• Practical orientation – not just theory.  Features extensive use of case studies from actual implementations led by the course presenter
  • The ONLY independently accredited ISO 27001 Lead Implementer training in Asia-Pacific
  • Certificate exam 3rd-party set and marked
  • Based on most recent version ISO 27001:2013

This course provides comprehensive and practical coverage of all aspects of implementing and maintaining an ISO 27001 project. If you are involved in information security management, writing information security policies or implementing ISO 27001 – either as a Lead Implementer, or as part of the planning/implementation team – this course will give you the all the key steps for implementing and maintaining a successful Information Security Management System.

Based on the most recent version ISO 27001:2013, this training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).

Learning outcomes

  • Understanding the application of an Information Security Management System in the context of ISO 27001
  • Mastering the  concepts,  approaches,  standards,  methods  and techniques required in an effective management of an Information Security Management System
  • Understand  the  relationship  between   the  components   of  an Information Security Management System, including risk management, controls and  compliance with the  requirements of different stakeholders of the organisation
  • Acquiring the necessary expertise to support an organisation in implementing, managing and maintaining an ISMS as specified in ISO27001
  • Acquiring   the   necessary   expertise   to   manage   a   team implementing the ISO27001 standard
  • Develop the knowledge and skills required to advise organisations on best practices in management of information security
  • Improve  the  capacity  for  analysis  and  decision  making  in  a context of information security management

Who should attend

  • Project manager or consultant wanting to prepare and to support an organisation in the implementation of an Information Security Management System (ISMS)
  • ISO 27001 Auditor who wants to master the Information Security Management System implementation process
  • Person responsible for the Information security or conformity in an organisation
  • Members of the information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security function or for an ISMS project management function

Course contents

Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS
  • Introduction to management systems and the process approach
  • Detailed presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2005
Day 2: Planning an ISMS based on ISO27001
  • Defining the scope of the ISMS
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology  for risk assessment
  • Risk management according to ISO 27005: identification, analysis and treatment of risk
  • Drafting the Statement  of Applicability
Day 3: Launching and implementing an ISMS based on ISO27001
  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident Management according to ISO 27035
  • Operations management of an ISMS
Day 4: Control, act and the certification audit of the ISMS according to ISO 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and the dashboard in accordance with ISO 27004
  • ISO 27001 Internal Audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparing for the ISO 27001 certification audit
Day 5
  • Course review
  • Exam preparation
  • Certificate exam

Course fees

$2,960 + gst

Fees are per person and include:

  • Course presentation
  • Course workbook
  • Supplementary materials
  • Certificate exam (held on last day of course)
  • Full catering including sit-down lunch each day

Prerequisites

ISO 27001 Foundation certification or a basic knowledge of ISO 27001 and ISO 27002 is recommended.

Examination

  • The “Certified ISO/IEC 27001 Lead Implementer” exam is held on the last day of the course
  • The exam is conducted under the auspices of the PECB Examination and  Certification Programme (ECP).
  • Duration of the exam: 3 hours
  • The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of information security
    • Domain 2: Information security control best practice based on ISO 27002
    • Domain 3: Planning an ISMS based on ISO 27001
    • Domain 4: Implementing an ISMS based on ISO 27001
    • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001
    • Domain 6: Continual improvement of an ISMS based on ISO 27001
    • Domain 7: Preparing for an ISMS certification audit
  • A certificate will be issued to participants who successfully pass the exam

Certification Levels

There are three levels of accreditation that you can apply for after passing the exam, depending on professional experience:

  • ISO/IEC 27001 Provisional Implementer – exam passed, no direct professional experience, no ISMS project experience
  • ISO/IEC 27001 Implementer – exam passed, two years professional experience with at least one year in information security, project experience of at least 200 hours
  • ISO/IEC 27001 Lead Implementer – exam passed, five years professional experience with at least two years in information security, project experience of at least 300 hours

Candidates can apply for the appropriate level of accreditation once exam results have been received.

