Course description

This five-day intensive course enables the participants to develop an expertise to support an organisation in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013 – current version of the standard. Participants will also master the best practices for implementing information security controls from the eleven areas of ISO/IEC 27002:2013. This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2011 (Risk Management in Information Security).

Course content

Day 1 Introduction to ISO/IEC 27001 and initiation of an ISMS
  • Course objectives and structure
  • Standards and regulatory frameworks
  • Information Security Management System (ISMS)
  • Fundamental principles of Information Security Management Systems
  • Initiating the implementation of an ISMS
  • Understanding the organization and clarifying the Information Security objectives
  • Analysis of the existing management system
Day 2 Plan the implementation of an ISMS
  • Leadership and approval of the ISMS project
  • ISMS scope
  • Information Security policies
  • Risk assessment
  • Statement of Applicability and top management`s decision to implement the ISMS Definition of the organizational structure of
  • Information Security
Day 3 Implementation of an ISMS
  • Definition of the document management process
  • Design of security controls and drafting of specific policies & procedures
  • Communication plan
  • Training and awareness plan
  • Implementation of security controls
  • Incident Management
  • Operations Management
Day 4 ISMS monitoring, measurement, continuous improvement and preparation for a certification audit
  • Monitoring, measurement, analysis and evaluation
  • Internal audit
  • Management review
  • Treatment of non-conformities
  • Continual improvement
  • Preparing for the certification audit
  • Competence and evaluation of implementers
  • Closing the training
Day 5 Revise & Exams
  • Exam preparation and revision

Course Objectives

  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Master the concepts, approaches, methods and techniques used for the implementation and effective management of an ISMS
  • Learn how to interpret the ISO/IEC 27001 requirements in the specific context of an organization
  • Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS
  • Acquire the expertise to advise an organization in implementing Information Security Management System best practices

Target audience

  • IT Auditor
  • Information Security Officer
  • Technical Project Management
  • Security Business Analyst
  • Persons responsible for auditing and monitoring management systems

Location / Delivery

  • Classroom

Start date

  • September 7, 2020


  • 5 days


  • £850.00 £1,500.00

Related Courses

Certification & Exams