Format:  100% Online (self-paced)
Complete at any time to suit your schedule.
Immediate access to course materials on booking.

Duration: 7 hours

CQI and IRCA Course Ref:  FD 134

This CQI and IRCA Certified Online Self-Paced ISO/IEC 27001:2022 Foundation Course, is designed for those looking to gain a basic understanding of the core requirements of ISO 27001:2022 and management systems methodology, and the role an ISMS can play within an organisation to help meet customer requirements.

The training provides a starting point for those interested in progressing their career with SEQM’s CQI and IRCA Certified ISO/IEC 27001:2022 ISMS Internal Auditor and Lead Auditor Courses.

• Those wishing to start a career in auditing
• Anyone wishing to gain the fundamentals about information security management systems (ISMS)
• Those wishing to build on existing information security management experience.
• Information Security Managers, Engineers, Coordinators and Consultants with ISMS responsibilities
• Anyone involved in the auditing, maintaining or supervision of an ISO 27001:2022 ISMS

Key topics include:

• To understand the the purpose and business benefits of an information security management system (ISMS)
• To recognise the structure and content of ISO/IEC 27001, and its relationship with ISO/IEC 27000 and ISO/IEC 27002
• To understand the specific information security management-related requirements of ISO/IEC 27001

Attendees will receive a detailed understanding of:

• The purpose of a information security management system and the organisational benefits of improving the information security management system’s performance.
• The processes and procedures involved in establishing, implementing, operating, monitoring, measuring, analysing, evaluating, reviewing, maintaining, and improving a quality management system, and to understand the significance of these for ISMS auditors.
• The terms and definitions defined and used in ISO/IEC 27001.
• The structure and content of ISO 27001, and its relationship with ISO/IEC 27000 and ISO/IEC 27002.
• The structure and content of ISO 27001, with reference to the Plan- Do- Check- Act (PDCA) cycle and the model of a process-based information security management system, the structure and content of ISO/IEC 27001.
• Understand the relationship between ISO/IEC 27001 and ISO/IEC 27002 requirements, with reference to the information security controls and Statement of Applicability (SoA).
• The specific information security management related requirements of ISO/IEC 27001.
• The relationship between external and internal issues, the relevant requirements of relevant interested parties, the actions required to address risks and opportunities, and the information security management system processes needed to implement them.
• The purpose of the scope of an information security management system and what should be considered when determining it.
• The purpose of an information security policy, the relationship between the information Security policy and the information security scope and the requirements for its implementation and review.
• The requirements for information security objectives and the relationship between the information security objectives and the information security policy, information security planning including the planning of information security management system changes, monitoring, and measuring of processes, and management review.

plus:

• How top management demonstrates leadership and commitment by taking accountability for the effectiveness of the information security management system.
• How to conduct a typical risk assessment process with reference to information security risk criteria, risk acceptance criteria and risks.
• Understanding of a typical risk treatment processes and information security risk options.
• Understand the structure and use of information security controls, and a typical Statement of Applicability (SoA) and the relationship between Annex A and ISO/IEC 27002
• The requirements for monitoring, measurement, analysis and evaluation of information security performance against policy and planned objectives, the programming and use of internal audits and the monitoring, and measurement of processes and controls.
• The processes involved in achieving continual improvement of information security performance through improving the suitability, adequacy and effectiveness of the information security management system and related processes
• Examples of the resources needed to achieve customer satisfaction and conformity to product and service requirements and explain the requirements for support.
• How the organisation plans, implements and controls the processes needed to meet ISMS requirements, and how any externally provided processes, products and services are controlled.
• What are the resources needed to protect the confidentiality, integrity, and availability of information.
• The requirements for the monitoring, measurement, analysis and evaluation of the information security management system performance against planned objectives and for the internal audit.

In order to successfully complete this online course, each Learner will need to:

• Complete all online course modules
• Pass the final assessment by achieving 70% or higher

On successful completion you will receive a  CQI and IRCA Certificate of Completion.