ISO27001 Certified ISMS Lead Implementer

Provided by

Enquire about this course

About the course

The most comprehensive ISO 27001 Lead Implementer classroom course available in the UK today.

Developed by global ISO 27001 experts Alan Calder and Steve Watkins, and drawing on their industry-leading implementation guide IT Governance – An International Guide to Data Security and IS027001/ISO27002, this three-day course covers all nine of the key steps involved in planning, implementing and maintaining an ISO 27001-compliant ISMS.

This fully accredited, practitioner-led course equips you with the skills to lead an ISO 27001-compliant information security management system (ISMS) implementation project. Learn from the developers of the original ISO27001 Lead Implementer course and get to grips with the nine steps to implementing an ISMS.

Using a combination of formal training, practical exercises and relevant case studies, an experienced ISO 27001 trainer and consultant will:

  • Take you through the nine steps to ISO 27001 success.
  • Help you to develop the skills required to achieve ISO 27001 compliance for your organisation.
  • Help you maximise project value and avoid common pitfalls.

The ISO27001 Certified ISMS Lead Implementer course supports professional development: delegates who pass the included exam are awarded the ISO 17024-accredited ISO27001 Certified ISMS Lead Implementer (CIS LI) qualification by IBITGQ.

It is also accredited by the Institute of Information Security Professionals (IISP) and satisfies the IISP Skills Framework requirements at Level 1: A1, A2, A3, A4, A5, A6, A7, B1, B2, G1, H1, and H2.

What will you learn?

  • Securing senior management commitment and building the business case.
  • The role and structure of an information security policy.
  • How to determine the scope of your ISMS based on the requirements of ISO 27001.
  • Developing a management framework.
  • How to structure and manage your ISO 27001 project.
  • How to allocate roles and responsibilities for your ISO 27001 implementation.
  • The definition of risk in ISO 27001 and options for risk assessments under the Standard.
  • The benefits of, and key issues when selecting, a risk assessment tool.
  • How to carry out an information security risk assessment – the core competence of information security management.
  • The Statement of Applicability (SoA), and justifications for inclusions and exclusions.
  • Reviewing your existing controls and mapping controls to Annex A of ISO 27001.
  • The importance of an effective communication strategy.
  • Writing policies and producing other critical documentation.
  • The importance of staff and general awareness training.
  • The key elements of management review.
  • How to manage and drive continual improvement under ISO 27001.
  • How to prepare for your ISO 27001 certification audit.
  • Important information to ensure that you pass the audit first time.

 ISO27001 Certified ISMS Lead Implementer (CIS LI) examination

Take the CIS LI examination at the end of the course – a 90-minute, multiple-choice, ISO 17024-accredited exam set by IBITGQ. There is no extra charge for taking the exam at the end of the course.

Exam results and certificates

  • Where exams are taken online (either remotely or by computer in the classroom), provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within 10 working days from the date of the exam.
  • Where exams are done in paper form, we aim to make confirmed exam results available within 10 working days from the date of the exam.
  • For both online and paper exams, certificates for those who have achieved a passing grade will be issued within 10 working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.


This course enables delegates to qualify for 21 CPD/CPE credits, and fits well with the CISSP and SSCP Continued Professional Education Programme.

Who should attend this course?

Anyone involved in information security management, writing information security policies or implementing ISO 27001, either as a Lead Implementer or as part of an implementation team.

This course also meets the requirements of PCI SSC for additional QSA qualifications and, in the UK, is covered by the MOD ELCAS scheme.

Entry requirements

There are no formal entry requirements. However, it is assumed that you will have a basic knowledge of ISO 27001 gained through practical experience, reading the ISO 27001:2013 standard, or by attending the ISO27001 Certified ISMS Foundation course.


Start date Location / delivery
04 Apr 2018 London Book now
11 Apr 2018 Birmingham Book now
23 May 2018 London Book now
06 Jun 2018 London Book now
11 Jul 2018 London Book now
08 Aug 2018 London Book now
12 Sep 2018 London Book now
19 Sep 2018 Glasgow Book now
10 Oct 2018 London Book now
07 Nov 2018 London Book now
12 Dec 2018 London Book now

Related article

Three in four UK councils do not provide mandatory cyber security training to their staff, despite cyber attacks becoming increasingly fierce and f...