Course Overview

A four-day course covering the full implementation lifecycle of an ISMS aligned to ISO/IEC 27001:2022 – from scope and risk assessment through Statement of Applicability, all 93 Annex A controls, and stage 1/stage 2 certification audit readiness. Participants leave with a draft ISMS documentation set tailored to their organization.

Who Should Attend

• ISMS implementation leads and information security managers
• Consultants serving SaaS, fintech, and B2B clients
• CISOs and information security architects
• IT managers driving customer-required certifications

What You Will Learn

• Conduct an ISMS gap analysis against ISO/IEC 27001:2022
• Define ISMS scope, context, and information security policy
• Perform risk assessment and risk treatment in line with the standard
• Build the Statement of Applicability and document Annex A control implementation
• Establish performance evaluation, internal audit, and management review processes
• Prepare documentation and processes for stage 1 and stage 2 certification audits

Course Content

• Project setup, gap analysis, and ISMS scope
• Context, stakeholders, leadership, and information security policy
• Risk assessment, risk treatment, and Statement of Applicability
• Annex A – organizational controls
• Annex A – people controls
• Annex A – physical controls
• Annex A – technological controls
• Performance evaluation, internal audit, management review, and certification readiness

Methodology

A workshop-led course combining trainer presentations, group exercises, case studies, and template-driven document development across the four days.

Assessment

Continuous assessment through implementation exercises and a final written assessment.

Certificate

Prerequisites