40 hours. (5-day course)
citrep+: Funding of up to 70% is available for courses under NETT fee (Singaporeans only).
citrep+: Critical Infocomm Technology Resource Programme
CC09: Infocomm Security
Main Office (Bendemeer)
72 Bendemeer Road, #03-29 Luzerne, Singapore 339941
CQI-IRCA Approved Course Ref. No.: 18095
ISO 27001 is a recognised international standard for best practice in information security management systems (ISMS) within any organisation. This course will prepare you to plan and execute audits of information security management systems in line with the international standard ISO/IEC 27001.
Who should attend?
The ISMS Course is for personnel involved in leading audits of an Information Security Management System that conforms to ISO/IEC 27001:2013 in any organisation.
Suggested job roles and their teams include:
• Information security managers
• IT and corporate security managers
• Corporate governance managers
• Risk and compliance managers
• Information security consultants
- Purpose and business benefits of an ISMS, ISMS standards, ISMS audits and third party Certification
- Role and skills required by an auditor when planning, conducting, reporting and following up on an ISMS audit in accordance with ISO/IEC 27001:2013, ISO/IEC 27002:2013
- Information technology
- Security techniques
- Code of practice for information security controls
- ISO 19011:2011
- Guidelines for auditing management systems and where applicable
- ISO 17021:2015
- Conformity assessment - Requirements for bodies providing audit and certification of management systems
- Your company will have an internal resource and process to
be able to conduct its own audit of its ISMS to assess and improve conformance
with ISO/IEC 27001:2013
- You will gain a professional qualification that certifies
that you have the knowledge and skills to be able to lead a team to conduct an
audit of an ISMS in any organization that satisfies CQI-IRCA guidelines
- Successful auditing will improve the protection of any
organization’s private data to meet market assurance and corporate governance
The Prior Knowledge requirements are part of the continual assessments. Student who don’t complete the prior knowledge requirement quiz will not be registered for the course.
Download the Pre-Course Quiz in the link above.
a) Management Systems
Understand the Plan-Do-Check-Act (PDCA) cycle
b) Information security management
Knowledge of the following information security management principles and concepts:
- Awareness of the need for information security;
- The assignment of responsibility for information security;
- Incorporating management commitment and the interests of stakeholders;
- Enhancing societal values;
- Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
- Incorporating security as an essential element of information networks and systems;
- The active prevention and detection of information security incidents;
- Ensuring a comprehensive approach to information security management;
- Continual reassessment of information security and making of modifications as appropriate.
c) ISO/IEC 27001
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an IRCA certified ISMS Foundation Training course or equivalent.
The examination questions are related to any requirement in the prior knowledge requirements which will not be covered in the course.