Iso 27001

RepliconReplicon Member Posts: 124 ■■■□□□□□□□
My company is looking to get ISO 27001 certified, and I have to lead that project.
I was wondering if you can recommend any specific training (I am based in Canada) that I can take or certification I can pursue that will help me in the implementation stage. The training does't have to be in a classroom... I'd prefered online as my employer does not have to play, probably wont :), for travel and hotel.
I was able to find two courses here , have not watched them yet so I cant say how good they are.

When I was searching for certification, there was GIAC G2700 but that is retired. Any suggestions will be much appreciated.


  • amcnowamcnow Member Posts: 215 ■■■■□□□□□□
    WGU - Master of Science, Cybersecurity and Information Assurance
    Completed: JIT2, TFT2, VLT2, C701, C702, C706, C700, FXT2
    In Progress: C688
    Remaining: LQT2
    Aristotle wrote:
    For the things we have to learn before we can do them, we learn by doing them.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    I've never found a "company" that is ISO 27k compliant, so don't shoot for the stars in whatever you end up doing. Most companies I know are always in a constant "we're working towards ISO 27k compliance" mode. Those that say they are "compliant" (Amazon & Microsoft, I'm looking at you) are actually only compliant in this office here, that datacenter over there, etc.

    Also, as with all standards or frameworks, compliance does NOT equal security. It sounds good for vendors, execs, unknowing people, auditors, but ISO 27k compliance does NOT mean you're hack proof or have an awesome state of security.

    My recommendation for people looking for ISO 27k compliance is to not try to become compliant with every provision, but rather to find the parts that will help secure you the most for the least cost (80/20 rule there) and prioritize those. Don't spend 6 months making an infosec policy at the cost of not actually doing day-to-day operational stuff during those 6 months!
  • RepliconReplicon Member Posts: 124 ■■■□□□□□□□
    Thanks a lot amcnow I found a training,
    They have classroom training + certification at the end and they have it in my city next year :)
    If anyone knows any other training center that offers training please let me know.
    I searched amazon for books, there are few but they don't seem to have lot of reviews so I am hesitant what to buy.
    636-555-3226 I agree with you, I think that will be the next hard question, what to get certified , which component of the company.
    I know that having the certification doesn't mean you are certified, but from a PR perspective you can get some clients as an company you'll look more secure, and bottom line you can use that knowledge to improve the overall security in the company, its not just about peace of paper.
  • ivandavidsivandavids Member Posts: 50 ■■□□□□□□□□

    I've recently completed the ISO2001 Lead Auditor training live online at IT Governance - Governance, Risk Management and Compliance for Information Technology and they are awesome. A colleague of mine has just completed the ISO27001 implementer course as well.

    hope this helps
  • RepliconReplicon Member Posts: 124 ■■■□□□□□□□
    Are they prerecorded videos? You think their course are worth it? Is it just a course of there is option to take exam to get certified?
  • ivandavidsivandavids Member Posts: 50 ■■□□□□□□□□
    @Replicon -

    1. The Lead Auditor training is presented through a live online classroom session by Steve Watkins. He was very good at delivering the content in a manner for all levels to understand.
    2. I was fortunate enough to have my work pay for the training. I do not perform the audit function at work but I do work very closely with our internal audit team so the training was very useful.
    3. Yes you will be writing a certification exam

  • rob1234rob1234 Banned Posts: 151
    There exams are pretty easy, you might be better to just book the exam Exams this is the exam they offer that way you get the same qualification for a fraction of the price.
  • ivandavidsivandavids Member Posts: 50 ■■□□□□□□□□
    Agree with rob1234 - the exam is not hard at all.
  • Paul-777Paul-777 Member Posts: 12 ■□□□□□□□□□
    I did the IT Governance 27001 transition course a couple of years ago. It was fine the online training and exam worked ok.

    Just my 2p about 27001, it's more about demonstrating good practice to customers and contractural compliance... I don't know any company who did it to "be secure"
  • Robertf969Robertf969 Member Posts: 190
    So I am a ISO27001 Lead Auditor. I am going to go out on a limb here and assume you are familiar with general security controls. Assuming this is true I don't think you need any training. Your first step will be to buy the standard and begin to build out your ISMS. Your next step will be to determine your scope and boundaries. After that your next step should be to get a gap assessment. Most Certification bodies offer these for significantly less than the cost of certification. Take good notes during the gap and correct all areas that would have resulted in non-conformities. Then pursue certification.
  • ywesanywesan Registered Users Posts: 1 ■□□□□□□□□□
    I am preparing to sit for ISO27001 Foundation exam in Jan/Feb 2017. Is there any recommended books to prepare the exam? I saw some training videos at but not sure it is enough for exam preparation. Thanks.
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    anyone know the certigication body over these exams? I want to self study and then book but cant find who is over these exams?
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    I've never found a "company" that is ISO 27k compliant, ..

    you can be compliant and not certified. A lot of projects demand you to be 'compliant' which does not necessarily mean certified.

    As for ISO certified, there is no need to be certified on all the controls, select the ones applicable to your business. It's not hard

    Learn GRC! GRC Mastery : 

  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    eddo1 wrote: »

    Second post from the top...
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    they look to be training courses, can you send me link?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Yea, looks like they only offer courses. That would be the certification body over the exams though.
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    must be a cheaper way to do it! like when i wanted to do my ccna i acquired the material and then booked on pearson vue site.
  • safernandezsafernandez Member Posts: 15 ■■□□□□□□□□
    Dear! Greetings from Argentina. I want to consult the following: Can I take the PECB 27001 LA Online exam? Studying with Kate. Try to pay for the certification, but when applying, ask me for data that I do not have, such as:

    Exam Number
    Date Of Achievement
    Exam Issuer

    I dont understand the process, to access to the material and schudel the exam! Can you help me!?


  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    In Quebec, offer some ISO27001 training. Probably in french.

    Also, there is on Pluralsight a few hour of training video.
Sign In or Register to comment.