(Click Category to List Courses)

28 - ISO - ISO (Standardization) Programs

ISO 103 - ISO 27001 Information Security Management System (ISMS)

Code Start Date Duration Venue
ISO 103 08 July 2024 5 Days Istanbul Registration Form Link
ISO 103 12 August 2024 5 Days Istanbul Registration Form Link
ISO 103 16 September 2024 5 Days Istanbul Registration Form Link
ISO 103 21 October 2024 5 Days Istanbul Registration Form Link
ISO 103 25 November 2024 5 Days Istanbul Registration Form Link
ISO 103 30 December 2024 5 Days Istanbul Registration Form Link
Please contact us for fees


Course Description

ISO 27001 standard provides a framework to assure the effectiveness of the information security measures in the work, this includes the continued accessibility, confidentiality and integrity of the information in whatever form it is held.  This course enables participants to be familiar with the basic concepts of the implementation and management of an Information Security Management System (ISMS) as specified in ISO 27001. The components of ISMS will be discussed in this course, including the ISMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and continual improvement.

Course Objectives

  • Being familiar with the basics of information security
  • Knowing what information security management system (ISMS) is and how it can help business
  • Understanding the development, history, and current status of ISO 27001
  • Understanding the registration process
  • Estimating costs and resources to implement an ISMS
  • Understanding the available information security controls

Who Should Attend?

  • Supervisors
  • Managers
  • Executives
  • Members of IT team
  • Technicians involved in operations related to an ISMS
  • Anyone who is involved in ISO standards

Course Details/Schedule

Day 1

  • Fundamental principles of Information Security
  • Overview of what is meant by ISMS and the basic constituents of an ISMS
  • Introduction to the ISO 27000 family of standards
  • Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Explanation of how an ISMS can help 

Day 2

  • General requirements: presentation of the clauses 4 to 8 of ISO 27001
  • Identifying and evaluating assets
  • Defining the scope of an ISMS
  • Development of an ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk 

Day 3

  • Drafting the Statement of Applicability (SoA)
  • Implementation phases of ISO 27001 framework
  • Implementation of a document management framework
  • Principles and design of information security controls
  • Writing procedures
  • Implementation of controls

Day 4

  • Incident management
  • Operations management of an ISMS
  • Documentation of an information security control environment
  • Monitoring and reviewing the information security controls
  • Development of metrics, performance indicators and  dashboards
  • ISO 27001 internal Audit
  • Management review of an ISMS 

Day 5

  • Continual improvement of Information Security
  • Implementation of a continual improvement program
  • Preparing for an ISO 27001 certification audit
  • Conducting an ISO 27001 certification audit
  • Examples of  implementation of information security controls based on ISO 27002 best practices