0345 4506120

Certificate in Implementing ISO 27001 (GCHQ)

This unique 3 day certificate course, delivered by practising consultants, is aimed at providing you with a comprehensive understanding and practical interpretation of the key steps involved in planning, implementing and maintaining an ISO 27001 compliant information security management system (ISMS). Key topics include determining the scope of your ISMS, establishing leadership and commitment, developing a governance framework, undertaking a risk assessment, understanding the control groups within Annex A and ensuring continuous improvement. The course has been independently validated and assessed as part of the GCHQ Certified Training (GCT) Scheme.

By the end of this course, you will be prepared to take and pass a multi-choice examination which has been developed by and administered by APMG International (Independent Certification Body for GCHQ-approved cyber security training courses).

Who Should Attend?
This course benefits anybody who:
  • Has responsibility for advising top management on the requirements of ISO 27001.
  • Has the responsibility for managing or implementing information security measures within an organisation.
  • Needs to understand the requirements of ISO 27001. As such, the course will benefit the following role holders:
  • Information Security Managers
  • IT Security Managers
  • Internal Auditors
  • Corporate Governance Managers
  • Risk and Compliance Managers

We don't currently have any courses listed for Certificate in Implementing ISO 27001 (GCHQ), would you like to view all courses for Information & Cyber Security?

Learning Objectives

By attending this course and passing the associated examination, individuals will:
  • Hold a GCHQ Certified Trainingqualification
  • Be able to interpret the requirements of ISO 27001
  • Be able to advise their organisation on the key elements of the ISO 27001 standard
  • Be able to implement an ISMS in line with ISO 27001
  • Be able to demonstrate their competence in the subject, as required by Clause 7.2 of the Standard

Course Content

Summary of ISO 27001 and ISO 27000 Family

History and purpose of Standard. Definition of information security management system (ISMS). Plan-Do-Check- Act and models of continuous improvement.  The structure of ISO 27001:2013.

Certification Process

Accredited certification bodies and the role of UKAS.

Fundamentals of Information Security

Preserving confidentiality, integrity and availability. Definition of information. Consequences and costs of information security breaches.  Components of information security.

Interpreting and Meeting the Requirements of ISO 27001 Management System Clauses 4-10

Clause 4 Context of the Organisation, including interpreting and meeting expectations around ‘Internal and external issues’, understanding the needs and expectations of interested parties and ‘scoping the ISMS’.

Clause 5 Leadership and Commitment, including ways that ‘management can demonstrate their leadership and commitment’ and their role in establishing an information security policy. Methods of determining and communicating roles, responsibilities and authorities.

Clause 6 Planning, including how to address the risk management requirements. Stages of risk management, asset registers, identifying threats and vulnerabilities, assessing impacts and likelihood. Selecting and implementing controls.  Producing a Statement of Applicability.

Clause 7 Support, including how to determine and assess the competencies of those with information security roles and responsibilities. Developing awareness campaigns. Identifying who organisations need to communicate with and how.  Meeting documentation requirements.  What does control of documentation mean?

Clause 8 Operation, including the need to plan, implement and control the processes needed to meet information security requirements.

Clause 9 Performance Evaluation, including what to monitor and measure in order to evaluate performance and effectiveness of the ISMS. Role of different types of audits. Purpose, structure and frequency of management reviews.

Clause 10 Improvement, including addressing nonconformities and the need for appropriateness of response.

Annex A Control Groups

Looking at the 14 controls groups within Annex A and the implementation requirements within ISO 27002:2013 to understand the types of controls, whether people, physical or technical, that could be implemented to mitigate information risks and provide strength in depth, e.g.:

    • Policies

    • Process and Procedures

    • Contracts and Agreements

    • Auditing and Monitoring

    • Awareness

    • Business Continuity Management

    • Cryptography

    • Segmentation.

Exams & Certification

There is a 2 hour, multiple choice type examination following the course.
Delegates will need to attain 40 out of the 80 questions in order to pass.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


Our Customers Include