ISO/IEC 27001 is an international standard that defines the requirements for an organization’s information security management system. ISO 27001 consists of general requirements for the management system and additional security controls.
The implementation of the requirements of the standard requires careful consideration of the topics related to information security and the implementation and documentation of the choices made. A key issue is the choice of how high security requirements to implement, as beyond a certain threshold this can start to hinder core business operations, significantly increase the administrative burden or require significant investment.
Implementing the requirements of the ISO 27001 Information Security Management System is somewhat more complex compared to the requirements of ISO 9001:2015, but is still within the reach of any organization that has an interest in information security. It is important to understand the requirements of the standard and the content of the applicable information security controls, and to make the right choices for the organization.
The ISO/IEC 27001:2022 version of the standard was released on 25 October 2022. We will go through the content of the requirements of the new version during the training.
Anyone who is responsible for the development and operation of an information security management system and who wishes to gain an overview of the requirements of the standard. Typically, this would include information security managers and specialists, system administrators, development managers and CTOs, CEOs, but often also quality managers or information security project managers.
The aim of the training is to provide participants with a clear and practical overview of all the requirements of ISO/IEC 27001:2022 and to provide guidance on the effective development and implementation of an information security management system.
Content and topics
The training will help answer the following questions:
- What is the meaning and content of the requirements of the ISO 27001:2022 standard, how to translate these requirements into “plain language” for the organization (to implement them in a meaningful way)?
- How to build up a management system compliant with ISO 27001:2022, what are the main steps and what are the necessary and recommended actions?
- Requirements for an Information Security Management System (ISO/IEC 27001:2022 standard requirements + additional objectives and security controls in the normative Annex A).
- Context of the organization
- Leadership, the role of top management in the information security management system.
- Support (processes)
- Performance evaluation
- Content of Normative Annex A (content of information security controls)
As a result of the training, participants will have the necessary knowledge to develop an ISO/IEC 27001:2022 compliant information security management system and interpretations of the requirements of the standard. The training is also well suited for refresher training on the requirements of the standard (e.g., for new staff and roles, including auditor).
Additional information for training subscribers
If you are interested in implementing an information security management system in your organization, please contact us and let us know your requirements! Traditionally, conducting an introductory hands-on training session on the Key personnel is the first logical step in the development of an Information Security Management System.
For in-house training, we are ready to design a combined training program tailored to your needs to ensure that the content of all requirements is interpreted in a way that takes into account the specificities of your organization.