Information Security Management System

Certification of an organization’s Information Security Management System (ISMS) against ISO/IEC 27001 is one means of providing assurance that the certified organization has implemented a system for the management of information security in line with the global standard.

Credibility is the key advantage of being certified by a respected, independent and competent third party. The assurance it provides gives confidence to management, business partners, customers and auditors that the organization is serious about information security management.

The ISO/IEC 27000 standard consists of two parts:

ISO/IEC 27000 Part 1 is a Standard Code of Practice that provides an organization with default guidelines on the types of security controls an organization should implement to safeguard their assets. The scope of this standard covers all communication systems such as voice, internet, phones, faxes, etc.

ISO/IEC 27000 Part 2 is Management Standard Specification which outlines the necessary steps required in establishing a management framework. It encompasses people, IT systems and the processes within the organization.

The workshop is aimed at providing an in-depth understanding of how to conduct audit of the ISO/IEC 27001 standard. Participants understand.

• Alternative IT related standards and their focus and strengths
• Overview of other standards in comparison with ISMS
• Need for ISMS
• Detailed review of ISO 27001 clauses
• Detailed steps for auditing ISO 27001
• How scope of ISMS can be limited by management and what are acceptable limitations
• Statement of Applicability
• Vulnerability & Risk assessment
• Raising NCs and closing NCs based on corrective actions

The workshop includes exercises, case studies and role plays to help participants gain a better understanding on how to conduct an ISMS audit.