Information being a valuable asset and a building block is the key to the growth of any organization.
Information needs to be suitably protected like any other important business asset. In the modern world
this asset becomes crucial for success and maintaining credibility. If this asset is compromised then the
organization may have to face various threats and risks like brand image erosion, business disruption,
financial and productivity loss etc.
Information security is the protection of information from a wide range of threats in order to ensure
business continuity, minimize business risk, maximize return on investments and increase business
This lead implementer course on ISO 27001 equips professionals to gain an detailed understanding on
the ISO 27001 standard, supported by ISO 27002 – Code of practices on information security controls
and ISO 27003 – ISMS Implementation guidelines.
To understand the implementation of an Information Security Management System in
accordance to ISO/IEC 27001:2013
To understand the key differences between ISO 27001:2005 and ISO 27001:2013.
To develop a risk assessment and a risk treatment methodology through the application
of the ISMS controls and to prepare a Statement of Applicability (SoA).
To identify a list of mandatory documents and records as per the ISO 27001:2013
To understand how to effectively establish, implement, maintain and continually improve
the information security management system.
To plan and conduct internal audits and management reviews.
ISO/IEC 27001:2013 requirements along with implementation guidelines.
Understanding the guidelines of ISO 27003 for
a. Company’s ISMS poilcy
b. Framing scope statement
c. Setting information security objectives and action plan for objectives
Risk assessment and risk treatment
Business continuity management
Conducting Internal audits
Corrective action and effectiveness of corrective action.
Management review and continual improvement of ISMS
Participants will be assessed throughout the course for punctuality, presentation skills,
interactive approach, involvement, role-play, daily tests etc. and finally through a 80
marks written examination (open book) at the end of the course.
Minimum passing% criteria: 70%.
Issue of certificate:
TÜV SÜD certificate will be issued to participants only after successful completion based
on performance during the course and in written examination.
Others who have not successfully completed the course will be issued a certificate of
Duration: 5 days Number of participants: Maximum 15 candidates in one batch
Project manager or consultant wanting to prepare and to support an organisation in the
implementation of an Information Security Management System (ISMS)
Professionals who have a role in implementation and auditing ISMS
Person responsible for establishing, implementing, maintaining, auditing and improving
ISMS in an organisation.
Member of the Information Security team
Expert advisor in Information Technology
Network and technology managers
Note : ISMS foundation training or prior knowledge about ISO 27001 standard is desirable. This course is not for filling gaps in the knowledge about the standard; but for enhancing the knowledge about the same with regards to implementation context.