Certified ISO 27001 Lead Implementer and ISO 27005 Risk Management Combination Training Course

Provided by

Enquire about this course



Training course outline

Certified ISO 27005 Risk Management course

Building on the implementation guidance delivered by the ISO 27001 Lead Implementer course, this course features real-life case studies to ensure attendees gain an in-depth understanding and a practical knowledge of the key activities of the ISO 27005 risk management process.

Certified ISO 27001 Lead Implementer course

The flagship of our ISO 27001 Implementation Learning Pathway, this advanced-level course is focused on developing the in-depth knowledge and skills required to implement and deliver an ISMS.

COVID-19: remote delivery options

We would like to reassure our clients that all training courses will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow us to provide training remotely where necessary. Our classroom/ online delivery option enables you to attend either in person or online, if circumstances change. Please also refer to our COVID-19 policy.

ISO 27001 Lead Implementer and ISO 27005 Risk Management training course benefits

A complete overview on ISO 27001 requirements

This unique training programme provides a complete introduction to the requirements of ISO 27001, and covers all the activities required to plan, implement and maintain an ISO 27001-compliant information security management system (ISMS)

A complete overview on ISO 27001 requirements

This course is developed by ISO 27001 experts Alan Calder and Steve Watkins, and draws on their industry-leading implementation knowledge.

Developed by experts

Developed by acknowledged ISO 27001 experts Alan Calder and Steve Watkins, and drawing from their industry-leading knowledge.

Who should attend this course?

Anyone involved in information security management, writing information security policies or implementing ISO 27001, either as a lead implementer or as part of an implementation team.

Why choose IT Governance for your training needs?

  • We’re internationally recognised as the authority on ISO 27001 – our team led the world’s first ISO 27001 certification project, and since then we have trained more than 8,000 professionals on information security management system (ISMS) implementations and audits.
  • Trained by industry experts – our trainers are working consultants with years of practical, hands-on experience.
  • Pass first time or train again for free – we have trained more than 17,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*
  • Choose the method that suits you – we offer classroom, instructor-led online, self-paced online, e-learning and in-house training options.
  • Access your training anywhere – all our course materials are provided as a digital copy, allowing you to access them anywhere and at any time. Documents will be made available 20 days before your course.
  • Business solutions to suit you – whether you’re a multinational wanting us to manage all your training needs or a small business wishing to boost your workforce skills, we offer a range of training solutions.


  • * conditions applicable

    Course details

    Course details

    What does this training course cover?

  • Why information security management (ISM) is important to an organisation.
  • The key concepts, principles and main requirements of ISO/IEC 27001:2013.
  • The terms and definitions used in the Standard, including risk and options for risk assessments.
  • How to interpret the requirements of ISO/IEC 27001:2013 to determine the scope of your ISMS.
  • How to structure and manage your ISO 27001 project.
  • How to review and map your existing controls to Annex A of ISO 27001.
  • The importance of the Statement of Applicability (SoA), and justifications for inclusions and exclusions.
  • The importance of information security risk management in ISO 27001 and its role within an organisation.


  • A full overview of the ISO 27005 information risk management standard and an understanding of key risk management terminology.
  • How ISO 27005 is related to the ISO 31000:2009 risk management standard.
  • The key information security risk assessment processes, including context establishment, risk assessment, risk treatment and monitoring/review.
  • How to assess, analyse and treat identified information security risks in accordance with the guidance of ISO 27005.
  • How to develop a management framework, write policies and produce other critical documentation.
  • How to prepare for your ISO 27001 certification audit and ensure you that you pass first time.
  • How to manage and drive continual improvement under ISO 27001.


  • Course agenda:

    Course agenda (day 1-3):

  • Project mandate
  • Project initiation
  • ISMS initiation
  • Management framework
  • Baseline security criteria
  • Risk management
  • Implementation
  • Annex A controls
  • Measure, monitor, review and improve
  • Certification


  • Course agenda (day 4-6):

  • Risk Management in ISO 27001
  • Establishing the context
  • Scope, boundaries, roles and responsibilities
  • Information Security Risk Assessment


  • What’s included in this course?

  • A professional training venue with lunch and refreshments.
  • Full course materials (digital copy provided as a PDF file).
  • The ISO 27001 Certified ISMS Lead Implementer exam.
  • The ISO 27005 Certified ISMS Risk Management.
  • A certificate of attendance.


