Advanced

ISO/IEC 27001 Lead Implementer

Build, deploy and run an Information Security Management System (ISMS) compliant with ISO/IEC 27001:2022. PECB-certifying 5-day course.

Learning objectives

  • Master the ISO/IEC 27001:2022 requirements and their articulation with ISO/IEC 27002:2022
  • Conduct a risk analysis aligned with ISO/IEC 27005
  • Design and document a complete ISMS (policy, procedures, SoA)
  • Manage the implementation of the 93 Annex A controls
  • Prepare the organisation for the initial certification audit
  • Pass the PECB ISO/IEC 27001 Lead Implementer exam

Target audience

CISOs, IT managers, security project leads, GRC consultants, quality managers in charge of running or deploying an ISO 27001 ISMS.

Prerequisites

Basic knowledge of information security. Professional experience in IT or quality management recommended (6 months minimum).

Detailed programme

Course objective

This intensive 5-day course prepares future ISMS managers to design, implement and run an Information Security Management System compliant with the ISO/IEC 27001:2022 standard. It covers the full PDCA cycle, from asset mapping to continual improvement, drawing on the best practices of ISO/IEC 27002:2022.

At the end of the course, participants take the PECB ISO/IEC 27001 Lead Implementer certification exam (3 hours, written), PECB-accredited and internationally recognised.

Detailed programme (35 hours)

Day 1 — Fundamentals and context

  • Introduction to the ISO/IEC 27000 family and the ISMS framework
  • Analysis of the organisation’s context (clause 4)
  • Leadership and management commitment (clause 5)
  • ISMS scope and interested parties

Day 2 — Planning and risk assessment

  • Risk analysis methodology (ISO/IEC 27005, EBIOS RM)
  • Risk identification, analysis and evaluation
  • Risk treatment and Statement of Applicability (SoA)
  • Risk treatment plan

Day 3 — Support and operations

  • Resources, competence, awareness (clause 7)
  • Documentation management and documented information
  • ISMS operations (clause 8) — implementing the controls
  • Overview of the 93 Annex A controls (ISO/IEC 27002:2022)

Day 4 — Performance evaluation and improvement

  • Monitoring, measurement, analysis and evaluation (clause 9)
  • Internal audit and management review
  • Nonconformities, corrective actions, continual improvement (clause 10)
  • Preparation for the certification audit

Day 5 — Synthesis workshop and PECB exam

  • Case study on a complete ISMS (industrial SME)
  • Review and Q&A
  • PECB ISO/IEC 27001 Lead Implementer certification exam

Teaching methods

Mix of theory (40%), practical workshops (40%) and case-study scenarios (20%). Official PECB course materials provided to each participant. Daily formative quizzes. Field experience shared by our PASSI ANSSI consultants.

Assessment

Continuous assessment through daily quizzes (non-graded). Final PECB exam: 80 questions, 3 hours, written, 70% pass mark.

Accessibility

Accessible to participants with disabilities — contact our accessibility coordinator at least 15 days before the session for adjustments. France Travail (AIF) funding scheme available.

← Back to catalogue