Introduction
Setting up an ISMS can be as simple or as sophisticated as your organization needs it to be. However, even knowing where to start when considering setting up an ISMS can be challenging.
In this one day course, our expert tutors will explain the requirements of the current standard to help you understand how it could apply to your organization and the potential benefits of adopting it.
You will therefore be better prepared to carry out an implementation of an ISMS that conforms to the current standard, as the background, updated concepts, principles, terms and definitions used in ISO/IEC 27001:2013 are fully explained and discussed.
The requirements course will also help you understand how the standard works in preparation for attending the internal and lead auditing training courses.
Implementation
In this three day course, our experienced tutors teach you how to consider the state of your organization’s current information security management practices in preparation to put in an ISMS.
You should already have a good understanding of the requirements of the current standard and our tutors will tap into that knowledge so that you can develop your skill and understanding of the practicalities involved when setting up a typical management system framework that conforms with ISO/IEC 27001:2013.
This will enable you to play a key role in ensuring your organization is compliant to ISO/IEC 27001:2013.
ISO/IEC 27001:2013 provides the model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS to protect your information assets.
After attending this course, you will be in a position to use this model and be able to develop an ISMS suitably appropriate for your organization.
How will my organization benefit by the training?
- Your company will know what is required prior to adopting the standard
- Your business will become aware of the potential benefits of adopting the standard
- Your organization will be able to consider how adopting ISO/IEC 27001:2013 could work practically within your business
- Your company will know what is required to implement an ISMS that conforms to the standard
- Successful implementation will improve the protection of your organization’s private data to meet your market assurance and corporate governance needs
Who should attend to the training?
This is intended for those who will be involved in advising top management on the introduction of ISO/IEC 27001:2013 into an organization. It is especially relevant for those who have the responsibility to implement information security management in a business or provide consultation on the subject.
Suggested job roles and their teams include:
- Information security managers
- IT and corporate security managers
- Corporate governance managers
- Risk and compliance managers
- Information security consultants
What will I learn in the training?
Introduction
- What is information security management (ISM)
- Why ISM is important to an organization
- What are the benefits of ISM
- What is the background of ISM
- What are the key concepts and principles in ISO/IEC 27001:2013
- The terms and definitions used
- The main requirements of ISO/IEC 27001:2013
Implementation
- How to identify a typical framework to implement an ISMS compliant with ISO/IEC 27001:2013 following the Plan, Do, Check, Act (PDCA) cycle
- How to conduct a base line review of the organization’s current position with regard to ISO/IEC 27001:2013
- How to interpret the requirements of ISO/IEC 27001:2013 from an implementation perspective in the context of your organization
- How to implement key elements of ISO/IEC 27001:2013
What's included in the training?
- Training pack (training materials, BSI pen, training course note)
- Lunch
- Refreshments
