Governance, Risk, Compliance

ISO/​IEC 27001 – ISMS Lead Implementer

Key steps for implementing and maintaining a successful Information Security Management System.

  • Duration 5 Days
  • Fee - Virtual Instructor-Led $3,540 + GST
  • Exam Exam Included
  • Fee - Face-to-face Training $4,275 + GST
  • Team Training Get a quote
  • Download Course brochure

Upcoming Course Dates

View all course dates
Location Date Time  
Virtual Instructor-led Training | AEST 26 - 30 May 2025 08:30 am - 04:00 pm

Individual/Self-Funding
Business or Government

Overview

authorized gold partner

ISO/IEC 27001 – ISMS Lead Implementer

ISO 27001 Lead Implementer Training – Key Points:

  • Practical orientation – not just theory.  Features extensive use of case studies from actual implementations led by the course presenter
  • The ONLY independently accredited ISO 27001 Lead Implementer training in Asia-Pacific
  • Certificate exam 3rd-party set and marked
  • Based on most recent version ISO 27001:2022 updated to include latest changes in the ISO/IEC 27002:2022 standard
  • ALC courses are presented only by Tier 1 trainers. Quality is guaranteed.  Contact us for trainer bio sheet.

The ISO Lead Implementer certification course provides comprehensive and practical coverage of all aspects of implementing and maintaining an ISO 27001 project. If you are involved in information security management, writing information security policies or implementing ISO 27001 – either as a Lead Implementer, or as part of the planning/implementation team – this course will give you the all the key steps for implementing and maintaining a successful Information Security Management System.

Based on the most recent version ISO 27001:2022 updated to include latest changes in the ISO/IEC 27002:2022 standard, this training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).

Our Trainers Make the Difference

  • Sean O’Donoghue-Hayes

    Sean is a seasoned professional with over 25 years of experience in the field of information technology and communication security.

    Read full bio
  • David Wheeler

    David has over 25 years Australian and APAC experience in the assessment, operation and improvement of ICT technologies as guided and directed by Governance structures and processes.

    Read full bio

Learning Outcomes

  • Understanding the application of an Information Security Management System in the context of ISO 27001
  • Mastering the  concepts,  approaches,  standards,  methods  and techniques required in an effective management of an Information Security Management System
  • Understand  the  relationship  between   the  components   of  an Information Security Management System, including risk management, controls and  compliance with the  requirements of different stakeholders of the organisation
  • Acquiring the necessary expertise to support an organisation in implementing, managing and maintaining an ISMS as specified in ISO27001
  • Acquiring   the   necessary   expertise   to   manage   a   team implementing the ISO27001 standard
  • Develop the knowledge and skills required to advise organisations on best practices in management of information security
  • Improve  the  capacity  for  analysis  and  decision  making  in  a context of information security management it 

Who Should Attend

  • Project manager or consultant wanting to prepare and to support an organisation in the implementation of an Information Security Management System (ISMS)
  • ISO 27001 Auditor who wants to master the Information Security Management System implementation process
  • Person responsible for the Information security or conformity in an organisation
  • Members of the information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security function or for an ISMS project management function

Course Contents

1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS

  • Introduction to management systems and the process approach
  • Detailed presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2005

2: Planning an ISMS based on ISO27001

  • Defining the scope of the ISMS
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology  for risk assessment
  • Risk management according to ISO 27005: identification, analysis and treatment of risk
  • Drafting the Statement  of Applicability

3: Launching and implementing an ISMS based on ISO27001

  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident Management according to ISO 27035
  • Operations management of an ISMS

4: Control, act and the certification audit of the ISMS according to ISO 27001

  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and the dashboard in accordance with ISO 27004
  • ISO 27001 Internal Audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparing for the ISO 27001 certification audit

5: Review & Exam Preparation

  • Course review
  • Q&A
  • Exam preparation

  • Have really enjoyed the style of learning. I would say the most beneficial part is the quizzes after each section as it allows you to test your knowledge (and be surprised when you thought you knew something but actually don't!).

    Live Virtual Training | 2022

Testimonial

ISO 27001

read more

Fees

ISO27001 Lead Implementer Course (5 Days)

  • Live Virtual Training: $3,540 + gst
  • Face-to-Face Training: $4,275 + gst

All participants will receive:

  • In class Discussions, Exercises and Quizzes
  • IEC/ISO 27001 Lead Implementer Online Exam
  • Unparalleled Post Course Support

Virtual Courses:

  • ONLINE ACCESS: Access course materials via PECB’s online system KATE
    E-materials are provided by default with the option to purchase hardcopy materials for an additional cost.

Face-to-Face courses:

  • HARD COPY + E-COPY: Comprehensive Course Workbook, quality colour printed

Prerequisites

ISO 27001 Foundation certification or a basic knowledge of ISO 27001 and ISO 27002 is recommended.

Examination

  • 80 questions
  • Multiple choice
  • Open book
  • 3 hours (30 additional mins for EASL)
  • Pass mark 70%
  • If delegates fail their first attempt they can retake it for free within 12 months

The Certified ISO/IEC 27001 Lead Implementer exam is conducted under the auspices of the PECB Examination and Certification Programme (ECP).

  • The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of information security
    • Domain 2: Information security control best practice based on ISO 27002
    • Domain 3: Planning an ISMS based on ISO 27001
    • Domain 4: Implementing an ISMS based on ISO 27001
    • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001
    • Domain 6: Continual improvement of an ISMS based on ISO 27001
    • Domain 7: Preparing for an ISMS certification audit
  • A certificate will be issued to participants who successfully pass the exam via PECB 

Examination Re-Sit Options:

There is no limit to the number of times a candidate can retake an exam. However, there are certain limitations in terms of the time span between exam retakes.
  • If a candidate does not pass the exam on the 1st attempt, s/he must wait 15 days after the initial date of the exam for the next attempt (1st retake).

Certification Levels

There are three levels of accreditation that you can apply for after passing the exam, depending on professional experience:

  • ISO/IEC 27001 Provisional Implementer – exam passed, no direct professional experience, no ISMS project experience
  • ISO/IEC 27001 Implementer – exam passed, two years professional experience with at least one year in information security, project experience of at least 200 hours
  • ISO/IEC 27001 Lead Implementer – exam passed, five years professional experience with at least two years in information security, project experience of at least 300 hours

Candidates can apply for the appropriate level of accreditation once exam results have been received.

ALC is an official Training Provider for ISO27001 Lead Implementer by PECB

More Courses You May Be Interested In

Related Reading