 
  • Staff have been extremely positive and supportive.
    Principal consultant | OMNI EXECUTIVE
  • Our trainer was excellent. He made it fun and interesting. Plus we all passed. Fantastic. I feel comfortable that my future projects will be very successful. Pace - Spot on.
    IT Professional | Information Technology
  • "The course was excellent. The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "Excellent service provided by ALC customer service. Trainer has exceptionally good training skills and brilliant style of communication. Excellent coach."
    Trainer: Michael Fong Principal  |  Fujitsu Australia Ltd
  • Laurence has incredible subject matter expertise and his person anecdotes added a lot to the learning.
  • Would highly recommend ALC and Laurence for training and obtaining one's certification in Agile PM
    Demi Anderson, Programme Manager
  • Leigh was fantastic. Without doubt the most accurate and interesting presenter by leaps and bounds. Very inspirational.
    System Analyst | Department of Corporate and Information Services
  • "The course was excellent.   The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "In regards to the course, the stakeholder and participants were wrapped. The trainer was attentive and engaged and the material was relevant and professional."
    Kathleen O’Riley Learning and Development Advisor  |  SA Water Corporation Course: Business Relationship Management Professional (BRMP®) Trainer: Darren Dove
  • "Excellent course and while content was quite laborious and intense, Peter's delivery was excellent; particularly the 'war stories' and examples provided."
    Russell Close | Head of IT  |  Bennelong Funds Management
  • Well presented and great depth of knowledge by the trainer. A very professional delivery!
  • Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.
  • Very quick response from Customer service upon enquiry.
  • I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.
    Service Assurance Release Manager | Westpac Banking Corporation
  • Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as atop level training services provider.
    Operations Transition Manager |  Motorola Solutions Australia Pty Ltd
  • The trainer was a great facilitator - lots of real life examples and I felt very prepared for the exam.
    Help Desk Team Leader | Bank SA
  • "Very good training session.  Trainer used multiple examples of non-IT situations to cover various aspects of what was being taught which made it not only easier to understand but also interesting."
    Senior Applications Specialist | Fairfax Media
  • The instructor was clearly knowledgeable, good-humoured and enthusiastic. I did not see anyone fall asleep. Given the notoriety of this course, I sincerely feel that that was a major "achievement".I do feel that I have greatly expanded my knowledge and that I will be more productive at work - The Hallmark of a successful course in my opinion. I would recommend ALC to others. Thank you and well done!
  • Peter’s real world samples went a long was in understanding the content.Waleed Al-Atm – Dept. Justice & Regulation
  • Excellent course that was very well presented and benefited immensely from Darren's practical experience in Service

    Management. Thanks Darren!

    National IT Manager | Information Technology

  • Excellent course and while content was quite laborious and intense, Peter’s delivery was excellent; particularly the ‘war stories’ and examples provided.
  • Michelle Zgalin displays an extremely thorough knowledge of the course content. Pace of the course tailored to suit participants. Presentation of content very good. Ability to deliver large amounts of content was impressive. :)
    PRINCE2 Melbourne Senior Business Analyst | VMIA | Risk Management & Insurance
  • A brilliant trainer, she really knows her stuff and manages to get the most out of us, it was almost like a continuation from Foundation.  I felt like I hadn't left.
    Executive Assistant | Guild Group Holdings Limited
  • Very worthwhile course - learned a lot! Intense, but very well structured. Great Trainer:)."
    Business Analyst | VMIA | Risk Management & Insurance
  • The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with  me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity
    Service Delivery Manager | NEC Australia Pty Ltd
  • Great Job, one of the best trainers I have had.  Could not have asked for more.
    ISG | University of New England
  • Really well structured course, very qualified presenter, engaging presentation style, high quality course materials.  Relevant and useful information discussed with a good balance of theory vs "Real World" examples. I thoroughly enjoyed this course, would highly recommend to others.
    Samantha, Program Coordinator, Transport NSW
  • "Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge."
    Manager, IT Risk & Assurance | Ernst & Young
  • "David's vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses."
    Information Security Consultant  | Westpac
  • "Thanks David for making this course enjoyable and knowledgeable.  Your experience and insights have been very valuable."
    Security Solutions Designer | Westpac
  • We’ve been training and presentation since 1994. See what just some of our successful delegates have to say about getting certified with ALC Training.“David’s vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses.”
    Information Security Consultant | Westpac
  • “Neil was very good in sharing his knowledge using relevant examples.”
    IT Support Officer | Cricket Australia
  • “Good understanding of ITIL Foundations. Neil is a great presenter with excellent people skills & real world experiences.”
    State ICT Manager | Hassell
  • “Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as a top level training services provider.”
    Operations Transitions Manager Motorola Solutions Australlia Pty Ltd
  • “I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.”
    Service Assurance Release Manager | Westpac Banking Corporation
  • “Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge.”
    Manager, IT Risk & Assurance | Ernst & Young
  • “Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.”
    Manager | ANZ Banking Group
  • “Extremely good – presenter’s experience and depth of knowledge very visible. The trainer was excellent! Good examples, good discussions.”
    Project Manager | Shell Company of Australia Limited Melbourne
  • “The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity.”
    Service Delivery Manager | NEC Australia Pty Ltd
  • “I would be happy to recommend Axel to all those looking at a TOGAF training course. His subject matter expertise in TOGAF and his ability to relate to real world examples and experience was fundamental in helping me passing my exam.”
    Daniel Garcia, IT Architect, Strategy and PMO Manager | ANSTO