish.

There is the possibility of organizing the training in English.

Achieving the proper training outcomes is possible thanks to selecting the right topics and training methods tailored to the participants’ needs and the subject matter of the training. Below, we present the methods and techniques we use:

LECTURE
We deliver knowledge to the participants using dedicated teaching aids, such as multimedia presentations. This is the foundational part of the training, during which we introduce the topic, discuss key concepts, and describe roles, processes, procedures, etc.

PRACTICAL EXAMPLES
As practitioners, we base the training program on real-life events related to specific problems. We assist participants in independently reaching conclusions or solutions. Our training is strongly focused on practice and skill development.

DISCUSSION
Participants express their opinions and exchange experiences. A well-structured discussion topic, thanks to the clash of at least two arguments, usually generates strong emotional engagement. The discussion allows for the development of a common solution or prepares arguments regarding the given topic.

BRAINSTORMING
In a short time, we generate many ideas and solutions for specific problems and situations. We engage participants, stimulate their thinking, and encourage creativity.

EXERCISES
Practical tasks related to the training subject, e.g., creating a process, conducting a case study, etc. This complements the lecture and practical examples effectively.

TESTS
We verify the participant’s level of knowledge and skills. We identify competency gaps and plan the education process accordingly to improve the participant’s skills. Depending on the type of training, this may be done using various tools, such as knowledge tests and practical tasks.

SIMULATIONS
These provide an excellent representation of reality, where participants actively engage and experience the consequences of their actions.

SUMMARY
After completing each topic, we summarize the material discussed. This is done by the trainer and allows for a recap of the most important issues related to the topic while giving participants the chance to verify their understanding.

Izabela Selwestruk

A graduate of Economics from the University of Białystok and postgraduate studies: Information Systems Auditor at the Polish Academy of Sciences in Warsaw and Computer Science at the Białystok University of Technology. An expert in the field of institutional control in government administration, information security, and risk management. She has over 18 years of experience in government administration (including managerial positions) in areas such as conducting control proceedings, conducting IT audits, and organizing training on control methodology, auditing, and risk analysis. She participated in the implementation of the information security management system. During her time in government administration, through her persistent work, she was appointed as a civil service officer. Currently, she works at PBSG as a consultant for ISMS, KSC, and business continuity. Her professional interests are currently focused on information security, including cybersecurity. In her personal life, she loves motorcycle riding and participating in ultra races, including mountain races. She has participated in half-marathons, marathons, and 50 km races. She plans to compete in 100 km and 150 km races. Her dream is to participate in the UTMB (Ultra-Trail du Mont-Blanc) race.