ISO 27001 Training

IP3 is partnering with the Prfessional Evaluation and Certification Board to provide the best certified and professionally registered educational programs to enable you and your firm to achieve the world standard of Information Security Management.

Created in 2005, Veridion specializes in training and audit services (ISO 27001, ISO 27002 and others) related to compliance and information security. Veridion offers courses in several languages around the world: global vision with a local approach.

As a leader in training and audit services (ISO 27001, ISO 27002 and others), in the compliance and information security field, Veridion nurtures close relationships with its clients thanks to its network of global partners. Through this network, Veridion delivers the best combination of value and know-how to their clients, meeting their needs with an insightful mix of local partnerships and international service options.

ISO 27001 Senior Management for Senior Management (1 Day)

This workshop allows senior management members of an organization to understand the implementation of an information security management system framework based on ISO 27001 from a strategic point of view as well as its implications at the corporate governance level. Based on the main legal, regulatory, contract and normative issues facing companies, the workshop introduces the ISO 27001 prerequisites as well as the different stages of its implementation: risk management, risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to audit certification.

ISO 27001 - ISMS Lead Auditor (5 days)

This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISO 27001) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During the training, the participant will acquire the knowledge needed to plan and perform audits compliant with the certification process of standard 27001:2005. Based on practical exercises, the participant will be able to develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to the conduct of an audit.

The training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). An audit kit developed by experienced auditors will be distributed to participants.

ISO 27001 - ISMS Lead Implementer (5 days)

This five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System as specified in ISO 27001:2005: risk management (based on ISO 27005), risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to ISO 27001 audit certification.

In addition, the participant will be able to become proficient in the best practices in the implementation of information security control measures based on the eleven (11) ISO 27002 domains: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management and compliance.

This training focused on practice falls in line with best practices in project management based on the Project Management Institute (PMI) and the International Project Management Association (IPMA) as well as the ISO 10006 standard, "Quality Control Project Management Guidelines." It is fully compatible with the future ISO 27003 standard (guidelines for the implementation of an ISMS) and ISO 27004 (ISMS measures).

IP³ Inc. is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National CPE Sponsors through its web site: www.learningmarket.org .

ISO 27001 Senior Management for Senior Management (1 Day)

This workshop allows senior management members of an organization to understand the implementation of an information security management system framework based on ISO 27001 from a strategic point of view as well as its implications at the corporate governance level. Based on the main legal, regulatory, contract and normative issues facing companies, the workshop introduces the ISO 27001 prerequisites as well as the different stages of its implementation: risk management, risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to audit certification.

The ISMS Lead Auditor Course (5 Days)

This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISO 27001) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During the training, the participant will acquire the knowledge needed to plan and perform audits compliant with the certification process of standard 27001:2005. Based on practical exercises, the participant will be able to develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to the conduct of an audit.

The training is based on management system audit guidelines (ISO 19011:2002) as well as international audit best practices: the International Federation of Accountants (IFAC), the American Institute of Certified Public Accountants (AICPA), the Information Systems Audit and Control Association (ISACA) and the Institute of Internal Auditor (IIA). An audit kit developed by experienced auditors will be distributed to participants.

Learning objectives:

• Understanding the application of the information security management system in the ISO 2701:2005 context.
• Understanding the relationship between the information security management system, including the management of risks and controls, and the various stakeholders.
• Understanding audit principles, procedures and techniques, and being able to apply them in an ISO 27001 audit framework.
• Understanding the legal, statutory, regulatory or contract obligations relevant during an ISMS audit.
• Acquiring the personal skills required to perform an audit in an effective and cost-effective manner, and managing an audit team.
• Preparing and completing an audit report ISO 27001.

Who should participate?

• Person wanting to lead ISO 27001 certification audits as the person in charge of an audit team.
• Consultant wanting to prepare and support a company in an audit certification ISO 27001.
• Internal advisor to a company or internal auditor who wants to prepare and support his company in a certification audit ISO 27001.
• Person in charge of information security or conformity internally for the organization.
• Expert advisor in information technology.

Course details:

Prerequisites

ISMS Foundation training or a basic knowledge of ISO 27001 and ISO 27002 standards is recommended.

