ISO 27001:
Information Security
Protect What Matters. Build Trust That Lasts.
In an era of escalating cyber threats and data breaches, understanding how to establish, implement, and maintain an Information Security Management System based on ISO 27001 is no longer optional — it is essential. This programme gives professionals the technical and managerial skills to defend their organisation's most critical digital assets, ensure regulatory compliance, and build a culture of proactive information security.
From Security Incidents to a Culture of Protection
Data breaches are no longer a question of if — they are a question of when, and how prepared your organisation is to prevent, detect, and respond to them. ISO/IEC 27001:2022 provides the globally accepted framework for designing an Information Security Management System (ISMS) that moves your organisation from reactive incident response to a proactive, disciplined security posture.
This programme goes well beyond a theoretical overview of the standard. Delivered by practising information security and governance professionals, every module translates ISO 27001:2022 requirements into actionable steps — covering ISMS design, risk assessment methodology, Annex A control selection, and the cultural and managerial disciplines that make security frameworks actually work inside real organisations.
Participants leave with a working ISMS architecture, a populated information security risk register, a practical understanding of all 93 Annex A controls, and the credentials to lead or support an ISO 27001 implementation with confidence.
What You Will Walk Away With
The ability to design, scope, and implement an Information Security Management System aligned to ISO/IEC 27001:2022 requirements.
Practical skills in information security risk identification, analysis, evaluation, and treatment using structured IS-specific methodologies.
A working knowledge of all 93 Annex A controls — how to select, implement, and justify the controls relevant to your organisation.
Confidence navigating global data privacy regulations — including GDPR obligations and how ISO 27001 supports compliance with them.
The tools to build a proactive security culture — moving beyond policy documents to the leadership behaviours and team practices that sustain security.
Ready-to-use outputs: ISMS scope statement, information security risk register, Statement of Applicability (SoA) template, and incident response framework.
Covering All 93 Controls Across Four Domains
ISO/IEC 27001:2022 introduced a restructured Annex A with 93 controls organised across four domains. This programme ensures participants understand every domain — and can make confident, justified decisions about which controls apply to their organisation's context.
What the Course Covers
- The modern threat landscape — attack vectors, actors, and the evolving risk environment
- Why technical controls alone are insufficient: the governance and cultural dimension of security
- Introduction to ISO/IEC 27001:2022 — structure, clauses, and what the standard requires
- How ISO 27001 relates to ISO 27002, ISO 31000, and other governance frameworks
- The business case for an ISMS — regulatory drivers, client expectations, and operational resilience
- Understanding the organisation and its context — internal and external factors relevant to information security
- Identifying interested parties and their requirements — regulators, clients, and supply chain
- Defining the ISMS scope: boundaries, applicability, and common scoping mistakes to avoid
- Leadership commitment and top management obligations under ISO 27001
- Drafting an Information Security Policy that is meaningful, not just compliant
- Roles, responsibilities, and accountability structures within the ISMS
- Information asset identification and classification — what needs protecting and why
- Threat and vulnerability identification techniques specific to information security
- IS risk analysis: likelihood, impact, and the CIA triad (Confidentiality, Integrity, Availability)
- Risk evaluation and prioritisation — building and using an information security risk register
- Defining risk acceptance criteria and information security risk appetite
- Hands-on: conducting a full IS risk assessment on a real-world case scenario
- Overview of all 93 controls in ISO 27001:2022 Annex A — what changed from the 2013 version
- Organisational controls: policies, threat intelligence, supplier relationships, incident management
- People controls: screening, terms of employment, awareness, and disciplinary process
- Physical controls: secure areas, clear desk, equipment maintenance, and disposal
- Technological controls: access management, cryptography, malware protection, and logging
- Completing the Statement of Applicability (SoA) — justifying inclusion and exclusion of controls
- Hands-on: building your organisation's SoA draft using real criteria
- Why most ISMS failures are people failures — the behavioural dimension of information security
- Designing a security awareness programme that actually changes behaviour
- Communication planning: what to communicate, to whom, and how often
- Training requirements under ISO 27001 and how to satisfy them practically
- Security in the supply chain — extending your ISMS obligations to third-party relationships
- Information security incident management — detection, classification, response, and lessons learned
- Designing an incident response plan aligned to ISO 27001 requirements
- Internal audit of the ISMS — scope, methodology, and how to report findings effectively
- Management review requirements — what must be reviewed, how often, and by whom
- Nonconformity and corrective action — addressing gaps without creating bureaucracy
- Continual improvement of the ISMS: embedding review cycles and performance indicators
Built For These Professionals
Professionals responsible for designing, implementing, or managing information security programmes and ISMS frameworks.
Those navigating GDPR, sector-specific data regulations, and needing a robust governance framework to support compliance obligations.
Technical professionals who need to connect their hands-on security work to a recognised governance framework for audit and assurance purposes.
Audit professionals conducting or preparing for ISO 27001 audits who need a deep understanding of ISMS requirements and Annex A controls.
Executives and board members responsible for information security governance who need a structured, credible framework to lead with.
GRC and IT advisory professionals supporting organisations through ISO 27001 implementation, certification, or ongoing ISMS management.
What Past Delegates Say
I had been managing our security function for three years without a structured framework. This course gave me the architecture I needed — I left with a scoped ISMS, a completed SoA, and a risk register my leadership team finally understood. The Annex A walkthrough alone was worth the entire programme.
Our organisation was preparing for ISO 27001 certification and I needed to understand the standard deeply, not just theoretically. The programme bridged that gap completely. The facilitator brought real implementation experience — the case studies were drawn from actual projects, not textbooks. Outstanding.
Ready to Build an Information Security Programme That Lasts?
Join professionals across industries who have implemented ISO 27001 frameworks, earned internationally recognised credentials, and earned the trust of their clients and regulators.
