Lead Implementer Course

The ISMS Lead Implementer Course (5 Days)

This five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System as specified in ISO 27001:2005: risk management (based on ISO 27005), risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to ISO 27001 audit certification.

In addition, the participant will be able to become proficient in the best practices in the implementation of information security control measures based on the eleven (11) ISO 27002 domains: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management and compliance.

This training focused on practice falls in line with best practices in project management based on the Project Management Institute (PMI) and the International Project Management Association (IPMA) as well as the ISO 10006 standard, "Quality Control Project Management Guidelines." It is fully compatible with the future ISO 27003 standard (guidelines for the implementation of an ISMS) and ISO 27004 (ISMS measures).

Learning Objectives

  • Understanding the application of an information security management system in the ISO 2701:2005 context.
  • Understanding the relationship between the information security management system, including the management of risks and controls, and the various stakeholders.
  • Acquiring the expertise to support an organization in implementing, managing and maintaining an ISMS as specified ISO 27001.
  • Acquiring the personal skills and knowledge necessary to advise an organization on the best practices in information security management.

Who Should Participate?

  • Project manager or consultant wanting to support an organization in the implementation of an ISMS.
  • ISO 27001 auditor who wants to master the ISMS implementation process.
  • Person responsible for the information security or conformity in an organization.
  • Information security team member.
  • Expert advisor in information technology.

Course Details

Day 1: Introduction to the management of an Information Security Management System based on ISO 27001 and launching an ISMS

  • Introduction to management systems and the process approach
  • Introduction to ISO 27001, ISO 27002 and ISO 27005 standards
  • Fundamental principles in information security
  • Preliminary analysis
  • ISO 27001 management project
Day 2: Planning an ISMS based on ISO 27001

  • Implementation of the governance framework: information security roles and responsibilities, ISMS policies, perimeter definition, etc.
  • Risk management based on ISO 27005: risk identification, risk analysis and risk treatment.
  • Drafting the statement of applicability.
Day 3: Launching and implementing an ISMS based on ISO 27001
  • Implementing a documentation management framework
  • Designing security control measures
  • Implementing security control measures
  • Training, awareness and communication
  • Incident management based on ISO 18044
  • Operations management
Day 4: Control, Taking action and ISO 27001 certification audit

  • Control measures monitoring (records management)
  • Performance indicators of control measures (metrics and operating reports)
  • ISMS internal audit
  • ISMS senior management review
  • Continuous improvement
  • ISO 27001 certification audit
Day 5: Examination
  • Examination


  • ISMS Foundation training or a basic knowledge of ISO 27001 and ISO 27002 standards is recommended.

Examination and Certification RABQSA

  • The ISMS exam - ISO 27001 Lead Implementer is certified by RABQSA and meets the "RABQSA Training Provider Examination Certification Scheme" (TPECS) criteria and covers the following competency units:
    • RABQSA - IS (Information Security)
    • RABQSA - OI (organization improvement)
    • RABQSA - MC (management counsel)
  • ISMS exam - ISO 27001 Lead Implementer is available in English or French.
  • Duration of the exam: 3 hours
  • A certificate will be issued to participants who successfully complete the exam.

General Information

  • A copy of ISO 27001 standard is distributed to participants.
  • A 35 CPE (continuing professional education) participation certificate will be issued to participants.
  • An ISMS implementation toolkit as well as a student manual containing over 300 pages of information and practical examples will be distributed to participants.