ISO/IEC 27001:2013 Information Security Management Systems Implementation Course

Description

Objectives

• The component parts of the Standard
• How to manage information security
• How the individual components of the process fit together
• How to treat implementation as a project
• Common pitfalls
• How to define and risk assess “information assets”
• How to manage risks in a way suitable to your organization
• The essential requirements for obtaining auditor approval, i.e. certification

• ISO 27001 Requirements
• What the Information Security Management System (ISMS) is and what it is trying to achieve
• Identifying Information Assets
• Undertaking a Risk Assessment
• Managing Risk
• Internal Auditing

Audience

1. Management systems
   • In particular, an understanding of the Plan-Do-Check-Act (PDCA) cycle. 
2. Information security management
   • A basic knowledge of the concepts of information security management and an understanding of commonly used information security management terms and definitions, as given in ISO/IEC 27000.

• Participants should be committed to Information Security Management as a concept.  Prior knowledge of BS7799-2:2002 is an advantage. 
• SGS will not provide company specific advice towards the development and implementation of the management systems for eventual certification, which contravenes the requirements of the IAF Guidance (i.e. provision of consultancy services).