Certified ISO 27001 Lead Implementer / Certified Information Security Program Manager Course

* A Dual Certification Course *

Mastering the implementation and management of an Information Security Program based on ISO 27001: 2013


The Certified ISO 27001 Lead Implementer course is a five-day information packed learning experience leading to a dual certification including the Certified Information Security Program Manager (CISPM™). It is designed to develop a level of competence to support the design, development, roll-out and maintenance of an organizational Information Security Program. Drawing upon best practices from ISO 27001, ISO 27002, ISO 27003, ISO 27017, students will learn the fundamental requirements to meet the expectations of ISO 27001 certification auditors.

To develop a well rounded understanding of the standard's expectations, students will be familiarized with the supplementary guidance offered by the forum's Information Security Program Framework, as well as ISO 27004, 27005, ISO 27034, ISO 27035, ISO 55000 and others.


Please click the Registration button below to go to our course listing and registration page. Registration for all our courses are done on Eventbright.com

What Does it Cost?

$2,995 USD ($2,495 tuition + $500 certification fee)

* due to the higher cost of facilities in some cities, tuition in those venues may be higher. The cost by venue is listed on individual registration pages.

** a $50 shipping fee applies to all online students in the US & Canada.


Who Should Attend?

  • Information Security professionals and managers involved in any aspect of the development, roll-out or operational maintenance of an Information Security Management System (ISMS)

  • IT Managers and professionals, Project Managers, and consultants wanting to prepare and to support an organization in the implementation or maintenance of an Information Security Management System (ISMS)

  • Auditors who want to understand and be able to demonstrate competence in an Information Security Management System implementation

  • Persons responsible for information security or its conformity in an organization

  • Consultants looking to understand and support clients implementing and information security management system

  • Corporate / industrial / physical security specialists

  • Technical experts wanting to prepare for an Information Security function or for an ISMS project management function


Learning Objectives

  • Understand the application of an Information Security Program as prescribed by ISO 27001.

  • Master the concepts, approaches, standards, methods and techniques required for the effective management of an organizational Information Security Program

  • Understand the various sub-programs under an Information Security Program, and their interrelationships to establish a holistic enterprise information security program.

  • Develop the expertise, to support an organization in the implementation, management and maintenance of an Information Security Program

  • Develop the expertise to manage a team that is implementing the ISO27001 standard



Day 1 - Introduction and Planning for an Information Security Management System (ISMS)

  • Introduction to management systems and the process approach

  • Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework

  • Fundamental principles of Information Security

  • Preliminary analysis and determining the level of maturity of the existing information security management system based upon ISO 21827

  • Writing the business case and preliminary design of the ISMS

  • Developing a project plan of compliance to ISO 27001

  • Defining the scope of the ISMS


Day 2 - Developing an ISMS based on ISO 27001

  • Drafting the ISMS and information security policies

  • Selection of the approach and methodology for risk assessment

  • Risk management according to ISO 27005: identification, analysis and treatment of risk

  • Drafting the Statement of Applicability


Day 3 - Implementing an ISMS based on ISO 27001

  • Implementation of a document management framework

  • Design of controls and writing procedures

  • Implementation of controls

  • Development of a training & awareness program and communicating about the information security

  • Incident management according to ISO 27035

  • Operations management of an ISMS

  • Monitoring the ISMS controls


Day 4 - Program Oversight and Auditing an ISMS based on ISO 27001

  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004

  • Internal Audit

  • Management review of the ISMS

  • Implementation of a continuous improvement program

  • Preparing for the ISO 27001 certification audit

Day 5 - Exam

What You Get

Students will receive:

  1. a copy of all slides presented during the class;

  2. a certificate of completion awarding 37 Continuing Professional Development (CDP) units;

  3. A free Professional membership with the Information Security Leadership Forum;

  4. A Student Information Package (SIP) with study tips and other helpful and insightful information for the course and exam; and

  5. An exam and certification application voucher for the Information Security Leadership Forum, the official certification authority.



General Exam Information

  • This course satisfies the standards and requirements set-out by the accrediting authority, the Information Security Leadership Forum.

  • The exam is taken by students on the final day of training between the hours of 9:00 AM - 2:00 PM local time. It is composed of a combination of multiple choice and essay questions, and is administered as an open book exam.

  • Students are required to arrive no later than 8:30 AM to receive exam instructions and final information, and will have three-hours to complete it.

  • The only items students may have with them during the exam are: pens, food and drink, the student binder, a dictionary, and the exam itself. All electronic devices, backpacks, purses, and other personal items must be stored at the front of the classroom during the exam.

Exam Results

  • Students will receive official exam results, typically within one to seven days from the exam date.


* Please note, we do not disclose any additional details on the exam, including number of questions, percentage or weighting based on training content, or any other details.

Terms & Conditions

  • Students are prohibited from recording (audio or video) any session(s), or portions of any session.

  • Students will receive a discount code for a free membership with the Information Security Leadership Forum. This code is only valid for use by the registered student. Students must register and setup an account prior to the commencement of the course.

  • Unless otherwise specified, meals and lodging are not included in the fee, nor provided by the organizer during the course.

  • The organizer reserves the right to cancel, change the dates and location, including converting the course to 100% online.

  • The organizer is not responsible for any travel or other expense incurred by a student.

  • All sales are final. There are no refunds, exchanges, or student substitutions.



  • Already ISO 27001 Auditor Certified? If you have an existing active certification with another recognized certification authority and would like to convert over to an ISLF certification, you may elect to challenge our exam for a fee of $30 + $100 for your first year's certification maintenance fee.

  • Have the extensive experience but no training, and want to challenge the exam? If you already meet the certification experience criteria and want to challenge the exam, we're happy to accommodate. You can purchase an exam voucher and application fee ($500) and sit for an exam without taking the training. We strongly recommend, before taking this option, you purchase ($150) a copy of the course study guide and review it in detail. To challenge the exam, you must take the exam in person on the last day of one of an official onsite course.