Introduction

– We updated the ISO 27001 Lead Implementer course and manual in May 2019. – This five-day ISO 27001 Lead Implementer training course enables participants to develop the necessary expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013. Participants will also gain a thorough understanding of best practices used to implement the ISMS through organizational context and incorporation of interested parties. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27002 (Security Techniques — Code of practice for information security controls), ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security). Because it is a course with a very relevant practical impact, participants are invited to implement an Information Security Management System in the classroom, during training, based on a case study. This practice supports the necessary theoretical part of the training and establishes a clear link between theory, regulation and how to do it. In this way, participants are able to transfer the knowledge of training to the job and acquire a greater critical sense about the requirements and their applicability in the organization.

Training Methodology

ISO 27001 Lead Implementer training course is based on both theory and practice sessions with: Lectures illustrated with examples based on real cases.

Practical exercises based on a full case study including role playings and oral presentations. To benefit from the practical exercises, the number of training participants is limited.

Review exercises to assist the exam preparation.

Practice test similar to the certification exam. This course is available to be delivered in a classroom and Live-Training model.

Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

Audience

Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS).

ISO 27001 auditors who wish to fully understand the Information Security Management System implementation process.

CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks.

Members of an information security team.

Expert advisors in information technology.

Technical experts wanting to prepare for an information security function or for an ISMS project management function.

Prerequisites

Participants should understand English as the course documentation is in this language.

_

Learning Objectives

Acquiring Knowledge Understand the operation of an Information Security Management System based on ISO 27001 and its principal processes.

Understand the goal, content and correlation between ISO 27001, ISO 27002 and other standards and regulatory frameworks.

Master the concepts, approaches, standards, methods and techniques for the implementation and effective management of an ISMS. Development of Competencies Interpret the ISO 27001 requirements in the specific context of an organization.

Develop the expertise to support an organization to plan, implement, manage, monitor and maintain an ISMS as specified in ISO 27001.

Acquire the expertise to advise an organization on information security management best practices.

Strengthen the personal qualities necessary to act with due professional care when conducting a compliance project.

Program

Introduction to ISO 27001 and initiation of an ISMS Course objectives and structure

Standard and regulatory framework

Information Security Management System (ISMS)

Fundamental principles of information security

Initiating the ISMS implementation

Understanding the organization and clarifying the information security objectives

Analysis of the existing management system Plan the implementation of the ISMS Leadership and approval of the ISMS project

ISMS scope

Policies for information security

Risk assessment

Statement of Applicability and management decision to implement the ISMS

Definition of the organizational structure of information security Deploying the ISMS Definition of the document management process

Design of security controls and drafting of specific policies & procedures

Communication plan

Training and awareness plan

Implementation of security controls

Incident Management

Operations Management ISMS measurement, continuous improvement and preparation for certification audit Monitoring, measurement, analysis and evaluation

Internal audit

Management review

Treatment of problems and non-conformities

Continual improvement

Preparing for the certification audit

Competence and evaluation of implementers

Closing the training ISO 27001 Lead Implementer Certification Exam

Benefits

ISO 27001 is an auditable Information Security Management System (ISMS). ISO 27001 allows certification and international recognition of an organization. Allows access to new markets and optimization of operations. Allows improve quality, increase productivity, competitive advantage, customer satisfaction and sales. ISO 27001 Lead Implementer course bases its pedagogical model in a certification program aligned with ISO 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO. ISO 27001 Lead Implementer course geared towards to the implementation of the standard, through a step-by-step implementation process. Thus, throughout the course, in addition to the basic concepts of ISMS, are presented the steps needed to prepare and start the ISMS implementation project, which includes the selection of the approach, the implementation methodology, among other activities needed to implement the ISMS, based on the methodology presented, including ISMS operation and therefore the control, monitoring and continuous measurement. One of the strengths of the ISO 27001 Lead Implementer course, in addition to inclusion of implementation methodology, is that it allows to prepare professionals for the audit of ISO 27001 certification and the registration in the certifying body. Addresses itself to this end, the recommendations of ISO 19011 and the ISO 17021 – requirements for certification bodies. Certification exam is monitored by an official Behaviour administrator. ISO 27001 Lead Implementer certification exam is conducted at the end of the course, on the last day of training, which focuses on development questions and case studies allowing the certifying entity to measure, more effectively, the knowledge of the candidates. Upon success in the exam, professional will achieve one of the ISO 27001 certifications levels. In case of failure, professional may repeat the exam at no additional cost, within 1 year after the date of the 1st examination. Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy. Behaviour is an organization accredited by DGERT (Portuguese Government Entity) and certified on ISO 9001. Behaviour has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Exam

The “Certified ISO 27001 Lead Implementer” exam fully covers the following competence domains: Domain 1: Fundamental principles and concepts of information security

Domain 2: Information security control best practice based on ISO 27002

Domain 3: Planning an ISMS based on ISO 27001

Domain 4: Implementing an ISMS based on ISO 27001

Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001

Domain 6: Continual improvement of an ISMS based on ISO 27001

Domain 7: Preparing for an ISMS certification audit The “Certified ISO 27001 Lead Implementer” exam is available in English language.

Duration: 3 hours.

The exam result is sent via email to the candidate within eight weeks after the examination, being the exam result graduated in qualitative note: “Pass or Fail”.

In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade. If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

Certification

After successfully completing the exam, participants can apply for the credentials: “Certified ISO/IEC 27001 Associate Implementer”, “Certified ISO/IEC 27001 Implementer” or “Certified ISO/IEC 27001 Lead Implementer”, depending on their level of experience. A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Candidates also receive the digital badge of the certification achieved. ISO 27001 Lead Implementer certification program is aligned with ISO 17024 standard. The requirements for the “Lead Implementer” certification are: Certification Exam Professional Experience ISMS Audit Experience ISMS Project Experience ISO 27001 Associate Implementer ISO 27001 LI None None None ISO 27001 Implementer ISO 27001 LI 2 years

1 year of information security work experience None Project activities totalling 200 hours ISO 27001 Lead Implementer ISO 27001 LI 5 years

2 years of information security work experience None Project activities totalling 300 hours

Trainer

Our specialists are renowned consultants and auditors, with several years of experience in the areas of implementation, auditing and training in family ISO 27000, with particular focus on standards ISO27001, ISO27005 and their associated standards.

Some of our experts work directly in the improvement of these standards through its participation in the committees responsible for these standards in various countries.

General Information

Training in English language.

Course manual in English, containing over 450 pages of information. practical examples, case-study and step-by-step implementation methodology.

Behaviour Participation Certificate of 31 CPD (Continuing Professional Development) credits.

Certification exam in English.

Certification Diploma after successful examination and conclusion of formal process registration. This process has no associated cost.

Certification badge after certification.

Coffee break in the morning and afternoon (applies to all training that take place in Behaviour facilities).

If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date. participants evaluation 4.7 in 5

Dates and Investment