ISO27001 Foundation Course (Information Security Management Systems)
There is an increasing need for businesses to be able to demonstrate that the information they hold for their own business purposes is secure. More importantly, information that they manipulate in the course of work for their clients and customers must be sufficiently secure to avoid breach of contract or damage to goodwill.
ISO/IEC 27001 Information Security Management is an internationally recognised Standard and takes into account the differing needs of businesses. An organisation that processes third party information will need to ensure information is not accessed by the wrong people while in their hands or while being transferred electronically to others.
An organisation that handles data on behalf of others will wish to demonstrate that its recruitment and training programmes provide staff who understand the threats and act responsibly.
ISO27001 provides the framework for this and the means of obtaining independent verification of systems by internationally recognised accredited assessors.
The first step is to decide which part of the Standard applies to the business. ISO27001 requires a Statement of Applicability and this enables those in charge to exclude parts of the Standard if they are irrelevant. The effort of working through this focuses the mind on the principal risks.
Next, management must decide what assets are at risk and prioritise these. From this it is usual to train people to think about security risks for every new element of work or new project.
Like other Standards, there is a requirement in ISO27001:2013 to demonstrate management have looked at legislation and made sure the business is complying.
Who should attend
This course is designed for people assigned to implement an ISMS practically e.g. managers already involved with control of another management system, consultants.
To give an understanding of:
• What an information security management system (ISMS) is and how it can help business
• Why companies are going for registration to ISO 27001:2013
• The basic registration process
• Where to get help and information
• Where to start to implement a system
• The ISO 27001 standard and its documentation requirements
• Risk assessment
• To identify the requirements for an ISMS
• To explain the tools used to meet the requirements
• To assist people in attaining the skills to be able to implement an effective ISMS
• The relationship between ISO/IEC 17799:2000 & ISO 27001:2013
• The control objectives in ‘Annex A’
• A statement of applicability and a risk treatment plan
• The audit process utilising a risk treatment plan
A one day course giving an overview of an ISMS and the requirements for implementation containing the following:
• Overview of what is meant by ISMS and the basic constituents of an ISMS
• Explanation of how an ISMS can help
• Overview of the requirements of ISO 27001:2013 and the potential benefits
• Implementation of an ISMS, including setting and reviewing ISMS policy, procedures required by the standard
• Identifying and evaluating assets
• Vulnerabilities associated with these assets, risk assessment
• Annex A, control objectives, risk treatment plan & statement of applicability
What should have been learnt
• How to start implementing an ISMS practically
• Some of the tools and documentation used to achieve results within an ISMS
• The benefits of an information security management system to the business.
The course lasts one day.
Satisfactory completion of the course will be recognised by the award of a certificate.
Alexandra Gate Business Centre - Cardiff (CF24 2SA)
The fees below are based on delegates attending one of our open courses at various venues throughout the UK.
Contact us on 029 2070 3328 or email@example.com for more details.
The course costs £250 + VAT per delegate and payment is required when booking the course.
The fees cover the cost of the training, all course materials, refreshments throughout the day, a light lunch, examination fees and a certificate.
We have over the last 30 years worked with dozens of companies and organisations,
Penarth Management has UKAS accredited certification to ISO9001 (Quality), ISO14001 (Environ-mental) and OHSAS18001 (Occupational Health & Safety) for the provision of management consultancy and the preparation and delivery of a number of training courses.
Penarth Management Limited specialises in compliance consultancy and training for Quality, Environmental and Health and Safety related subjects.
Based in Cardiff, South Wales, we have a team of consultants who provide specialist support, training and guidance to client companies from a broad spectrum of industry sectors throughout the UK. Wherever possible, our consultants are geographically located to offer the best possible service to our clients. In addition to a team based in South Wales, we now have regional consultants who are based in the Midlands, London, the South-West and Scotland. All of our consultants and trainers are supported by a strong Administrative support team.
For further details see www.penarth.co.uk.
In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.