+27 087 405 5715     info.africa@pinkelephant.co.za


ISO/IEC 27001 Information Security Management – Practitioner

Course Type:
Training Costs:
Exam Costs:
Next Course:
R 7945
R Incl. in course fee
5 days
Closed Course


This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO/IEC 27005 (Risk Management in Information Security).


After successfully completing the exam
participants can apply for the credentials of PECB Certified ISO/IEC 27001 Provisional Implementer
PECB Certified ISO/IEC 27001 Implementer or PECB Certified ISO/IEC 27001 Lead Implementer
depending on their level of experience (view the brochure for more information)


Start Date Type Start Day Location Cost (excl. VAT) Register


The “PECB Certified ISO/IEC 27001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP).


The Course

This five-day intensive course enables the participants to develop the expertise necessary to support an organisation in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001. The participants will also be given a thorough grounding in best practices used to implement Information Security controls from all areas of ISO/IEC 27002.

Target Group

The training ISO Standards is designed to provide insight into the basic processes of, understanding, and is therefore especially suitable for:

  • Compliance project managers
  • Information Security consultants
  • Internal and external ISO/IEC 27001 auditors
  • Members of an Information Security team

Knowledge Objective

  • Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27001; initiating an ISMS
  • Introduction to the management systems and the process approach
  • Presentation of the ISO 27000 family standards and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity based on ISO 21827
  • Writing a business case and a project plan for the implementation of an ISMS
  • Planning the implementation of an ISMS based on ISO/IEC 27001
  • Defining the scope of an ISMS
  • Drafting an ISMS and Information Security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (based on ISO 27005)
  • Drafting the statement of applicability
  • Implementing an ISMS based on ISO/IEC 27001
  • Implementation of a document management framework
  • Design of and implementation of controls
  • Information Security training, awareness and communication program
  • Incident management (drawing on guidance from ISO 27035)
  • Operations management of an ISMS
  • Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO/IEC 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004
  • ISO/IEC 27001 internal audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO/IEC 27001 certification audit
  • To understand the implementation of an ISMS
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS
  • To acquire the necessary expertise to support an organisation in implementing, managing and maintaining an ISMS
  • To acquire the necessary expertise to manage a team implementing ISO/IEC 27001


5 days