Implementing an ISMS ISO/IEC 27001:2013

This course is designed for people who are seeking to understand the requirements of implementing and operating a formal information security management system (ISMS) based on the ISO/IEC 27001:2013 standard. Anyone advising top management on the introduction of an ISMS would also find this course highly relevant

Suggested job roles and their teams include (but not limited to)

• Information security managers
• IT and Corporate security managers
• Corporate governance managers
• Risk and compliance managers
• Information security consultants

This two day comprehensive course covers the following topics:

• How to develop, implement and monitor an Information Security Management Systems within an organisation.
• How to assess and protect the organisation against risks.
• How to evaluate an organisation’s information assets and implement a cost-effective security strategy that is compliant with ISO/IEC 27001:2013 using guidance from its complementary standards ISO/IEC 27002:2013 and ISO 31000:2018.
• How to benchmark security practice within an organisation against this standard.

Our ISO 27001:2013 courses must still teach to the current requirements of that standard and the controls that it refers to in Annex A until such time that it is republished as ISO 27001:2022 (expected mid 2022).
In the interim, ISO 27002:2022 was released in February 2022 which indicates how the Annex A of ISO 27001:2022 is likely to be updated. During this interim period a mapping document will be provided that provides an overview to ISO 27002:2022 and also shows the mapping and changes in terms of controls.
All audits for ISO 27001:2013 will continue to be carried out against its current requirements until it is officially updated.