Training

ISO 27001:2022 certified ISMS lead implementer

Manage information security processes while optimising costs.

In partnership with IT Governance

  • Online or in person
  • Three days
  • £1,750 + VAT

This course will be held on

  • 17–19 July 2024

    • Online or in person
    • 09:30 – 17:00
  • 11–13 September 2024

    • Online or in person
    • 09:30 – 17:00
  • 30 October – 01 November 2024

    • Online or in person
    • 09:30 – 17:00
  • 15–17 January 2025

    • Online or in person
    • 09:30 – 17:00
  • 12–14 March 2025

    • Online or in person
    • 09:30 – 17:00

Course times

This course takes place over three days, with sessions running:

  • Day one: 09:30 - 17:00
  • Day two: 09:00 - 17:00
  • Day three: 09:00 - 17:00, including an exam

Please note: these dates are to join a public run of this course, provided by IT Governance. Upon booking you can specify if you'd prefer to join in person or online.

If you'd prefer to be in a Jisc member only run please email training@jisc.ac.uk.

About

This accredited practitioner-led three day course equips you with the skills to support an organisation in effectively planning, implementing, managing, monitoring and maintaining an ISMS.

It will teach you:

  • The nine critical steps involved in planning, implementing and maintaining an ISO 27001:2022-compliant ISMS
  • Information security management best practices to ensure data confidentiality, integrity and availability
  • How to structure and manage your ISO 27001 project
  • Typical pitfalls and challenges and how to deal with them

Who should attend

There are no formal entry requirements for this course. However, we will assume that attendees have a basic knowledge of ISO 27001 gained either through reading the ISO 27001:2022 standard or attending the Certified ISO 27001:2022 ISMS foundation training course.

This course is only available to Jisc members.

What we cover

  • Why information security management is essential to an organisation
  • The role and structure of an information security policy
  • The key concepts, principles and main requirements of ISO/IEC 27001:2022
  • The terms and definitions used in the Standard, including risk and options for risk assessments
  • How to interpret the requirements of ISO 27001:2022 to determine the scope of your ISMS
  • How to secure senior management commitment by building a compelling business case
  • How to structure and manage your ISO 27001 project
  • How to allocate roles and responsibilities for your ISO 27001 implementation
  • How to review and map your existing controls to Annex A of ISO 27001
  • The importance of the Statement of Applicability (SoA) and justifications for inclusions and exclusions
  • How to carry out an information security risk assessment – the core competence of information security management
  • The benefits of and key issues when selecting a risk assessment tool
  • How to develop a management framework, write policies and produce other critical documentation
  • The importance of staff, an effective communication strategy and general awareness training
  • The key elements of management review
  • How to prepare for your ISO 27001 certification audit and ensure that you pass first time
  • How to manage and drive continual improvement under ISO 27001

Training outcomes

  • Why information security management is essential to an organisation
  • The role and structure of an information security policy
  • The key concepts, principles and main requirements of ISO/IEC 27001:2022
  • The terms and definitions used in the Standard, including risk and options for risk assessments
  • How to interpret the requirements of ISO 27001:2022 to determine the scope of your ISMS
  • How to secure senior management commitment by building a compelling business case
  • How to structure and manage your ISO 27001 project
  • How to allocate roles and responsibilities for your ISO 27001 implementation
  • How to review and map your existing controls to Annex A of ISO 27001
  • The importance of the Statement of Applicability (SoA) and justifications for inclusions and exclusions
  • How to carry out an information security risk assessment – the core competence of information security management
  • The benefits of and key issues when selecting a risk assessment tool
  • How to develop a management framework, write policies and produce other critical documentation
  • The importance of staff, an effective communication strategy and general awareness training
  • The key elements of management review.
  • How to prepare for your ISO 27001 certification audit and ensure that you pass first time
  • How to manage and drive continual improvement under ISO 27001
  • Successful completion of the included exam awards the IBITGQ CISLI qualification

Qualification: Successfully completing the course and included exam awards the ISO 27001:2022 Certified ISMS lead implementer (CIS LI) qualification.

The ISO27001 lead implementer exam qualification needs to be re-certified every 3 years.

Pricing and eligibility

Jisc members and others from the education and research sector: £1,750 + VAT.

Please note, you are requesting a place on a public run of this IT Governance course so we are unable to provide refunds for cancellations.

VAT information

VAT is charged at 20% of the value of the service.

Contact

For more information, email training@jisc.ac.uk or phone 01235 822242.

Join the community

Get support and connect with like-minded peers by joining our cyber security community group.

An easy route to procurement

Crown Commercial Service Supplier logo

We are an approved supplier on the Crown Commercial Service dynamic purchasing system (DPS). This provides a simple and trusted way for public sector buyers and our members to procure Jisc cyber security services and training.