BSI ISO 27001 IMPLEMENTATION
SUMMARY
The objective of this course is to provide attendees with the necessary skills to implement an ISMS in accordance with the requirements of ISO 17799 and also meet the requirements of ISO/IEC 27001:2013 certification.
AGENDA
DAY 01
• Rationale for an ISMS and important considerations
• What is implementation?
• What is the implementation process and process model?
• Senior management interview
• Project scoping and planning
• Cost estimation
• Steps in a project process
• Developing a typical timeline for an implementation plan
• Process-based approach
• Plan-Do-Check-Act and ISMS
• ISO /IEC 27001 structure, history, terms and definitions
• High-level structure
• Management representative criteria
• Day 01 Review
DAY 02
• Gap analysis - step 01 / GAP analysis
• What are the gaps?
• Clause 4: Organisational context
• Stakeholders and information assets
• Gap analysis - stage 2 asset register and asset classification
• Clause 5: Top management
• Information security policy
• Clause 6: Planning
• Risk assessment
• Risks - threats and vulnerabilities
• Risk assessment tool - FMEA
• Risk assessment and risk likelihood of risk
• Day 02 review
GENERAL INFORMATION
Advanced-level course
Mode: On-site training
Duration: 2 days
Upon successful completion of this course, you will receive an internationally recognised BSI certificate.