ISO 27001 (BS 7799) Lead Assessors Course - Registered
INTRODUCTION
ISO 27001 the Information security management systems standard gives recommendations for information security management for use by those who are responsible for initiating, documenting, implementing or maintaining security in their organisation. The standard is intended to provide a common basis for developing organisational security standards and effective security management practice and to provide confidence in the security of inter-organisational dealings. It specifies requirements for security controls to be implemented according to the needs of individual organisations.
ISO 27001 also specifies requirements for establishing, implementing and documenting information security management systems (ISMSs). It specifies requirements for security controls to be implemented according to the needs of individual organisations.
BUSINESS BENEFITS
The aims and objectives of the course
- To enable delegates to undertake external audits and lead audits of ISMS.
- To explain to the delegates the purpose and planning procedure of making systems secure.
- To ensure delegates understand the importance of organising and reporting their audit findings.
On successfully completing the course, delegates will be able to :
- Appreciate of the importance of controlling Information Security in all types of business.
- State the requirements and scope ISO 27001.
Identify the documented management systems required to control Information Security.
- Evaluate risk assessments for Information Security.
- Effectively plan and undertake an audit.
- Produce reports of their audits identifying non conformances against the standard.
- This course is accredited to IRCA and on successful completion a certificate will be issued to the delegate which will be valid for 3 years.
WHO SHOULD ATTEND?
The course is intended for all those who wish to undertake and eventually lead audits of Information Security Management Systems (ISMD). It is also useful for those interested in implementation of ISO 27001.
Prior knowledge of Information Security issues would be beneficial.
Course Structure & TIMETABLE
Items covered include:
- Introduction to Information Security.
- Detailed content of ISO 27001
- Similarities with other management systems - OHSAS 18001, ISO 14001 and ISO 9000.
- ISMS issues including operational control.
- Information Security Audit Skills
- Practical exercises and feedback.
- Case study and workshops.
Appraisal of the delegates’ knowledge and performance will be made through a combination of continuous assessment and a written examination (multiple choice and short answers).
Duration: 5 days
Max. No. of delegates: 10 per course
# |
Title |
Start |
Finish |
|
DAY ONE |
|
|
1. |
Registration |
08:45 |
09:00 |
2. |
Chapter 1 – Course Introduction |
09:00 |
09:30 |
3. |
Exercise 1- Mini interview |
9:30 |
10:30 |
4. |
Exercise 2 – Information security jargon |
10.30 |
11.00 |
5. |
Coffee break |
11:00 |
11:15 |
6. |
Chapter 2 – Introduction to information security management |
11:15 |
11:45 |
7. |
Chapter 3 – Overview of ISO 27001:2005 Foreword to Section 3 |
11:45 |
13:00 |
8. |
Lunch break |
13:00 |
14:00 |
9. |
Exercise 3 - Documentation |
14:00 |
14:30 |
10. |
Chapter 4 – Overview of ISO 27001:2005 Section 4 |
14:30 |
15:00 |
11. |
Exercise 4 – Resources |
15:00 |
15:30 |
12. |
Coffee break |
15:30 |
15:45 |
13. |
Chapter 5 – Overview of ISO 27001:2005 Section 5 |
15.45 |
16:15 |
14. |
Exercise 5 – ISO 27001:2005 Quiz |
16:15 |
16:35 |
15. |
Chapter 6 – Overview of ISO 27001:2005 |
16:35 |
17:00 |
16. |
Exercise 6 – Management review |
17:00 |
17:40 |
17. |
Summary of Day 1 |
17:40 |
18:00 |
|
DAY TWO |
|
|
18. |
Chapter 7 – Overview of ISO 27001:2005 Section 7 |
09.00 |
10.00 |
19. |
Exercise 7 - Presentations |
10:00 |
10:20 |
20. |
Chapter 8 – Overview of ISO 27001:2005 Section 8 |
10:20 |
10:50 |
21. |
Workshop 1 – Risk Assessment |
10:50 |
11:15 |
22. |
Coffee break |
11:15 |
11:30 |
23. |
Workshop 1 – Risk Assessment – cont. (including feedback) |
11:30 |
13:00 |
24. |
Lunch break |
13:00 |
14:00 |
25. |
Workshop 1 – Risk Assessment - feedback |
14:00 |
14:30 |
26. |
Chapter 9 – Accreditation Issues |
14:30 |
15:00 |
27. |
Workshop 2 – Audit planning |
15:00 |
15:30 |
28. |
Coffee break |
15:30 |
15:45 |
29. |
Workshop 2 – Audit planning – cont. (including feedback) |
15:45 |
16:55 |
30. |
Chapter 10 – Audit management |
16:55 |
17:55 |
31. |
Summary of Day 2 – Review including feedback from specimen paper section 1 |
17:55 |
18:15 |
|
DAY THREE |
|
|
32. |
Exercise 8 – NCRs |
09:00 |
10:00 |
33. |
Chapter 11 – NCRs and corrective actions |
10:00 |
10:45 |
34. |
Coffee break |
10:45 |
11:00 |
35. |
Exercise 9 – Reviewing Corrective Actions |
11:00 |
12:15 |
36. |
Workshop 3 – Audit plan |
12:15 |
13:00 |
37. |
Lunch break |
13:00 |
14:00 |
38. |
Workshop 3 – Audit plan – cont. (including feedback) |
14:00 |
15:15 |
39. |
Coffee break |
15:15 |
15:30 |
40. |
Chapter 12 – Approach to the audit |
15:30 |
17:00 |
41. |
Exercise 10 - Communication |
17:00 |
17:30 |
42. |
Summary of Day 3 including feedback from specimen paper section 2 |
17:30 |
18:00 |
|
DAY FOUR |
|
|
43. |
Chapter 13 – Performing an audit |
09:00 |
09:40 |
44. |
Workshop 4 – Checklists |
09:40 |
11:00 |
45. |
Coffee break |
11:00 |
11:15 |
46. |
Workshop 4 – Checklists – cont. (including feedback) |
11:15 |
12:40 |
47. |
Chapter 14 - Reporting |
12:40 |
13:00 |
48. |
Lunch break |
13:00 |
14:00 |
49. |
Workshop 5 – Role play – Interviews (including feedback) |
14:00 |
15:45 |
50. |
Coffee break |
15:45 |
16:00 |
51. |
Workshop 6 – Preparation for closing meeting |
16:00 |
17:15 |
52. |
Summary of Day 4 including feedback from specimen paper section 3 and 4 |
17:15 |
17:40 |
|
DAY FIVE |
|
|
53. |
Workshop 6 – Preparation for closing meeting – cont. (including feedback) |
09:00 |
10:30 |
54. |
Chapter 15 – Auditor certification |
10:30 |
11:00 |
55. |
Coffee break |
11:00 |
11:15 |
56. |
Workshop 7 – Role play – Closing meeting (including feedback) |
11:15 |
13:00 |
57. |
Lunch break |
13:00 |
14:00 |
58. |
Examination rules and format |
14:00 |
14:30 |
59. |
Examination |
14:30 |
16:30 1 |
60. |
End of course summary/ appraisal forms |
16:301 |
17:001 |
Lecturers
The lecturing team is comprised of professionals who have been especially selected for their recognised knowledge and experience in the field of Security Management System Standards. IRCA Registration Number 2016
Course dates and cost
See Training Courses for price list and order form for the QM&T Training centre.
|
