0845 450 6120

ISO 27001: 2013 Foundation

This three day ISO/IEC 27001 Foundation training course will introduce delegates to the requirements and principles of ISO/IEC 27001, providing delegates with an awareness of the issues and challenges involved in implementing an information security management system.
This practical foundation course is designed to provide an introduction to information security management (ISM) systems as set out in ISO/IEC 27001:2013.

Intended Audience:

Security and IT professionals, those responsible for risk and audit or project managers responsible for ISO27001 compliance programmes.

Learning Objectives

  • The detailed requirements of ISO/IEC 27001:2013
  • How to identify information assets
  • How to identify the threats, vulnerabilities and risks associated with Assets
  • How to Plan the ISMS implementation program: Timescales and resources. Risk assessment and management, Producing a Statement of Applicability and Documentation, monitoring and auditing
  • Preparing for certification
  • Sources of information and further development

Pre-Requisites

There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2013, and BS ISO_IEC 27002_2013.

Course Content

Day 1:

  1. Why do you need certification to ISO 27001?
  2. The relationship between ISO27001, and ISO27002
  3. What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit
  4. Over view of the stages of the ISMS
  5. Defining an Information Security Policy
  6. Defining the scope of the ISMS
  7. What are information assets, and identifying them?
  8. Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk
  9. Risk measurement

Results and conclusions resulting from an assessment
Risk reduction and acceptance techniques

Day 2:

  1. Determining control objectives
  2. Selecting control objectives and controls
  3. Information Security Overview
  4. ISO 27001/ ISO27002 control objectives and controls
  5. The application of countermeasures, Creating a workable countermeasure
  6. Preparing a Statement of Applicability
  7. Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit

Day 3:

  1. Preparing for formal certification audits
  2. The phase 1 and 2 ISO 27001 audits
  3. Maintaining Certification

Please note, this course does not include ISO27001 Lead Auditor training modules.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include