This is intended for those who will be involved in advising top management on the introduction of ISO/IEC 27001:2013 into an organization. It is especially relevant for those who have the responsibility to lead the implementation of an ISMS in a business or provide consultation on the subject.
Suggested job roles and their teams include:

• Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS) ISO
• 27001 auditors who wish to fully understand the Information Security Management System implementation process
• CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
• Members of an information security team
• Expert advisors in information technology
• Technical experts wanting to prepare for an information security function or for an ISMS project management function

• To Understand the implementation of an Information Security Management System in accordance with ISO 27001
• To Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System
• To Understand the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
• To Acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO 27001
• To Acquire the necessary expertise to manage a team implementing ISO 27001
• To Develop the knowledge and skills required to advise organizations on best practices in the management of information security
• To Improve the capacity for analysis and decision making in the context of information security management

DAY 1 | Introduction to ISMS concepts as required by ISO 27001

• Introduction to the management systems and the process approach
• Presentation of the ISO 27000 family standards and regulatory framework
• Fundamental principles of Information Security
• Preliminary analysis and determining the level of maturity based on ISO 21827
• Writing a business case and a project plan for the implementation of an ISMS

DAY 2: Planning the implementation of an ISMS based on ISO 27001

• Defining the scope of an ISMS
• Drafting an ISMS and Information Security policies
• Selection of the approach and methodology for risk assessment
• Risk management: identification, analysis and treatment of risk (based on ISO 27005)
• Drafting the statement of applicability

DAY 3: Implementing an ISMS based on ISO 27001

• Implementation of a document management framework
  Design of and implementation of controls
• Information Security training, awareness and communication program
• Incident management (drawing on guidance from ISO 27035)
• Operations management of an ISMS

DAY 4 | Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO 27001

• Monitoring the ISMS controls
• Development of metrics, performance indicators and dashboards in accordance with ISO 27004
• ISO 27001 internal audit
• Management review of an ISMS
• Implementation of a continual improvement program
• Preparing for an ISO 27001 certification audit

DAY 5 | IAS Accredited Certification Exam (If required)

The “Certified ISO/IEC 27001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:

• Domain 1: Fundamental principles and concepts of information security
• Domain 2: Information security control best practice based on ISO 27002
• Domain 3: Planning an ISMS based on ISO 27001
• Domain 4: Implementing an ISMS based on ISO 27001
• Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001
• Domain 6: Continual improvement of an ISMS based on ISO 27001
• Domain 7: Preparing for an ISMS certification audit

The “Certified ISO/IEC 27001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form).

Duration: 3 hours.

After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Implementer, Certified ISO/IEC 27001 Implementer or Certified ISO/IEC 27001 Lead Implementer, depending on their level of experience. A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. 

ISO 27001 Foundation Certification or a basic knowledge of ISO 27001 is recommended.