How to Demonstrate Compliance with ISO/IEC 17799 & Prepare for ISO/IEC 27001 Certification

Overview

This three-day course is based on ISO/IEC 17799:2005 which was published in June 2005 and ISO/IEC 27001:2005 (previously BS 7799-2) which was published in October 2005. The course provides instruction on how to achieve compliance with ISO/IEC 17799 and certification to ISO/IEC 27001 using a risk based approach.

On completion of this course, delegates will be able to:

  • describe the objectives of ISO/IEC 17799 and ISO/IEC 27001
  • define the phases required to complete a risk assessment
  • apply the 'Plan, Do, Check, Act' process as a means of complying with ISO/IEC 17799 or certifying to ISO/IEC 27001
  • plan and initiate a process for compliance or certification using PDCA
  • understand how to develop a compliant Information Security Management System (ISMS).

Course format

The course is a mixture of traditional classroom training and group discussions. The course is underpinned by a structured case study that is used to demonstrate how to complete the Plan, Do, Check, Act stages of compliance/certification. The course contains a mixture of theory and practical exercises which enables delegates to acquire the knowledge required to undertake an implementation programme.

Agenda

Day one

Specific topics include:

  • the history of ISO/IEC 17799
  • the ISO/IEC 27000 roadmap
  • comparisons between ISO/IEC 17799 and ISO/IEC 27001
  • ISO/IEC 27001 control areas
  • the Plan, Do, Check, Act (PDCA) model.

Day two

Delegates will learn about:

  • developing an effective Information Security Management System (ISMS)
  • approaches to risk assessment
  • preparing a Statement of Applicability (SoA).

Day three

  • Training and awareness
  • Compliance vs. certification
  • Auditing and continuous improvement

What you will learn?

During the course, delegates will be introduced to the control objectives, controls and procedures specified in ISO/IEC 17799 and ISO/IEC 27001.

The course tutor will discuss the applicability of ISO/IEC 27001 as:

  • an external certification standard
  • a model for compliance with recognised good practice and legal obligations (e.g. Principle 7 of the Data Protection Act)
  • a corporate governance compliance standard (i.e. Combined Code and Sarbanes-Oxley Act).

Who should attend?

  • Those involved with complying with ISO/IEC 17799 or certifying to ISO/IEC 27001 within their organization
  • All information security staff; those in a compliance function; and those responsible for corporate governance
  • Risk managers
  • Auditors

Only available as an in-house course
Back To Top
Print this page

To find out more

For more information about these courses, including quotes and booking, please contact seminars@bsi-global.com or call us on +44 (0)20 8996 7409.

Related Links

Related Standards