ISO/IEC 27001:2013 Information Security Management Systems Implementation Course

On this 3-day practical ISO 27001 course, you will learn the component parts of the standard, how to define and risk assess information assets in a way suitable to your organization, and the essential requirements of obtaining ISO 27001 certification.On this 3-day practical ISO 27001 course, you will learn the component parts of the standard, how to define and risk assess information assets in a way suitable to your organization, and the essential requirements of obtaining ISO 27001 certification.

WHAT YOU WILL LEARN:

• The component parts of the Standard
• How to manage information security
• How the individual components of the process fit together
• How to treat implementation as a project
• Common pitfalls
• How to define and risk assess “information assets”
• How to manage risks in a way suitable to your organization
• The essential requirements for obtaining auditor approval, i.e. certification

 
COURSE CONTENT:

• ISO 27001 Requirements
• What the Information Security Management System (ISMS) is and what it is trying to achieve
• Identifying Information Assets
• Undertaking a Risk Assessment
• Managing Risk
• Internal Auditing

Before beginning this course, we recommend that delegates have knowledge of:

1. Management systems
   • In particular, an understanding of the Plan-Do-Check-Act (PDCA) cycle. 
2. Information security management
   • A basic knowledge of the concepts of information security management and an understanding of commonly used information security management terms and definitions, as given in ISO/IEC 27000.

 
Note:

• Participants should be committed to Information Security Management as a concept.  Prior knowledge of BS7799-2:2002 is an advantage. 
• SGS will not provide company specific advice towards the development and implementation of the management systems for eventual certification, which contravenes the requirements of the IAF Guidance (i.e. provision of consultancy services).