: Istanbul-Turkey: +905395991206 - Amman-Jordan: +962785666966 London-UK: +447481362802
-->

Quality Management

ISO 27001:2013 Lead Implementer




Introduction:

This training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing, and maintaining an Information Security Management System (ISMS) based on ISO/IEC 27001. During this training course, you will also gain a thorough understanding of the best practices of Information Security Management Systems to secure the organization`s sensitive information and improve the overall performance and effectiveness.

Targeted Groups:

  • Quality Management
  • Quality Controllers
  • Managers or Consultants Involved in Information Security Management
  • Expert Advisors Seeking to Master the Implementation of an Information Security Management System
  • Individual Responsible for Maintaining Conformance with ISMS requirements
  • ISMS team members

Course Objectives:

At the end of this course the participants will be able to:

  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Master the concepts, approaches, methods, and techniques used for the implementation and effective management of an ISMS
  • Learn how to interpret the ISO/IEC 27001 requirements in the specific context of an organization
  • Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS
  • Acquire the expertise to advise an organization in implementing Information Security Management System best practices

Targeted Competencies:

  • Information security management
  • Vulnerability assessment and management
  • Developing IT policies and procedures
  • Quality Assurance
  • ISO 27001:2013

Course Content:

Unit 1: Introduction to ISO/IEC 27001 and Initiation of an ISMS:

  • Standards and regulatory frameworks
  • Information Security Management System
  • Initiating the implementation of an ISMS
  • Understanding the organization and clarifying the Information Security objectives
  • Analysis of the existing management system

Unit 2: Plan The Implementation of an ISMS:

  • Leadership and approval of the ISMS project
  • ISMS scope
  • Information Security policies
  • Risk assessment
  • Statement of applicability and top management’s decision to implement the ISMS
  • Definition of the organizational structure of Information Security 

Unit 3: Implementation of an ISMS:

  • Definition of the document management process
  • Design of security controls and drafting of specific policies & procedures
  • Communication plan
  • Training and awareness plan
  • Implementation of security controls
  • Incident management
  • Operations Management

Unit 4: ISMS Monitoring, Measurement, Continuous Improvement, and Preparation for a Certification Audit:

  • Monitoring, measurement, analysis, and evaluation
  • Internal audit
  • Management review
  • Treatment of non-conformities
  • Continual improvement
  • Preparing for the certification audit
  • Competence and evaluation of implementers

Unit 5: Maintaining the Certification:

  • Keeping the certification.
  • Improving the management system.
  • Top management leadership and example.
  • Keep the management system updated.
  • Until the next surveillance audit.
  • What is the surveillance audit?