• Practical orientation - not just theory.  Features extensive use of case studies from actual implementations led by the course presenter
  • The ONLY independently accredited ISO 27001 Lead Implementer training in Asia-Pacific
  • Certificate exam 3rd-party set and marked
  • Based on most recent version ISO 27001:2013

This course provides comprehensive and practical coverage of all aspects of implementing and maintaining an ISO 27001 project. If you are involved in information security management, writing information security policies or implementing ISO 27001 - either as a Lead Implementer, or as part of the planning/implementation team - this course will give you the all the key steps for implementing and maintaining a successful Information Security Management System.

Based on the most recent version ISO 27001:2013, this training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).

Learning outcomes

  • Understanding the application of an Information Security Management System in the context of ISO 27001
  • Mastering the  concepts,  approaches,  standards,  methods  and techniques required in an effective management of an Information Security Management System
  • Understand  the  relationship  between   the  components   of  an Information Security Management System, including risk management, controls and  compliance with the  requirements of different stakeholders of the organisation
  • Acquiring the necessary expertise to support an organisation in implementing, managing and maintaining an ISMS as specified in ISO27001
  • Acquiring   the   necessary   expertise   to   manage   a   team implementing the ISO27001 standard
  • Develop the knowledge and skills required to advise organisations on best practices in management of information security
  • Improve  the  capacity  for  analysis  and  decision  making  in  a context of information security management

Who should attend

  • Project manager or consultant wanting to prepare and to support an organisation in the implementation of an Information Security Management System (ISMS)
  • ISO 27001 Auditor who wants to master the Information Security Management System implementation process
  • Person responsible for the Information security or conformity in an organisation
  • Members of the information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security function or for an ISMS project management function

Course contents

Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS
  • Introduction to management systems and the process approach
  • Detailed presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2005
Day 2: Planning an ISMS based on ISO27001
  • Defining the scope of the ISMS
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology  for risk assessment
  • Risk management according to ISO 27005: identification, analysis and treatment of risk
  • Drafting the Statement  of Applicability
Day 3: Launching and implementing an ISMS based on ISO27001
  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident Management according to ISO 27035
  • Operations management of an ISMS
Day 4: Control, act and the certification audit of the ISMS according to ISO 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and the dashboard in accordance with ISO 27004
  • ISO 27001 Internal Audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparing for the ISO 27001 certification audit
Day 5
  • Course review
  • Exam preparation
  • Certificate exam

Course fees

Face-to-face classroom training

$2,960 + gst

Fees are per person and include:

  • Course presentation
  • Course workbook
  • Supplementary materials
  • Certificate exam (held on last day of course)
  • Full catering including sit-down lunch each day

Prerequisites

ISO 27001 Foundation certification or a basic knowledge of ISO 27001 and ISO 27002 is recommended.

Examination

  • The “Certified ISO/IEC 27001 Lead Implementer” exam is held on the last day of the course
  • The exam is conducted under the auspices of the PECB Examination and  Certification Programme (ECP).
  • Duration of the exam: 3 hours
  • The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of information security
    • Domain 2: Information security control best practice based on ISO 27002
    • Domain 3: Planning an ISMS based on ISO 27001
    • Domain 4: Implementing an ISMS based on ISO 27001
    • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001
    • Domain 6: Continual improvement of an ISMS based on ISO 27001
    • Domain 7: Preparing for an ISMS certification audit
  • A certificate will be issued to participants who successfully pass the exam

Certification Levels

There are three levels of accreditation that you can apply for after passing the exam, depending on professional experience:

  • ISO/IEC 27001 Provisional Implementer - exam passed, no direct professional experience, no ISMS project experience
  • ISO/IEC 27001 Implementer - exam passed, two years professional experience with at least one year in information security, project experience of at least 200 hours
  • ISO/IEC 27001 Lead Implementer - exam passed, five years professional experience with at least two years in information security, project experience of at least 300 hours

Candidates can apply for the appropriate level of accreditation once exam results have been received.