Information Security Management Systems

About The Course

With cyber attacks and data security breaches on the rise and in the headlines, keeping your organisation’s data secure has never been more important.  The ISO standard for Information Security, ISO/IEC 27001:2022 Information Security Management Systems, provides the framework to ensure your business has the tools to manage information security risk.

The standard was updated in October 2022, with changes to some management system clauses, making some requirements more explicit and aligning them with other Annex SL standards, such as ISO 9001. In addition, the updated standard was published with its Annex A incorporating the controls outlined in ISO/IEC 27002:2022.  

Our 3-day Information Security Management Systems course will take you through the key changes to the Annex A controls and management systems clauses and how to implement the new requirements of ISO/IEC 27001:2022 . 

We help you learn the most up-to-date processes and approaches to protect your information assets and manage information security in a practical way. This course has the equivalent of 24 Continuing Professional Development (CPD) points.

Plus, you receive a free licensed copy of:

• ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

Learning Outcomes

After successful completion of this course you will:

• How to implement processes and controls within the Information Security management system

• How to identify gaps in an Information Security management system

• Understand the mandatory documentation requirements of an Information Security system

• How to improve your organisation’s conformance with ISO/IEC 27001:2022

Course Content

This course is delivered as a single 3-day module covering the requirements of ISO/IEC 27001:2022. This course can be joined to an additional module: ‘Becoming a Skilled Lead Internal/External Auditor‘ where participants learn how to conduct management systems audits in accordance with ISO 19011:2018 Guidelines for Auditing Management Systems. To complete these modules together, see our Information Management Systems Lead Auditor course.

Timetable

Wednesday

Information Security Management Systems

• Introduction to Information Security

• Context of Information Security

• Information Security management systems requirements

• Risk-based approach to information security

• Structure of Information Security controls and control attributes.

Thursday

Information Security controls

• Information Security controls – Organisational, people, physical, technological

• Information classification

• Documentation requirements of Information security management systems

Friday 

Information Security application

• Statement of applicability

• Information security audit scenarios

• Course review

Prerequisites

There are no prerequisites for this course.

Assessment

Throughout the course, you will complete a series of workshops which form part of the assessment. A short multiple-choice exam at the completion of each module assesses the knowledge and understanding gained throughout the training. You will receive continual assistance and feedback from the trainer and are given anecdotal examples of real world audit situations.

Who Should Attend 

Designed to cater to a variety of people currently involved in the audit and Information Security Management System process, you should attend if you:

• want to become an internal ISMS auditor

• want to become a 3rd party IS auditor

• need to write and implement a ISMS

• are involved in the Information Security management process

• are a manager responsible for an ISMS and ISMS auditing

• wish to consolidate your existing knowledge into a formal qualification.