Certification of an organization’s ISMS against ISO/IEC 27001 is one means of providing assurance that the certified organization has implemented a system for the management of information security in line with the standard.
Credibility is the key advantage of being certified by a respected, independent and competent third party. The assurance it provides gives confidence to management, business partners, customers and auditors that the organization is serious about information security management - not perfect, necessarily, but at least on the right path to continuous, managed improvement.
Information Security Management System ISO/IEC 27001 is a Standard Code of Practice that provides an organization with default guidelines on the types of security controls an organization should implement to safeguard their assets. The scope of this standard covers all communication systems such as voice, internet, phones, faxes, etc.
Information Security Management System ISO/IEC 27002 is Management Standard Specification. This instructs an organization on the necessary steps required in establishing a management framework. It encompasses people, IT systems and the processes within the organization.
About this workshop
The ISO/IEC 27001 course gives participants an understanding of the key elements of the international standard for Information Security Management System (ISMS).
ISO/IEC 27001 has been developed in order to meet the needs of the wider international audience and to provide a common understanding of information security management systems worldwide.
ISO/IEC 27001 will enable organizations to benchmark their capability in managing and maintaining effective ISMS within the organization and provide the necessary assurance to their customers.
Our 2 day course will help participants understand how to implement ISO/IEC 27001 within their organization and our 5 day course is to help participants become lead auditors.
Benefits
On completion of this course, participants will get a better understanding of
- The business drivers for information security
- ISMS Compliance using the PDCA (Plan-Do-Check-Act) cycle
- Auditing sample documentation
- Creating checklists
- Conducting opening and closing meeting
- Conducting Audit along with role play
- NCR writing exercises
- CA/PA evaluation during audit follow up
Who should attend
This course is meant for professionals responsible for an organization’s key functions such as
- Security Management
- Facilities Management
- Human Resource Department
- Administration Department
- Financial Department
- Emergency Unit
- Operations
- Supply Chain
- Risk and Crisis Management
Anyone aspiring to implement ISMS or handle an ISO 27001 Audit would benefit from this course. Prior Knowledge about the ISO 27001:2005 series of standards and ISMS auditing is desirable.
Course Outline
- ISMS Scope and Benefits
- ISO 27001: Process Framework Requirements
- ISO 27001: Control Objectives and Controls
- Asset Identification and Classification
- Risk Identification
- Risk Assessment
- Risk Management
- Statement of Applicability
- Information Security Incident Management
- Business Continuity
- Auditing Concepts
- Audit Planning & Execution
- Audit Reporting & Follow up
- Dos and Don’ts of Auditing