The IT infrastructure has now become a core element in companies and public authorities. To ensure that their IT infrastructure permanently meets an efficient and high security level, more and more companies and public authorities are introducing an information security management system (ISMS). KRITIS companies in particular, as defined by the IT Security Act, must provide proof of a certified ISMS from an independent accredited body. This proof is usually provided on the basis of the international standard ISO/IEC 27001.
Increasingly, therefore, data protection and information security experts are needed in various organizations who can introduce ISMS, prepare for certification to ISO/IEC 27001, and accompany and follow up on certification.

With this continuing education you will receive the qualification as an ISMS lead auditor according to ISO/IEC 27001 in a compact form. The seminar prepares you for use in external audits. After passing the written examination, you will receive a university certificate and may call yourself "ISMS auditor | LEAD auditor according to ISO/IEC 27001". In order to be able to work as an external auditor, you must have demonstrably accompanied four audits on site for a total of 11 days. A positive assessment by a senior or lead auditor is required.
Upon successful completion of the course, you will be able to:

• Participate in the establishment of an ISMS.
• Review an ISMS and assess whether the internal ISMS is compliant with the ISO/IEC 27001 standard.
• Plan and conduct audits in a secure manner.
• Evaluate and document audit findings.
• Continuously improve information security in your organization.
• Protect sensitive data and important know-how of your company.

IT and information security professionals, IT managers, consultants, project managers, auditors, as well as people interested in the topic of information security and who, for example, support the establishment of an ISMS.

The course, which is held in an interactive seminar format, offers the opportunity to address individual questions and problems of the participants. Accompanying exercises and re-enactments of audit situations immediately link what has been learned with practical knowledge, which promotes a sustainable learning process and facilitates transfer to one's own company.

The curriculum and further information can be found in the flyer and in the download area.

• Dates: Five attendance days on request at weiterbildung(at)hsnr.de
• Registration deadline: --
• Number of participants: approx. 12 persons
• Location: Krefeld South Campus

• Participation fee: 2.900,00 € | Alumni 2.755 €
• Participation requirements: University degree with at least one year of professional experience or other professional degree with at least three years of professional experience. In addition, knowledge of the introduction to ISMS is required for an apprenticeship as an auditor.
• Scope (workload): 50 h, thereof 40 h attendance, 2 ECTS.
• Degree: University certificate/ certificate of attendance

Three questions for your lecturer, Prof. Dr. René Treibert:

Why is continuing education on the topic of "ISMS Auditor | LEAD Auditor ISO/IEC 27001" currently of interest to many professionals?
With the IT Security Act, which has been in force since 2015, companies or organizations that belong to the critical infrastructure sectors are obliged under certain conditions to introduce information security management systems according to ISO 27001. For this purpose, projects are usually carried out to create a large number of necessary documents, among other things. Internal audits are also carried out in these projects. In order to obtain ISO 27001 certification later on, audits have to be performed by external auditors.
In the next few years, there will be a very large number of ISMS projects. In order to carry out these in the necessary quality, appropriate knowledge is necessary.
In order to be able to work as an external auditor, in addition to accompanying several audits on site, appropriate certificates must be presented as proof of expertise.

What are you particularly looking forward to in this university certificate course?
Each participant will have a specific current view of the topic shaped by his/her organization. This will result in interesting discussions, questions and approaches to solutions. All participants will benefit from these discussions.
Furthermore, it is motivating to show the participants that ISMS projects can be much more exciting than initially assumed and that these projects will also increase the profitability in IT departments.

And what can the participants look forward to?
Participants will receive a structured and up-to-date presentation of the legal regulations governing ISO 27000 standards. The course places particular emphasis on practicable procedures for initiating and carrying out projects for the introduction to an ISMS.
You can also look forward to a variety of technical and organizational aspects and rules of conduct in the field of information security, as well as a motivated and experienced team of lecturers.