ISO/IEC 27001:2022 INFORMATION SECURITY MANAGEMENT SYSTEMS IMPLEMENTER TRAINING

ABOUT THE COURSE

ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Information being a valuable asset and a building block is the key to the growth of any organization. Information needs to be suitably protected like any other important business asset.

In the modern world this asset becomes crucial for success and maintaining credibility of the organization. If this asset is compromised then the organization may have to face various threats and risks like brand image erosion, business disruption, financial and productivity loss etc. On the other side, information security also maximize return on investments, minimize business risks and increase business opportunities.

Our training courses are structured to provide an understanding of ISO/IEC 27001:2022 requirements blended with case studies, exercises and role plays where a participant will be equipped with the knowledge and skills which are needed to implement the Information Security Management System (ISMS) of an organization.

Duration: 4 – day course
Language: English

Note: SGTech members can apply for course funding under STAR FUND 2.0 and receive up to S$500/pax funding. Please refer to FAQ for more details.

WHAT WILL YOU LEARN FROM THE COURSE?

At the end of the course, participants will be able to:

• Understand ISMS terminology and key elements of information security management
• Learn the Plan-Do-Check-Act (PDCA) approach
• Know more about processes and their interconnections
• Gain valuable insights to the management with regards to ISMS implementation.
• Achieve certificate - Information Security Management System – Implementer

Topics to be covered in this course include:

• Understanding the purpose of an Information Security Management System by establish the context of the organization and the processes involved in establishing, implementing, maintaining and continually improving an ISMS.
• Key changes in ISO 27001:2013 vs ISO 27001:2022
• Understanding the mandatory documents and records required by the international standard.
• Formulation of ISMS Scope and Statement of Applicability (SoA).Assist top management in formulating the Information Security Policy and Information Security Objectives that are aligned with the strategic direction of the organization.
• Establishing Risk Assessment and Risk Treatment methodology based on the context of the organization and implementing the same.
• Assist in establishing the internal audit program and management reviews within an organization.
• Understanding controls listed in Annex A of the standard and knowledge of implementing correct type of controls to mitigate risks.
• Planning and Implementing ISMS
• Performance Evaluation, Monitoring and Measurement of an ISMS
• Continual Improvement of an ISMS
• Preparation for an ISMS Certification audit
• Conducting Internal audits and Management Review
• Corrective action and effectiveness of Corrective action.
• Case studies

WHAT IS THE COURSE METHODOLOGY?

Participants will learn through lectures, case studies, individual and group exercises, and discussions.

WHO SHOULD TAKE THE COURSE?

This course is specially designed for:

• IT and ITMS representatives of an organisation
• Personnel responsible for implementing information security management system framework within an organisation.
• Project managers or consultants responsible for establishing, implementing, maintaining, auditing and improving Information Security Management Systems within an organisation.
• Top Management (IT Head, CISO etc.) and Senior Managers responsible for the IT governance of an enterprise and the management of its risks

Prerequisite: Preferably prior knowledge with ISO/IEC 27001:2022 

WHO IS THE COURSE ADVISOR?

The course content and structure are designed by the domain experts from TÜV SÜD.

With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.