Volg ICTI

ISO 27001 Introduction Training

If there is any discussion about ISO 27001 in your organisation, or you think you may have contact with ISO 27001 process in the future, it’s a good idea to take this course. In only 2 days, you’ll have a full overview of ISO 27001.
And what’s even better: the course can be extended with another two days, which will get you fully certified as lead Auditor. So that’s a very efficient way to learn and, if you like, also have a possibility to get fully certified as Lead Auditor.

There are many situations in which this course can be useful:

  • your organisation  is working on or has just completed GDPR preparations
  • ISO 27001 is being considered
  • ISO 27001 programme might be implemented and you might be asked to help or give inputs.

The successful completion of this course will give you knowledge about ISMS (ISO/IEC 27001, Information Security Management Systems) requirements.

ICT Institute is known for its pragmatic approach and for its help to quickly approach matters that work well and matters that can be improved.  Several ways of working and standard procedures will be shown. We also supply ‘Best Practice’ sample documents, so you’ll hit the ground running in any ISO 27001 project. The course will be given in cooperation with Creating Insights University (www.ciu.nl)

Who should attend?

This is intended for those who will be involved in implementation an ISMS that conforms to latest ISO/IEC 27001 in any organization. Suggested job functions and their teams include:

  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants

Learning objectives

  • Understand the ISMS requirements
  • Understand the information security risk management process, controls objectives and controls

Course benefits

  • Your organization will have an internal resource and process to plan and establish an ISMS
  • Improve your knowledge on ISMS.
  • Support the organisation to protection the sensitive data, i.e. personal data, trade secret, to compliance with legal, legislation and governance requirements
  • Understand the gaps between existing ISMS and international standards

Course outline

Day 1, Annex SL, Risk management principles (ISO 31000)、Management System Compliance (ISO 19600)、ISMS  (ISO/IEC 27001)

  • Understand the compliance risk management (ISO 31000) – Legal, Legislation, Contractual Obligations, Standards, Policy and Procedures (Clause 4.1, 4.2)
  • Information security risk control on legal and technical compliance (Annex A.18)
  • Select and define ISMS operation and certification scope (Clause 4.3, 4.4)
  • Leadership, ISMS policy and objectives (Clause 5.1, 5.2, Annex A.5)
  • ISMS organizational security (Clause 5.3, 7.1 ~ 7.4, Annex A.6)
  • ISMS documented information (Clause 7.5)
  • Establish the information asset management process (Annex A.8)
    • Protection on Trade Secret, i.e. Intellectual property rights (IPRs) (Annex A.18.1.2)
    • Personal data protection and EU GDPR (Annex A.18.1.4)
  • Establish information security risk management process (Clause 6, 8)
  • Risk assessment report (Clause 6.1.2 e.)
  • SoA, Statement of Applicability (Clause 6.1.3 d.)
  • Risk treatment plan (Clause 6.1.3 f.)

Day 2, Information security risk control objectives and controls (ISO/IEC 27001, Annex A) 

  • Information security risk control on human resource security (employee, outsource and supplier) (Annex A.7, A.15, A.9.2, A.9.3)
  • Information security risk control on mobile devices, encryption, redundancy (Annex A.6.2, A.10, A.17.2)
  • Information security risk control on physical and environmental (Annex A.11)
  • Information security risk control on communication and network (Annex A.13)
  • Information security risk control on information system and application (Annex A.14, A.9.4)
  • Information security risk control on IT service operations (Annex A.12)
  • Information security risk control on incident and change management (Annex A.16)
  • Information security risk control on business continuity management (Annex A.17)
  • Management system performance evaluation and improvements (Clause 9, 10)
  • Q & A / Course examination

What’s included?

  • Course material
  • Course examination (on-line)
  • Course certificate

How to Book?

  • The next available course will be 26-27 November in The Hague (CIU office). Follow this link for dates and booking
  • Delegates should note that there is some evening homework during the course
  • This course is facilitated by TKSG, which uses an online learning management system (LMS) and CIU (Creating Insights University). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.

Eventbrite - ISO 27001 Lead Auditor Training 26-29 November 2018 (or ISO27001 intro 26-27 Nov)