BetaWe're making improvements — you're viewing a page on our new site.

Training

ISO 27001: lead implementer

Manage information security processes while optimising costs.

Fully Booked

  • Online or in person
  • Three days
  • £1,300 + VAT

This course will be held on

  • 08–10 June 2022

    This course is now fully booked.

    • Online
    • 09:00 – 17:00
  • 13–15 July 2022

    This course is now fully booked.

    • Online
    • 09:00 – 17:00

Course times

This course takes place over three days, with sessions running:

  • Day one: 09:30 - 17:00
  • Day two: 09:00 - 17:00
  • Day three: 09:00 - 17:00, including an exam

Please note: these dates are to join a public run of this course, provided by IT Governance. Upon booking you can specify if you'd prefer to join in person or online.

If you'd prefer to be in a Jisc member only run please email training@jisc.ac.uk.

About

ISO 27001 is a widely recognised standard for information security management systems (ISMS), and likely to become a mandatory standard for education institutions in the future. It is designed to help organisations of all types and sizes manage information security processes while optimising costs.

This three-day course provides the information, skills and knowledge to lead an ISO 27001 implementation project or to work as part of an implementation team.

Who should attend

Anyone involved in information security management, writing information security policies or implementing ISO 27001, either as a lead implementer or as part of an implementation team.

This course requires an understanding of ISO 27001. You may wish to have previously completed the ISO 27001: foundation course or equivalent.

This course is only available to Jisc members.

What we cover

You'll learn why information security management is important to an organisation and the key concepts, principles and main requirements of ISO 27001. We'll also look at how to:

  • Interpret the requirements of ISO/IEC 27001:2013 to determine the scope of your ISMS
  • Structure and manage your ISO 27001 project
  • Allocate roles and responsibilities for your ISO 27001 implementation
  • Prepare for your ISO 27001 certification audit and ensure you pass first time
  • Manage and drive continual improvement under ISO 27001
  • Review and map your existing controls to Annex A
  • Carry out an information security risk assessment
  • Develop a management framework, write policies and produce other critical documentation

It will also cover:

  • The role and structure of an information security policy
  • The importance of the Statement of Applicability (including justifications for inclusions and exclusions)
  • The benefits of and key issues when selecting a risk assessment tool
  • The importance of staff, an effective communication strategy and general awareness training

Training outcomes

An understanding of:

  • Securing senior management commitment and building the business case
  • How to determine the scope of your ISMS
  • The role and structure of an information security policy
  • How to develop and manage your ISO 27001 project
  • Carrying out an information security risk assessment
  • Core documentation, policies and procedures needed for your project
  • How to review your existing controls and mapping controls to Annex A of ISO 27001
  • The key elements of management review
  • How to manage and drive continual improvement under ISO 27001
  • How to prepare for your ISO 27001 certification audit and ensure you pass the audit first time

Pricing and eligibility

Jisc members and others from the education and research sector: £1,300 + VAT

Please note, you are requesting a place on a public run of this course so we are unable to provide refunds for cancellations.

Contact

For more information, email training@jisc.ac.uk or phone 01235 822242.

An easy route to procurement

We are an approved supplier on the Crown Commercial Service dynamic purchasing system (DPS). This provides a simple and trusted way for public sector buyers and our members to procure Jisc cyber security services and training.