Overview
Audit ISO 27001:2022 Clause 6 People Controls step by step., Apply risk-based thinking to human-centric security audits., Identify gaps in awareness, training, and role definition., Use practical checklists to assess compliance and recommend fixes.
Information security auditors, compliance officers, HR managers, and ISO 27001 implementers seeking to master auditing of people-related controls.
Basic understanding of ISO 27001 or general information security concepts is helpful but not required.
Auditing people-related controls in ISO 27001:2022 is one of the most critical – and often underestimated – parts of an Information Security Management System (ISMS) audit. Clause 6 of Annex A focuses on People Controls, covering role definition, awareness, education, training, disciplinary processes, remote work, and incident reporting. These controls directly address human factors, which remain the leading cause of information security incidents.
In this course, you’ll learn how to audit Clause 6 controls step by step using a structured, practical approach. We’ll explore each control in depth, supported by detailed audit checklists, real-world scenarios, and application to our model company, InfoSure Ltd. You’ll learn how to evaluate both compliance and effectiveness, ensuring your audits don’t just tick boxes but drive genuine security improvements.
We’ll cover how to:
Audit role and responsibility definitions to ensure security tasks are clearly assigned and understood.
Assess the design and delivery of awareness and training programs, including role-specific and threat-specific content.
Review disciplinary processes for handling information security breaches fairly and consistently.
Evaluate remote working arrangements for compliance with security requirements.
Verify that information security incidents are reported promptly and handled according to policy.
Apply risk-based thinking to prioritize people control audits where they matter most.
You’ll also gain hands-on experience through assignments that simulate real audit scenarios. These exercises will challenge you to identify gaps, document findings, and recommend corrective actions.
By the end of this course, you will be able to:
Confidently audit all People Controls in Clause 6 of ISO 27001:2022.
Use professional checklists to capture evidence and assess compliance.
Apply risk-based auditing to focus on high-impact human factors.
Produce clear, actionable audit reports that support ISMS improvement.
Whether you’re an internal auditor, external auditor, compliance officer, or ISO 27001 implementer, this course will give you the tools, techniques, and confidence to audit People Controls effectively and add real value to your organization’s security posture.
Dr. Amar Massoud
PhD in computer science and IT manager with 35 years technical experience in various fields including IT Security, IT Governance, IT Service Management , Software Development, Project Management, Business Analysis and Software Architecture. I hold 80+ IT certifications such as :
ITIL 4 Master, ITIL 3 Expert
ISO 27001 Auditor, ComptIA Security+, GSEC, CEH, ECSA, CISM, CISSP, CISA
PGMP, MSP
PMP, PMI-ACP, Prince2 Practitioner, Praxis, Scrum Master
COBIT 2019 Implementor, COBIT 5 Assessor/Implementer
TOGAF certified
Lean Specialist, VSM Specialist
PMI RMP, ISO 31000 Risk Manager, ISO 22301 Lead Auditor
PMI-PBA, CBAP
Lean Six Sigma Black Belt, ISO 9001 Implementer
Azure Administrator, Azure DevOps Expert, AWS Practitioner
And many more.