Ota yhteyttä



010 4321 001 Ota yhteyttä

Kesto: 3 päivää
Veroton hinta (+ alv 24 %): 1 983 €

Tästä asiakaskohtainen toteutus?

Toteutamme koulutuksia myös asiakaskohtaisina. Jätä yhteystietosi, ja tehdään juuri teille sopiva toteutus.

Tästä koulutuksesta ei alennuksia. 

Osallistumista ei voi maksaa koulutuskortilla.

Paikka ja päiväys

27.8 – 29.8
English English
11.11 – 13.11
English English
9.3 – 11.3
English English
Lataa pdf-muodossa

ISO27001 2013 Foundation

This three day ISO/IEC 27001 Foundation training course will introduce delegates to the requirements and principles of ISO/IEC 27001, providing delegates with an awareness of the issues and challenges involved in implementing an information security management system.
This practical foundation course is designed to provide an introduction to information security management (ISM) systems as set out in ISO/IEC 27001:2013. 



There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2013, and BS ISO_IEC 27002_2013.

Intended Audience:

Security and IT professionals, those responsible for risk and audit or project managers responsible for ISO27001 compliance programmes.


  • The detailed requirements of ISO/IEC 27001:2013
  • How to identify information assets
  • How to identify the threats, vulnerabilities and risks associated with Assets
  • How to Plan the ISMS implementation program: Timescales and resources. Risk assessment and management, Producing a Statement of Applicability and Documentation, monitoring and auditing
  • Preparing for certification
  • Sources of information and further development

Course Outline:

Day 1:

  1. Why do you need certification to ISO 27001?
  2. The relationship between ISO27001, and ISO27002
  3. What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit
  4. Over view of the stages of the ISMS
  5. Defining an Information Security Policy
  6. Defining the scope of the ISMS
  7. What are information assets, and identifying them?
  8. Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk
  9. Risk measurement

Results and conclusions resulting from an assessment
Risk reduction and acceptance techniques

Day 2:

  1. Determining control objectives
  2. Selecting control objectives and controls
  3. Information Security Overview
  4. ISO 27001/ ISO27002 control objectives and controls
  5. The application of countermeasures, Creating a workable countermeasure
  6. Preparing a Statement of Applicability
  7. Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit

Day 3:

  1. Preparing for formal certification audits
  2. The phase 1 and 2 ISO 27001 audits
  3. Maintaining Certification

Please note, this course does not include ISO27001 Lead Auditor training modules.