Iso 27001

smiahsmiah Junior MemberMember Posts: 25 ■□□□□□□□□□
I'm a systems manager of a small company with 150 employees on a single site environment and have been working for the I.T industry for last 10 years. I have a project to carry iso27001/iso27002 for my company.
To keep the cost to bare minimal i have purchased 2 books, IT Governance A managers guide to Data Security and iso27001/2 4th edition & Iso27001 in a Windows Environment 2nd edition.
i have been working on these books for the last 12 months and have implemented lots of iso27001 frameworks/controls and reduced the threats to my organisation.i'm implementing all my controls by myself.
i'm now looking for the training courses which i believe it will be very valuable for this project. i have been visiting few websites and have seen different level of training course available for iso27001.
can you please recommend which taining course will be appropriate for me from below courses:

ISO27001 ISMS Foundation
ISO27001 Certified ISMS Lead Implementer
ISO27001 Certified ISMS Internal Auditor
ISO27OO1 Certified ISMS Lead Auditor
can you please also explain the difference between "Lead Implementer" and "Internal Auditor"

i await for your response



  • shaqazoolushaqazoolu InfoSec Analyst Member Posts: 259 ■■■■□□□□□□
    I am no expert on the ISO standards, but their terminology when speaking of "lead implementer" and "internal auditor" is likely just trying to convey the message that those two roles should be completely separate and independent of each other. Basically, you don't want the person that implemented everything (lead implementer) to be the one verifying (auditing) what may or may not be implemented. I'm not sure if that is what you were asking.
  • squareeyessquareeyes Junior Member Registered Users Posts: 3 ■□□□□□□□□□
    I was wondering if anyone had taken the exam :

    [h=1]ISO 27001 Certified ISMS Foundation from IT Governance - Governance, Risk Management and Compliance for Information Technology ?[/h]Not sure how much time I need to devote to passing this. Is attending the 1 day training enough to get me through the exam with a pass?
  • MelanieWatsonMelanieWatson Junior Member Member Posts: 11 ■□□□□□□□□□
    Don't know if you're still considering this course, but I attended this one and there was enough information/overview to the standard to pass the exam. The course gave me a good understanding of the key elements of ISO 27001 and the qualification was highly regarded on my CV! :)
  • TheFORCETheFORCE Senior Member Member Posts: 2,297 ■■■■■■■■□□
    Is your company trying to be certified as an ISO 27000 or are they having you implement the ISO controls as best practices? If you are able to answer that then you will know if you should go for the training or just study for the knowledge. My company is currently looking to implement the ISO best practices but we are not implementing all the controls of the framework, just the ones that apply to our environment.
Sign In or Register to comment.