Isi Info
Quick Links

Quick Links

Course Dates
Fees & Terms

ISO IEC 27001 2005 Lead Implementer

This five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005. Participants will also master the best practices for implementing information security controls from the eleven areas of ISO/IEC 27002:2005.

This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).

 

Objectives:

  • Understanding the application of an Information Security Management System in the ISO/IEC 27001:2005 context
  • Mastering the concepts, approaches, standards, methods and techniques allowing an effective management of an Information Security Management System
  • Understand the relationship between an Information Security Management System, including risk management and controls, and compliance with the requirements of different stakeholders of the organization
  • Acquiring expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001:2005
  • Acquiring the expertise necessary to manage a team in implementing the ISO/IEC 27001:2005 standard
  • Develop personal skills and knowledge required to advise organizations on best practices in management of information security
  • Improve the capacity for analysis and decision making in a context of information security management

 

Audience:

  • Project manager or consultant wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS)
  • ISO 27001 Auditor who wants to master the Information Security Management System implementation process
  • Person responsible for the Information security or conformity in an organization
  • Member of the information security team
  • Expert advisor in information technology
  • Technical expert wanting to prepare for an Information security function or for an ISMS project management function

 

Prerequisites:

ISMS Foundation Training or a basic knowledge of ISO/IEC 27001:2005 and ISO/IEC 27002:2005 is recommended

 

Course Details:

Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS

  • Introduction to management systems and the process approach
  • Detailed presentation of the standards ISO/IEC 27001:2005, ISO/IEC 27002:2005 and ISO/IEC 27003:2009
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2005

 

Day 2: Planning an ISMS based on ISO27001

  • Establishment of the Governance Framework
  • Definition of roles & responsibilities
  • Drafting of the ISMS policy
  • Defining the scope of the ISMS
  • Risk management according to ISO/IEC 27005:2008: identification, analysis and treatment of risk
  • Drafting the Statement of Applicability

 

Day 3: Launching and implementing an ISMS based on ISO27001

  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident Management according to ISO/IEC TR 18044:2004
  • Operations management of an ISMS

 

Day 4: Control, act and the certification audit of the ISMS according ISO 27001

  • Monitoring controls and the management of records
  • Development of metrics, performance indicators and  the dashboard in accordance with ISO/IEC 27004:2009
  • Internal ISMS Audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparing for the ISO/IEC 27001:2005 audit

Examination:

  • The “ISO/IEC 27001:2005 Lead Implementer” exam is certified by RABQSA and meets the criteria of the "RABQSA Training Provider Examination Certification Scheme" (TPECS) and covers the following competency units:
  • RABQSA - IS (Information Security Management System)
  • RABQSA - OI (Organizational Improvement)
  • RABQSA - MC (Consulting to Management)
  • The “ISO/IEC 27001:2005 Lead Implementer” exam is available in different languages (including English and French)
  • Duration of the exam: 3 hours
  • A certificate will be issued to participants who successfully complete the exam

 

General:

  • An ISMS implementation toolkit as well as a student manual containing over 450 pages of information and practical examples will be distributed to participants
  • A 35 CPE (Continuing Professional Education) participation certificate will be issued to participants