ISO/IEC 27001 (ISO 27001) is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).
The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.
An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.
ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.
Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.
The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.
At the end of the training the students will know:
- The scope and purpose of ISO/IEC 27001 and how it can be used.
- The key terms and definitions used in the ISO/IEC 27000 series.
- The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement.
- The processes, their objectives and high level requirements.
- Applicability and scope definition requirements.
- Use of controls to mitigate IS risks.
- The purpose of internal audits and external certification audits, their operation and the associated terminology.
- The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.
Perfil de los alumnos
This certification is aimed at those who are:
- Supporting the implementation, operation or maintenance of an ISMS within an organization.
- Required to audit an ISMS and to have a basic understanding of the standard.
- Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.
- Preparing for the ISO/IEC 27001 Practitioner – Information Security Officer qualification.
There is no pre-requisite for the Foundation qualification but an interest and/or background in information security or service management would be an advantage.
Our team of highly qualified instructors combine training activities with the development of their profession as experts in the field of IT. Professionals certified by the major manufacturers capable of transferring an enjoyable and easy to understand technical concepts more abstract.
Each student will receive a copy of the documentation according to the training contents.
Contenidos del ISO 27001 Foundation
- Introduction, background and definitions
- Key publications
- Leadership and support of the ISMS
- Planning and operation of the ISMS
- Information security control objectives and controls
- Achieving ISO/IEC 27001 Certification
Face-to-face, active and participative course. The trainer will introduce the contents using the demonstration method, the participants will assimilate the knowledge through the practices of real application.
Continuous evaluation based on the activities carried out in groups and / or individually. The trainer will provide feedback on a continuous basis / at the end of the activities / individually to each participant.
At the end of the training, the candidate can do the ISO/IEC 27001 Foundation exam. The Exam format is:
- Multiple choice format
- 50 questions per paper
- 25 marks or more required to pass (out of 50 available) – 50%
- 40 minute duration
- Closed book
Se emitirá Certificado de Asistencia sólo a los alumnos con una asistencia superior al 75% y Diploma aprovechamiento si superan también la prueba de evaluación.