Our training courses cover a wide range of the ISO 27000 family of information security standards. These training courses are developed from over thirty years of practical experience using the ISO 27000 standards to manage information security in conjunction with the King IV Code for Corporate Governance in South Africa and the Protection of Personal Information Act.
1 day ISO 27001 ISMS: Certification Criteria
While not obligatory, certification to ISO/IEC 27000 standards is possible. Should an organisation choose to implement one of the ISO 27000 family of standards for the purpose of reassuring its customers and clients that it has adopted the requirements of good practice, it can be certified against the criteria defined for the specific standard.
Attendees will learn about the certification criteria and gain an understanding of what are the requirements for a general ISO 27001 information security management system.
2 day ISO 27001: Design, implement & operate an ISMS
The value of information security is the degree of public confidence and trust that is established through the provision of secure and reliable services, compliant with statutory and regulatory requirements. An Information Security Management System (ISMS) helps an organisation achieve this objective.
Attendees will learn how to plan, design, build, implement and operate an ISMS to ensure the selection of adequate and proportionate security controls that protect the organisation's information assets and give confidence to interested parties.
2 day ISO 27001: Monitor, evaluate & improve an ISMS
To make certain it achieves its objectives an organisation should monitor, measure, analyse and evaluate the performance and effectiveness of its information security management system and retain appropriate documented information as evidence, conduct internal audits at planned intervals, perform management reviews and continuously improve.
Attendees will learn how to monitor, measure, analysis and evaluate the performance and effectiveness of the ISO 27001 information security management system.
2 day ISO 27001: Organisational process integration
To be effective an information security management system needs to be part of and integrated with an organisation’s processes and overall management structure. A process approach is adopted in order to manage the many activities needed for the ISMS to function effectively. Information security is to be considered in the design of processes, information systems and internal controls.
Attendees will gain an understanding of how to integrate an ISO 27001 information security management system with an organisaton's operational processes, control and governance mechanisms.
2 day ISO 27001: Protection of Personal Information
The Protection of Personal Information Act requires responsible parties to have due regard for generally accepted information security practices and procedures. One of the most popular information security standards used internationally for the protection of personal information is the ISO 27001 requirements for information security management systems.
Attendees will gain an understanding of how to use the ISO 27001 information security management system requirements as the basis for planning and implementing the technical and organisational measures required to protect the processing of personal information.
2 day ISO 27007: Lead Auditor
ISO 27007 provides guidance on managing an information security management system (ISMS) audit programme, on conducting the audits, and on the competence of ISMS auditors. This extends the guidance contained in ISO 19011, the guideline for auditing information security management systems, and provide those responsible for conducting audits of the ISO 27000 family of standards with greater understanding of the required audit process.
Attendees will gain an understanding of how to apply the ISO 27007 and ISO 19011 guidelines for auditing information security management systems and conduct an audit.
2 day ISO 27001: Ensuring Operator Compliance
The Protection of Personal Information Act requires that responsible parties ensure that operators (i.e. service providers) comply with the conditions for the lawful processing of personal information, including condition regarding the security of personal information. Responsible parties must direct the implementation of the technical measures required to counter the risk and must monitor the effectiveness of these measures in countering the risks.
Attendees will learn how to use the ISO 27001 information security management system to direct and monitor operator compliance.
2 day ISO 27002: Information Security Code of Practice
ISO 27002 provides guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).
Attendees will gain an understanding of how to select controls within the process of implementing an Information Security Management System based on ISO 27001, implement commonly accepted information security controls and develop their own information security management guidelines.
2 day ISO 27017: Cloud Computing Security
ISO 27017 provides guidance for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO 27002, specifically related to cloud services. Cloud providers can use these requirements to to plan, implement and demonstrate fulfilment of their information security obligations.
Attendees will gain an understanding of how to select controls applicable for the provision and use of cloud services.
1 day ISO 27018: Privacy in the Cloud
ISO 27018 is a code of practice with generally accepted control objectives, controls and guidelines for implementing measures for the protection of personal information in public clouds provided by operators. Cloud providers can use these requirements to to plan, implement and demonstrate fulfilment of their privacy obligations.
Attendees will gain an understanding of the responsibilities operators have to responsible parties for protecting the processing of personal information in cloud environments.
2 day ISO 27032: Cybersecurity
Attendees will learn about the control objectives and controls applicable to cybersecurity.