Aims & Objectives

• Provide the key requirements and benefits ISO/IEC 27001:2022
• Manage information security
  
• Take steps to ensure that information security is a top priority for your company.
  
• Manage information security risks and hazards effectively
• Attract and retain customers by meeting their current and future needs for data protection.
• Understand the application of risk-based thinking, leadership, and process management.
• Boost stakeholder confidence by using the most well-known hygiene technique.
  

Learning Outcomes

Having successfully completed this course you will be able to:

• Have achieved the means to assess and improve your own ISMS organization Systems.
• Learn the importance, the purpose and benefits of an ISMS
• Interpret the ISO/IEC 27001:2022 requirements to the needs of the organisation.
• Identify and assess ISMS risks.
• Grasp the concepts of SWOT & PESTLE Analyses
  

Who should attend?

• Information security, finance, customer care/support, R&D and IT personnel
  
• ISMS appointed auditors/consultants
• Those who wish to understand ISO 27001 and its application
• Anyone involved in the planning, implementing, maintaining, supervising, or auditing of an ISO/IEC 27001:2022 ISMS

Prerequisite skills & knowledge: None required

Available in-house/distant learning? Yes

Created by: LiberoAssurance Continuous Professional Development Training Centre.

ISO 27001:2022 Requirements

Overview

• Management Systems
• Goals of a Management System
• ISO 27001:2022 Structure

Clauses 0-3

• Introduction
• Scope
• Normative References
• Terms and definitions

Context of the organization

• Introduction to company’s context
• Understanding the organization, its context and interested parties
• Scope of the ISMS
• ISMS Processes

Leadership

• Leadership and commitment
• Information Security Policy
• Organizational roles, responsibilities and authorities

Planning

• Actions to address risks and opportunities
• Information security objectives and planning to achieve them

• Planning of changes

Support

• Resources
• Competence
• Awareness
• Communication
• Documented information

Operation

• Operational planning and control
• Information security risk assessment & treatment

• Information security risk treatment

Performance evaluation (Monitoring and Evaluation)

• Monitoring, measurement, analysis and evaluation
• Internal audit
• Management review

Improvement

• Continual improvement
• Nonconformity & corrective action

Annex A - Information security controls reference

Teaching Methods

• Detailed seminar presentations (available for download)
• Terms and definitions
• No. of slides: 104
  

Resources

• Reading lists and resources available in presentations

Study time allocation

• Private study hours: 13
  
• Trainer contact hours: Availability and competence of instructors upon request
• Enrollment Duration: 90 days (starting from the date of purchase)

Credits

• CPD Points: 13
  
• ECTS/ECVET Points: 0.4