ISO27001 Practitioner

Information is a business asset that is essential to an organisation’s business and consequently needs to be protected. Information can be stored in many forms and is generally dependent upon information and communications technology.

Technology is an essential element in any organisation and assists in facilitating the creation, processing, storing, transmitting, protection and disposal of information.

ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.

It allows organizations to demonstrate excellence and prove best practice in Information Security management. The standard enables organizations to achieve conformance to an information security management system which requires them to continually improve their control of confidential and sensitive information.

ISO/IEC27001 provides organizations with a structured approach to information security management to enable them to secure their information assets. It also enhances information security through adoption of best practices and provide a competitive differentiator for organizations when tendering for business and contracts (enhance reputation for the secure management of confidential and sensitive information) by demonstrating compliance with an internationally recognized standard and the ability to satisfy customer security requirements.

This course and the standard deal with the protection of information in the organisation and the management of associated risks.

The objectives of the program are to ensure that individuals that plays a role in the implementation, maintenance and audit of ISO27001 have the requisite skills and to ensure that they enable the achievement of organisational goals and objective through the program.

Day 1

• Introduction and background
• Objectives and status of ISO/IEC27000 family
• Preparing for an Information Security Management System (ISMS)
• Planning and operating the Information Security Management System (ISMS)

Day 2

• planning and operating the Information Security Management System (ISMS)
• Information security controls
• Revision
• Sample exam

Quality managers, other executives, managers and supervisors, business process owners, program and project managers, assessors, consultants, auditors, business continuity, information security and risk managers.

The formal course is based on a set of lectures supported by slides, student handbook, exercises and sample examination questions. This course consists of a student manual that expand on the topics covered in the lectures. Students should use this material to prepare for the exam.

The pre-requisite for this qualification is either the APMG ISO/IEC 27001 Foundation qualification. The APMG ISO/IEC 27001 Foundation course is specifically designed as preparation for this Practitioner qualification.

• 3-hour, scenario based objective test examination
• 4 questions – each worth 20 marks
• The pass mark is 50% (40 marks).
• Delegates are expected to have a copy of ISO/IEC 27001 standard available for reference (No other reference material is allowed).