Examination and Certification

• The “ISO 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination Certification Programme (ECP).
• ISMS exam - ISO 27001 Lead Auditor is available in English, French or Spanish.
• Duration of the exam: 3 hours.
• A certificate will be issued to participants who successfully complete the exam.
• After the training, the participant can apply for the title of ISO 27001 provisional auditor, ISO 27001 auditor, ISO 27001 principal auditor or ISO 27001 lead auditor depending on their experience.
• A certificate will be issued to participants who successfully passed the exam and comply with all the other
  requirements related to the selected credential.

General Information

• A student manual containing over 450 pages of information and practical examples will be distributed to participants.
• A 31 CPE (continuing professional education) participation certificate will be issued to participants.

The ISMS Lead Implementer Course (5 Days)

This five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System as specified in ISO 27001:2005: risk management (based on ISO 27005), risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to ISO 27001 audit certification.

In addition, the participant will be able to become proficient in the best practices in the implementation of information security control measures based on the eleven (11) ISO 27002 domains: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management and compliance.

This training focused on practice falls in line with best practices in project management based on the Project Management Institute (PMI) and the International Project Management Association (IPMA) as well as the ISO 10006 standard, "Quality Control Project Management Guidelines." It is fully compatible with the future ISO 27003 standard (guidelines for the implementation of an ISMS) and ISO 27004 (ISMS measures).

Learning Objectives

• Understanding the application of an information security management system in the ISO 2701:2005 context.
• Understanding the relationship between the information security management system, including the management of risks and controls, and the various stakeholders.
• Mastering the concepts, approaches, standards, methods and techniques required in an effective
  management of an Information Security Management System
• Acquiring the expertise to support an organization in implementing, managing and maintaining an ISMS as specified ISO 27001.
• Acquiring the personal skills and knowledge necessary to advise an organization on the best practices in information security management.
• Improve the capacity for analysis and decision making in a context of information security management

Who Should Participate?

• Project manager or consultant wanting to support an organization in the implementation of an ISMS.
• ISO 27001 auditor who wants to master the ISMS implementation process.
• Person responsible for the information security or conformity in an organization.
• Information security team member.
• Expert advisor in information technology.
• Technical experts wanting to prepare for an information security function or for an ISMS project management function

Course Details

Prerequisites

• ISMS Foundation training or a basic knowledge of ISO 27001 and ISO 27002 standards is recommended.

Educational approach.

This training is based on the alternation of theory and practice:

• Sessions of lectures illustrated with examples based on real cases
• Practical exercises based on a full case study including role plays and narrative presentation
• Review exercises to assist the exam preparation
• Practice test similar to the certification exam

Given the practical exercises, the number of training participants is limited

Examination and certification

The “ISO 27001 Lead Implementer” exam fully meets the requirements of the PECB Examination Certification Programme (ECP).

The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of information security

Domain 2: Information Security Control Best Practice based on ISO 27002

Domain 3: Planning an ISMS based on ISO 27001

Domain 4: Implementing an ISMS based on ISO 27001

Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001

Domain 6: Continuous improvement of an ISMS based on ISO 27001

Domain 7: Preparing for an ISMS certification audit

The “ISO 27001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form)

General Information

• Duration of the exam: 3 hours
• After successfully completing the exam, participants can apply for the credentials of ISO27001 Provisional Implementer, ISO27001 Implementer or ISO27001 Lead Implementer, depending on their level of experience
• A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
• Certification fees are included in the examination price
• A student manual containing over 450 pages of information and practical examples will be distributed to
  participants
• A 31 CPE (continuing professional education) participation certificate will be issued to participants.

What Others Are Saying...

"The class you taught help fill in some gaps and also identify others. This helped me focus in on my weaknesses enough to pass.

Thanks for all your effort."

Steven R.  CISSP Bootcamp, Oakland, CA

"I passed the exam. Thank you IP3

I wanted to tell you that i think IP3 training bootcamp and online access is the BEST ROI for any professional looking for material and information in preparation for the CISSP exam. Thank you for everything! The videos, pdfs, everything is great. I passed the exam on June 28. Good luck to everyone!"

Christian R. , Information Security Administrator, Basking Ridge, NJ

"Just wanted to drop a note.  I took the class back in November, and finally got around to taking the exam a couple weeks ago.  I found the exam to be one of the hardest tests I have taken based on the layout and wording.  The learning and preparation as well as the extra helpers, audios, study tips paid off in the long run.  I passed.

I have recommended the training to others, and will continue to do so.

Thanks again!"

David C. Taschner, Manager Engineering Systems BAE