ISO 27001 Certified Implementer course

Learn to set up an ISO 27001-compliant Information Security Management System (ISMS)

Certified Implementer of ISO 27001 equips you with the knowledge and skills required to plan, implement, manage, monitor, and maintain an ISO 27001- compliant Information Security Management System (ISMS). The course evaluates ISO 27001 requirements and main challenges for, during and after implementation. You will learn to perform an ISO 27001 – compliant risk assessment, develop a risk treatment plan and select appropriate controls. You will evaluate continuous learning principles and best practices for monitoring and improving your ISMS, dive into the ISO 27001 certification process and prepare your organization for a third- party audit. Beyond just theoretical considerations, the program evaluates the risk- based philosophy behind the standard, leadership-, stakeholders – and commitment aspects to align stakeholders on the program and ensure management buy-in, and the difference between doing the right things (compliance checkbox) versus doing the right things right (risk based).

Michael Garceau
Trainer

Senior Risk Manager,
Founder CipherQuest

Koen Maris
Advisory Board

Cyber Security leader
at PwC Luxembourg

Mario Procopio
Trainer

Interim CISO &
Founder at Pro CISO®

At a Glance

Advanced level

ISO 27001 Certified Implementer course

Information security professionals responsible for ensuring compliance to information security requirements, project managers and consultants involved with the implementation of an ISMS.

Understand the key concepts, principles and implementation requirements of an ISMS (information security management system) based on newest the ISO/IEC 27001:2022 standard

Doing the right things versus doing the right things right: Check box compliance versus risk- based approach

Scope and plan the implementation of an ISMS based on the ISO/IEC 27001:2022 standard

Consider ISMS stakeholders, roles, responsibilities, authorities. Align stakeholders on your program, ensure senior management buy in.

Evaluate ISMS performance, identify nonconformities and initiate corrective actions applying continuous learning and improvement principles.

Prepare your organization for a third- party audit

Manage and drive continuous improvement

What’s included

  • Official SECO-Institute course materials
  • ISO/IEC 27001:2022 standard
  • Passionate instructors with exceptional skills and experience
  • Access to SECO Institute’s member portal
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam

Syllabus

Day 1 – Setting the stage: Implementation process, requirements and pitfalls

Day 1 starts with an introduction to ISMS in an information security risk management context. Key concepts, principles, terms and definitions of the ISO / IEC 27001:2022 standard are evaluated, and how you should interpret its requirements to define the scope of your ISMS. You will learn how the standard establishes the management cycle for information security and what steps you should take to ensure successful planning and implementation in practice. The course offers an overview of the process, main challenges and pitfalls, and prerequisites that should be met before ISO 27001 implementation and that will set the stage for more in-depth discussions during Day 2 and Day 3.

Topics covered:

• ISMS and information security risk management
• Information security objectives and control objectives
• Policies, processes and resources
• Phases of ISMS implementation
• History and structure of ISO 27001
• Determining the scope of an ISMS
• Leadership and commitment
• Organisational roles, responsibilities and authorities
• Planning, support and required documentation
• Risk assessment and risk treatment

Day 2 – Implementation, Risk Assessment, ISMS performance evaluation, internal audit and management review

From Day 2 onwards, the course takes a more in-depth and hands on approach towards implementation of the standard and ensure continuous improvement of the information security process. After a more thorough look at ISO/IEC 27001:2017 and ISO/IEC 27002:2022, challenges in selection and implementation of controls are discussed. ISMS stakeholders are evaluated and how to involve them and keep them involved in your program. Quite some time today is spent on risk and risk assessments, the very foundation of the information security practice. We will discuss how to avoid check-box compliance, the difference between doing the right things versus doing the right things right by taking a risk-based approach. You will learn how to evaluate ISMS performance, identify nonconformities, and take corrective actions. Lastly you will learn how to work with your internal audit department, prepare for an internal audit and management review.


Topics covered:

• Challenges in the selection and implementation of information security controls
• ISMS stakeholders
• Risk assessment, risk treatment and documentation
• ISMS performance evaluation, nonconformities and corrective actions
• Information security incident management
• Internal audit and management review

Day 3 – Implementation continued, deep dive in controls, prepare for a third-party audit

Day 3 starts with an evaluation of information security controls in more detail, focusing on the ISO/IEC 27002:2022 reference standard, its relationship with ISO/IEC 27001:2017 and how to analyze which controls may or may not reduce which risks. From thereon, the course will investigate the ISO 27001 certification process: You will evaluate how audits are performed, how to demonstrate compliance to an auditor, and what it takes to become and remain compliant. The course ends with a case study exercise, where you will advise your organization on the implementation of an ISMS and help them prepare for a third-party audit.

Topics covered:

•ISO 27002: 2022 Information security controls
•ISO 27001 certification
•Required processes
•Required and recommended documentation
•Auditor’s focus
•Case Study Exercise: ISMS Implementation and preparing for a third-party certification audit

Collect your badge of honor

Exam

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 20 multiple choice & 2 cases
  • Time: 120 minutes

Join our Alumni Network

Organize a class dedicated for your team or find a local training partner