  • What equipment should I bring?

    The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

    Course duration and times

    Day 1: 9:30 am – 5:00 pm
    Day 2: 9:00 am – 5:00 pm
    Day 3: 9:00 am – 5:00 pm
    Day 4: 9:30 am – 5:00 pm
    Day 5: 9:15 am – 5:00 pm
    Day 6: 9:15 am – 3:00 pm

    Course locations

  • Learn from anywhere with our instructor-led Live Online courses, or Classroom / Live Online delivery options. Learn more.
  • Alternatively you can study in a classroom at one of our venues in London or Ely (Cambridgeshire).


  • Are there any prerequisites for this course?

    There are no formal entry requirements but it is assumed that you have taken the Certified ISO 27001 ISMS Foundation training course or you have a good working knowledge of ISO 27001 gained through practical experience.

    Is there any recommended reading?

    We strongly recommend you purchase and read the standard prior to attending the course:

  • ISO IEC 27001 2013 and ISO IEC 27002 2013


  • As well as one of the following textbooks:

  • Information Security Risk Management for ISO 27001/ISO 27002
  • ISO 27001/ISO 27002 – A Pocket Guide
  • An Introduction to Information Security and ISO 27001:2013 – A Pocket Guide


  • Exams and qualifications

    ISO 27001 Lead Implementer and ISO 27005 Risk Management exams

    The ISO 27001 Certified ISMS Lead Implementer (CIS LI) exam:

  • Delivery method: Online
  • Duration: 60 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 75%


  • The ISO 27005 Certified ISMS Risk Management (CIS RM) exam:

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%


  • Both the ISO 27001 Lead Implementer and Lead Auditor exams are set by IBITGQ ( International Board for IT Governance Qualifications ). There are no extra charge for these exams.

    This course is equivalent to:

    42

    CPD points

    What qualifications will I receive?

  • Certified ISO 27001 ISMS Lead Implementer (CIS LI).
  • Certified ISO 27005 Risk Management (CIS RM)


  • Accreditation

    This course is accredited by IBITGQ, as well as CIISec (The Chartered Institute of Information Security) , it satisfies the CIISec Knowledge Areas requirements at Level 1: A1, A3, A7, C1, C2, D2, E3, F2, H1 and H2; and at Level 1+: A2, A4, A5, A6, B1, B2, D1, E1, E2, F1 and G1

    You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/ GASQ successful candidate register .

    The PCI SSC (Payment Card Industry Security Standards Council) has indicated that it accepts GASQ certifications in relation to the IBITGQ-accredited courses as meeting the requirements of an individual applying to become a PCI DSS (Payment Card Industry Data Security Standard) QSA (Qualified Security Assessor).

    How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately after completing the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are emailed directly to candidates by the relevant exam board; please note that hard-copy exam certificates are not issued.


  • Do I need proof of identity to take the exam?

    Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

    Can exams be retaken?

    Yes, if you are unsuccessful on the first attempt, you can retake the exam for an additional fee. You can email us to schedule the retest.

    Ways to learn

    Learn from anywhere with our range of instructor-led courses

    Wherever you are in the world, you can now attend an IT Governance online course, and get the full benefit of a classroom session.

    To make your life as easy as possible, we offer 3 ways to attend an instructor-led course:

    Classroom

    Our instructor-led courses are hosted at professional training centres located in major cities across the UK.

    Learn more

    Live Online

    Our instructor-led Live Online courses are hosted and delivered live by one of our expert trainers.

    Learn more

    Learn from anywhere

    Our instructor-led Classroom / Live Online courses give you the flexibility of attending a classroom course, either in person or by joining the classroom course online.

    Learn more

    The benefits of learning from anywhere

  • Choosing an online option means you save on travel, parking, hotels and other fees.
  • Learn and obtain a professional certification from the comfort of your home.
  • Our courses use the latest conferencing technology that is compatible with all devices.
  • Our trainers focus on maximising audience participation and getting the most out of our online attendees.
  • All trainers have been hand-picked for their technical and practical expertise.
  • You have full control over your course booking, meaning you can edit delegate details, course dates and any special requiremen
  • Enquire

    Start date Location / delivery
    24 Sep 2021 United Kingdom Book now

    Related article

    The CISSP exam is now updated to reflect the most pertinent issues facing today’s cybersecurity professionals, along with the best practices for mi...