How to Write Four Mandatory Procedures for ISO 27001 and BS 25999-2
Why are these four procedures important for ISO 27001/BS 25999-2?
At first sight, Procedure for Document and Record Control, Procedure for Internal Audit, Procedure for Corrective Action, and Procedure for Preventive Action are not directly related to either information security or business continuity.
And yet, exactly these procedures are mandatory in both ISO 27001 and BS 25999-2 – without them, you cannot get certified. They are so important because they are considered to form the core of the management system for both standards.
By implementing those procedures in a proper way, not only will you have your documentation up-to-date and under control, but you will also ensure that your internal audit makes sense and runs smoothly, and that you always improve your system in a systematic way. In other words, these procedures hold the system together, and enable all the information security / business continuity activities and processes to run in a controlled system.
Register for this webinar to learn:
- ISO 27001 / BS 25999-2 requirements for each of the 4 procedures
- The purpose of these procedures
- How to structure each of the 4 documented procedures
- What will the certification body look for
- What are the roles in writing these procedures
- Filling in the Procedure for Document and Record Control
- Filling in the Procedure for Internal Audit
- Filling in the Procedure for Corrective and Preventive Action
Upcoming Dates/Times:
Thursday - March 24, 2011
10:00 AM London time
11:00 AM Brussels time
3:30 PM (15:30) Mumbai time
7:00 PM (19:00) Tokyo time
Monday - April 18, 2011
10:00 AM Los Angeles time
1:00 PM (13:00) New York time
6:00 PM (18:00) London time
7:00 PM (19:00) Brussels time
Duration: 2.5 hours (including 15 minute break)
Tuition: $189 per attendee
What You Receive
- Training delivered by Dejan Kosutic, one of the leading experts for ISO 27001 / BS 25999-2
- 3 workshops
- Download of presentation deck and workshop materials
- Access to webinar recording
- Template of document Risk Assessment Methodology ($39.90 value)
- Template of document Risk Assessment Table ($24.90 value)
- 30 days access to E-learning tutorials ($69.00 value)
- 30 minutes of private consultation with Dejan Kosutic
- Certification & credits: Attendees will receive a Certificate of Completion with 2.5 hours of CPE credits
All of the above is included in the webinar price.
Target Audience
Professionals with little or moderate experience in information security risk assessment, including:
- Chief Security Officers (CSOs)
- Chief Information Security Officers (CISOs)
- Risk managers
- Compliance managers
- Chief Information Officers (CIOs)
- ISO 27001/information security consultants
- ISO 27001/IT auditors
- Members of top management responsible for information security
- All information security practitioners
About the training
This highly interactive live online training (via webinar) is designed to enable you to walk away with important skills for executing the planning phase of ISO 27001 in your organization. It contains 3 workshops where filling in the real ISMS documents is exercised.
This moderately priced course offers compelling content, downloadable materials and live engagement with an expert consultant with whom you can discuss how to resolve your specific implementation issues. The course includes documentation templates, access to E-learning tutorials and private time with the trainer for consultation on specific issues. You will experience the training right from your desk, eliminating travel costs and minimizing lost time away from your office.
Competencies and prerequisites
The participants must have their own copy of ISO/IEC 27001 standard in English (not included in price), a broadband Internet connection, and computer with a headset or loudspeakers and microphone (in some countries access through telephone line is also available – in such case headset/loudspeakers/microphone are not required). Prior general knowledge of information security is recommended.
In order to receive the Certificate of Completion, the attendees must read E-learning tutorials (as pre-course work), attend the training throughout its duration, and participate in workshops.
Trainer: Dejan Kosutic is the author of documentation toolkits and E-learning tutorials at Information Security & Business Continuity Academy. He has long working experience both as tutor and as a consultant – he is Approved Tutor for ISMS Lead Auditor courses at SGS, and delivers various ISO 27001 and BS 25999-2 in-person courses throughout Europe, as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium sized businesses including IT companies.
He has an MBA from Henley Management College, and is the holder of the following certificates: Certified Management Consultant, ISO/IEC 27001 Lead Auditor, Associate Business Continuity Professional, and ISO 9001 Lead Auditor.
ISO 27001 and BS 25999-2 Webinar Schedule:
ISO 27001
ISO 27001 Lead Auditor Course Preparation Training
ISO 27001 Benefits: How to Obtain Management Support
ISO 27001: An Overview of ISMS Implementation Process
ISO 27001 Foundations Part 1: ISMS Planning Phase, Documentation and Records Control
ISO 27001 Foundations Part 3: Annex A Overview
ISO 27001 and ISO 27004: How to Measure the Effectiveness of Information Security?
ISO 27001 Implementation: How to Make It Easier Using ISO 9001
BS 25999-2
BS 25999-2 Foundations Part 1: Business Impact Analysis
BS 25999-2 Foundations Part 2: Business Continuity Strategy
BS 25999-2 Foundations Part 3: Business Continuity Planning
BS 25999-2: An Overview of BCM Implementation Process
ISO 27001 and BS 25999-2
ISO 27001/BS 25999-2: The Certification Process
How to Become ISO 27001 / BS 25999-2 Consultant
ISO 27001 & BS 25999-2: Why is It Better to Implement Them Together?
Internal Audit: How to Conduct it According to ISO 27001 and BS 25999-2
ISO 27001 / BS 25999-2 Management Responsibilities: What Does Management Need to Know?
How to Write Four Mandatory Procedures for ISO 27001 and BS 25999-2
ISO 27001 and BS 25999-2 Strategy
Risk Management Part 1: Risk Assessment Methodology and Risk Assessment Process
Risk Management Part 2: Risk Treatment Process, Statement of Applicability and Risk Treatment Plan
Organization of Information Security; External Parties; Raising Awareness, Training and HR Management