Getting the balance right

Two day 'ISO 27001 Implementation' Course

This two day course is aimed at those organisations which are planning to, or are in the process of, complying or certifying to ISO 27001, the International Standard for Information Security Management and are looking to implement robust information security processes. The objective of the course is to provide clear and practical guidance on how to both implement and maintain an ISO 27001 certified information security management system (ISMS), using a risk based approach.

Who is this course aimed at?

This course is suitable for anyone who is, or will be involved in, implementing ISO 27001 within their organisation and is looking for practical guidance based on real world experience of practising consultants. By the end of the two days, delegates will be able to document their project scope and produce a high level project plan which identifies timescales, milestones and resource requirements.

The course will cover:

• The fundamentals of information security
  • Confidentiality, Integrity and Availability
  • Terminology and processes
• The purposes and requirements of ISO 27001 and ISO 27002
  • Understanding the Standards
  • Integration with other Standards
• Overview of ‘Plan-Do-Check-Act’ model of continuous improvement
  • Reviewing required actions at each of the 4 phases
• Scoping and asset identification
  • Deciding on what to include and exclude in the scope
  • Identifying and classifying information assets
• Conducting an ISO 27001 compliant risk assessment
  • Undertaking an information risk assessment
  • Interpreting results and deciding on acceptable risk
• Selecting and implementing most effective security controls
  • Controls from ISO 27002
  • Designing bespoke controls
• Developing, implementing and maintaining a compliant ISMS.
  • The fundamentals of a management system as required by ISO 27001
• Conducting internal audits of your ISMS
  • Audit best practice
  • What and how to audit within your scope
• The ISO 27001 certification process
  • Objectives of different assessment stages
  • What the certification body will expect to see

Course format

The course is a combination of PowerPoint presentations, class discussions and practical exercises. The focus is on providing an informal and interactive environment conducive to learning. There will be opportunities for delegates to have one to one access to URM’s trainer/consultants to discuss any specific or sensitive issues.

Why URM?

Apart from being certified itself to ISO 27001, URM’s consultants have assisted over 40 organisations to achieve and maintain certification with the Standard in the last three years. As such, URM’s trainers (who are all practising consultants) have a wealth of experience to call upon having worked with small and large organisations as well as organisations from all industry sectors, including public and private.

• Training Introduction
• ISEB Accredited Courses
• Awareness & Implementation
  • 1 day Introduction to Information Security
  • 2 day ISO 27001 Implementation Course
  • 2 day BS 25999 Implementation Course
  • 1 day Essentials of Business Continuity Management
  • 1 day Compliance with Data Protection Act course
  • 1 day Introduction to Information Risk Management course
• Auditing Courses
• Training Schedule