Course Duration- 5 Days
Course Objective- To have a comprehensive understanding of the ISO 27001 standard and key processes for the implementation of ISO 27001 in an organization, steps in certification, and attaining the knowledge to become a key implementer.
Schedule for Training
Day 1- Introduction to the ISO 27001 standard
- Introduction to the ISO 27001 standard and the management of an Information Security Management System (ISMS) based on ISO 27001 requirement.
- Explanation of key definitions and terms used in ISO 27001
- Fundamental principles of Information Security
- Introduction of Clauses 4-10 and Annexure A controls
- Preliminary preparedness analysis and determining the level of maturity of the existing management of the Information Security
- Writing the business case and preliminary design of the ISMS
- Developing a project plan of compliance to ISO/IEC 27001:2013
Day 2- Drafting ISMS Policy and Risk methodology
- Initiating the ISO 27001 project
- Definition of roles & responsibilities
- Drafting of the ISMS policy
- Defining the scope of the ISMS
- Risk management methodology, risk assessment, and treatment of risk under ISO 27001
- Drafting the Statement of Applicability (SOA)
Day 3- Implementing ISMS, statement of applicability, risk assessment, awareness, and Training
- Implementing the ISMS based on ISO 27001 standard
- Preparation of mandatory documentation
- Design of controls and writing procedures
- Assessing risk as per ISO 27001 requirement
- Implementation of controls
- Development of a training & awareness program and communicating about the significance of the implementation program.
- Incident Management procedures
- Operations management of an ISMS
Day 4- Performance metrics, management oversight, continuous improvisation program
- Internal audit of the controls, policies, and overall status of isms
- Certification audit of the ISMS according to ISO 27001
- Performance monitoring and setting of metrics; Key performance indicators, and the dashboard
- Management review of the ISMS
- Implementation of a continuous improvement program
Day 5- Assessment test
- Q/A session
- Some case studies
- Small test (MCQ)
- Any clarification on request.
Course Takeaway- A Lead Auditor’s training, full knowledge of the standard, the continuous improvement approach band major considerations in conduct of internal audit and certification audit. An illustrious explanation style, enabling ease of understanding and correlation of applicability of provisions over a vast nature of organization across disparate industries.