Overview
The 5-day Lead Auditor training course aims to provide participants with the knowledge, and develop the skills and expertise necessary to:
-
Audit a Quality Management System (QMS) based on ISO 9001:2015
-
Ensure that the organization is competent in maintaining and continually improving its QMS
-
Perform third party audits by applying widely recognized audit principles, procedures and techniques
-
Proficiently plan and perform internal and external audits in compliance with ISO 19011 and the certification process according to ISO 17021.
-
Manage audit teams and audit programmes, communicate with customers, resolve conflicts, etc.
Based on practical exercises, the participants will master the audit tools and techniques.
ISO 13485: 2016
Lead Auditor
First time you visit our website?
Empower Your Team with Industry-Leading Training Programs
Tailored corporate training for leadership, technical skills and professional development
-
We serve corporate clients investing in peoples' knowledge, skills, and competencies, to improve business performance, enhance process, product and service quality, and achieve sustained growth and profitability.
-
We understand the meaning of the business terms "Voice of the Customer" and what constitutes "value" from the customer's point of view.
-
We also understand the difference between "value" and "waste" from the business and individual learner point of view.
-
-
We care about the people, the knowledge enhancement of which is entrusted to us by their organisation or themselves.
-
We focus on learning (not just on training, and issuing certificates) and providing post-training advice and support through workshops and consulting services.
Stratos Lazaridis
CEO The Marvel Academy
Corporate Training Solutions
Mob: +44 (0)749 114 7156
INFORMATION SECURITY BASICS
Overview
The flexibility of digital information can be regarded as a great strength. As software and hardware develop, data can be created, accessed, edited, manipulated and shared with increasing ease. The corollary is that data is vulnerable to unauthorised access, alteration or manipulation, which without checks and controls:
-
Can easily go undetected
-
Undermine its authoritative nature.
To be authoritative data needs to remain authentic, reliable and useable, while retaining its integrity. These characteristics of data can be preserved through the implementation of an effective Information Security Management Systems (ISMS).
The Information Security Triad
Information Security or, more accurately, Information Assurance, is founded on three major concepts, i.e. Confidentiality, Integrity, and Availability (CIA):
-
Confidentiality ensures that data is only available to those authorised to access it.
-
Integrity ensures that data can only be altered by authorised persons.
-
Availability demands that authorised persons can access data when they require.
Managing these concepts is critical because:
-
Information is increasingly becoming one of the modern currencies of society
-
The retention of information assurance in an appropriate and cost-effective manner has become of keen interest to businesses of all sizes, in all industry sectors, and in all geographic locations.
Non Repudiation
Non-repudiation refers to a state of affairs where the author of a statement will not be able to successfully challenge the authorship of the statement or validity of an associated contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".
In a general sense, non-repudiation involves associating actions or changes to a unique individual. For a secure area, for example, it may be desirable to implement a key card access system. Non-repudiation would be violated if it were not also a strictly enforced policy to:
-
Prohibit sharing of the key cards
-
Immediately report lost or stolen cards.
Otherwise determining who performed the action of opening the door cannot be trivially determined.
Similarly, for computer accounts:
-
The individual owner of the account must not allow others to use that account, especially, for instance, by giving away their account's password
-
A policy should be implemented to enforce this.
This prevents the owner of the account from denying actions performed by the account.
What Is Information Security (InfoSec)?
Information security, sometimes shortened to Info Sec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It is a general term that can be used regardless of the form the data may take, e.g. electronic/digital, paper-based, physical).
Following are examples of information security categories:
-
Internet security
-
Cyberwarfare
-
Computer security
-
Mobile security
-
Network security
Information Security Threats
Information security threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. Most people have experienced software attacks of some sort.
Following are examples of security threats to data and information:
-
Computer crime/ cybercrime
-
Vulnerability
-
Eavesdropping
-
Exploits
-
Trojans
-
Viruses and worms
-
Denial of service
-
Malware
-
Payloads
-
Rootkits
-
Keyloggers.
Responses to InfoSec Threats
Possible responses to a security threat or risk are to:
-
Reduce/mitigate by implementing safeguards and countermeasures to eliminate the vulnerabilities or block the threats
-
Assign/transfer by placing the cost of the threat onto another entity or organization, such as purchasing insurance, or outsourcing
-
Accept by evaluating if cost of countermeasure outweighs the possible cost of loss due to threat
-
Ignore/reject – this is not a valid or prudent due-care/due diligence response.
Following are examples of defences to information security threats:
-
Computer access control
-
Application security, e.g. antivirus software, secure coding, security by design, and secure operating systems
-
Authentication, e.g. multi-factor authentication
-
Authorization
-
Data-centric security
-
Firewall (computing)
-
Intrusion detection system
-
Intrusion prevention system
-
Mobile secure gateway.
What is an ISMS?
Definition: an Information Security Management System (ISMS) is a:
-
Set of policies, processes, and procedures, for systematically managing an organization's sensitive data.
-
Systematic approach to managing sensitive company information (assets) so that it remains secure.
The policies, procedures, resources (both human and IT/machine), which constitute an ISMS, should ensure that the CIA Triad (Confidentiality, Integrity and Availability) is maintained across an organisation's physical, personal and organisational layers.
The ISMS:
-
Is an overarching management framework, through which the organization identifies, analyses and addresses its information risks
-
Ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts - an important aspect in such a dynamic field, and a key advantage of ISO 27K’s flexible risk-driven approach.
Goal: to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Scope: an ISMS includes people, processes, data, information, and IT systems
An ISMS can:
-
Be focused on a particular type of data, such as customer data, or employee data
-
Be implemented in a comprehensive way, that becomes part of the company's culture
-
Help small, medium and large businesses, in any industry sector keep information assets secure.
For an overview and vocabulary of ISO 27000: 2016 click here.
General Course Information
For general course information please click on the link here.
N.B. Please read our Terms & Conditions (T&Cs) and ask for clarifications, if any, before booking your training event.
Book now to reserve an on-site or online instructor-led training event of your choice.
For more details about our:
-
List of training courses please click here.
-
Consulting services please click here
-
Workshops please click here.
For queries, including non-obligation quotes, please contact us.