Volg ICTI

Training implementing ISO 27001 with certificate

| Sieuwert van Otterloo | Security

If you work in a security team that uses the standard ISO 27001, it is useful to complete a formal ISO 27001 training so that you use the standard correctly. We are now offering a short course that covers the fundamentals of information security based on ISO 27001.

What is in the ISO 27001 course

In this course we teach you how to use the standard ISO 27001 to set up and maintain an information security management system (ISMS). The course covers five main topics:

  1. How to set up an ISMS
  2. How to maintain an ISMS
  3. How to implement controls
  4. How to prepare for audits
  5. How to handle nonconformities

The course is open for anyone working in a company and interested in implementing information security management systems. If you successfully complete the course, you will get a certificate as well (digital certificate via Accredible).

Main elements covered

The course is focused on understanding the main principles and will contain the following:

  • The main high level structure that is used by the standard ISO 27001 but also ISO 9001 and NEN 7510
  • Context analysis and risk identification, first time and updates
  • Risk treatment and statement of applicability
  • Objectives, monitoring and measurement
  • Internal audit program
  • Management review
  • How and where to document the implementation of controls
  • Who to invite for audits
  • What to show in an audit
  • How to make corrective action plans

During the training we will also discuss the different documents that you must maintain for your ISMS, such as the statement of applicability, annual plan, information security policy, information security procedures and the register of nonconformities and corrective actions. We will do this using our ISO 27001 templates but you can also keep using your own versions if you have these already. We will not cover all ISO 27001 controls in detail. We have articles for some controls, such as the software development controls and we will explain where to find more information on controls.

Why do this training

There are two reasons for doing this training. First of all, you can do it because you are interested in ISO 27001 and want to know what it would bring for you company. Secondly, you can do it because you might need evidence of competence to become a security team member. Clause 7.2 of the ISO standard states:

The organization shall:
a) determine the necessary competence of person(s) doing work under its control that affects its information security performance;
b) ensure that these persons are competent on the basis of appropriate education, training, or experience;
c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness
of the actions taken; and
d) retain appropriate documented information as evidence of competence.

We recommend that you set the necessary competence of security officers to have completed at least one certified ISO 27001 training. You can then use the certificate of this training as evidence of competence. There are of course many other, even better trainings (ISO 27001 lead auditor, CISSP, CISA) but these are all longer, multi day training programs. This training is a great starting point.

Practical examples

At the end of the training we will cover practical examples, often in the form of actual nonconformities and how to resolve these. Discussing these gives you insight into what auditors are looking for and how to improve information security in the long term. You can bring your own examples or just listen to the examples from ICT Institute.

Training dates

This training is offered on Friday feb 14 2025, 13.00 – 16.00 online. The cost for training and certificate is 200 euros ex VAT. You can sign up by sending a mail to info or Sieuwert at ictinstitute dot nl. Further dates will be added in the future. See our training overview for more dates and other training opportunities.

Author: Sieuwert van Otterloo
Dr. Sieuwert van Otterloo is a court-certified IT expert with interests in agile, security, software research and IT-contracts.