About ISO 27001 Foundation & Implementation

The main objective of the course is to convey the purpose of applying the ISO 27001 standards in the context of information security. The course provides a clear understanding on how to effectively establish, implement, maintain and continually improve the information security management system. Also the foundation course will help you in doing advance level of course such as lead auditor, lead implementer and internal lead auditor.

Who can take this training?

 Any working professional who have an interest in or are responsible for information security management, data management and data protection, corporate governance, risk and compliance, management systems, security, IT services, human resources, financial and accounting records and any business area that interacts with high risk private data.
 Those professionals who have a minimum experience of 2 years in Information Technology Domain.
 Professionals who have a role in implementation and auditing ISMS.
 Information Security Management Representatives and core group members responsible for establishing, implementing, maintaining, auditing and improving ISMS.
 Managers from organizations willing to implement, maintain and improve upon their ISMS as per ISO 27001:2013.
 Management system consultants.
 Those Organizations who want to safeguard their information from risks of attack, error and natural disaster, and other vulnerabilities inherent to its use.
 These set of standards should also be implemented by those organizations who want to reassure customers and clients that their recommendations on security have been followed.

Course Outline


Introduction to the course


Module 1 – Introduction to ISO 27001

Introduction & suggested reading

What is ISO 27001?

The structure of ISO 27001

Information security principles

Introduction to the Information Security Management System

Implementing ISO 27001 requirements

Implementing ISO 27001 as a project

Documenting ISO 27001 requirements

ISO 27001 Benefits


 Module 2 – The planning phase

Introduction & suggested reading

Understanding your organization and its context

Understanding the needs and expectations of interested parties

Determining the scope of the ISMS

Leadership and commitment

Information Security Policy

Organizational roles, responsibilities and authorities

Information security objectives





Documented information


Module 3 – Risk management

Introduction & suggested reading

Addressing risks and opportunities

Risk management process

Information security risk assessment – Risk identification

Information security risk assessment – Risk analysis and evaluation

Information security risk treatment

Statement of Applicability

Risk treatment plan


Module 4 – The Do phase

Introduction & suggested reading

Formulating the risk treatment plan

Implementing the risk treatment plan

Operational planning and control

Operating the ISMS

Managing outsourcing of operations

Controlling changes

Risk assessment review



Module 5 – The Check and Act phases

Introduction & suggested reading

Monitoring, measurement, analysis, and evaluation

Internal audit

Management review

Nonconformities and corrective actions

Continual improvement



Module 6 – Annex A – Control objectives and controls

Introduction & suggested reading

Introduction to Annex A – Reference control objectives and controls

Structure of Annex A

Information security policies

Organization of information security

Human resources security

Asset management

Access control


Physical and environmental security

Operational security

Communications security

System acquisition, development and maintenance

Supplier relationships

Information security incident management

Information security aspects of business continuity management


Instructions for taking the exam and obtaining the certificate

Call Now- +91-921-276-0556

Send a Query

Tai Infotech Pvt Ltd, 2017 All Rights Reserved