A practical approach to implementing an ISMS according to ISO 27001

A professionally prepared training course on implementing the Information Security Management System (ISMS) covers the skills, knowledge, and procedures necessary to effectively meet the requirements of ISO 27001, taking into account the changes in the PN-EN ISO/IEC 27001:2022 standard.

About the training

Effective training for individuals looking to expand their knowledge in the field of information security.

The training is conducted in the form of a lecture and workshops, ensuring an effective translation of the new knowledge and skills into practical actions for participants. We focus not only on delivering theoretical knowledge but, above all, on providing effective, practical methods and techniques, along with valuable experiences and best practices.

The training is one-day, and upon completion, participants will receive a certificate of participation.

Objective of the training

  • Acquiring knowledge and competencies related to the theoretical and practical preparation of participants for implementing and maintaining an Information Security Management System (ISMS) based on the requirements of the ISO 27001 standard.
  • Improving skills in using tools and techniques during risk analysis and documentation work.
  • Gaining knowledge of a wide range of information security management techniques.
  • Developing the ability to assess the information security status within an organization, create strategies, implement the ISMS, and ensure continuous improvement.

Adresaci szkolenia

The training on implementing and maintaining an Information Security Management System (ISMS) based on the requirements of the ISO 27001 standard is addressed to board members, management, information security management department staff, internal auditors, and all those interested in ISMS within the organization.

Language of the training

The training will be conducted in Polish.

It is possible to organize the training in English.

Training methodology

  • Achieving the right training outcomes is possible by selecting the appropriate topics and methods tailored to the specific needs of participants and the issues addressed in the training. Below are the methods and techniques we use:
  • LECTURE
  • We provide knowledge to participants based on dedicated teaching materials, such as a multimedia presentation. This is the foundational part of the training, during which we introduce the topic, discuss key concepts, and describe roles, processes, procedures, etc.
  • PRACTICAL EXAMPLES
  • As practitioners, we base the training program on real-life events presented to address specific issues. We help participants independently come to conclusions or solutions. Our training is highly focused on practical experience and skill development.
  • DISCUSSION
  • Participants express their opinions and exchange experiences. A well-structured discussion topic, by clashing at least two arguments, typically generates strong emotional involvement. Discussion helps in developing a joint solution or preparing arguments regarding a specific issue.
  • BRAINSTORMING
  • In a short time, we generate many ideas and solutions for specific problems and situations. We engage participants, encouraging them to think and develop their creativity.
  • EXERCISES
  • Practical tasks related to the training subject, such as creating a process, conducting a case study, etc. These effectively complement the lecture and practical examples.
  • TESTS
  • We assess the participant’s knowledge and skills level. We identify competency gaps and appropriately plan the educational process to enhance the participant’s abilities. Depending on the training type, this may involve various tools such as knowledge tests and performance evaluations.
  • SIMULATIONS
  • These provide an excellent sample of reality, where participants actively engage and experience the consequences of their actions.
  • SUMMARY
  • After completing each topic, we summarize the discussed material. This activity, carried out by the trainer, allows for a review of the most important aspects related to the topic and gives participants the opportunity to verify their understanding.

Trainer

Jacek Knopik/Iwona Kapela/Marcin Kowalczyk

Marcin Kowalczyk
Graduate of the Faculty of Computer Science and Electronic Economy at the Poznań University of Economics. Certified ITIL Expert. During his long-term cooperation with PBSG, he provided consulting, analytical, and training services in the implementation, improvement, and optimization of IT service management systems based on the most popular international standards. Expert in IT service management, information security, business continuity, and risk management in the field of information security.
He holds the role of project manager and lead consultant in system management projects and implementation of specialized IT tools supporting IT processes and information security. Throughout his career, he successfully completed over 150 implementation projects and conducted more than 100 training sessions. Speaker at numerous conferences dedicated to IT service management, information security, and Governance topics.

Iwona Kapela
Graduate of Management and Marketing at the Warsaw School of Economics, Social Psychology at the SWPS University of Social Sciences and Humanities, and postgraduate studies in “Information Security” at the National Defence University. Since 1991, she has been associated with the telecommunications services market. She has experience in revenue protection, detection of telecommunication fraud, as well as resolving information security incidents. While working with telecommunications companies, she gained knowledge in crisis management and business continuity in relation to ISO 22301, including critical infrastructure protection, closely collaborating with IT and NT technological areas, physical protection, and fire safety. She aims to use her professional experience to focus on practical implementation of information security measures, which protect corporate secrets and ensure business continuity. She holds the ISO 27001 Internal Auditor certificate (Credential ID 641/ISMS/17 BSI) and the CBCP – Certificate of Completion in Business Continuity Planning (DRI).

Jacek Knopik
Graduate of Documentation Management at Adam Mickiewicz University in Poznań. Management representative and internal auditor for information security, quality, environmental, and occupational health and safety management systems. Expert in risk management in the fields of information security, GDPR, quality management, business continuity, and management control. Consultant, implementer, trainer, and software tester for risk management tools. He has over 5 years of experience in local government administration in the fields of documentation management, process management, management control, and the implementation of teleinformation systems.
He executes projects in management systems and the implementation of supporting IT tools both in the private and public sectors.

Offline training

Training program

Day 1
9:00 - 16:00

 

  • Welcome of participants
  • Introduction to information security management.
  • What is information security management?
  • Basic terms and definitions.
  • Structure of the ISO 27001 standard.
  • ISO 27001 requirements.
  • Context of the organization.
  • Stakeholder analysis.
  • Leadership.
  • PDCA approach in the context of information security management.
  • Areas of information security (physical security, IT, personal, and organizational-legal).
  • Break
  • Practical approach to identifying the context of the organization.
  • Estimating the resources necessary for a successful ISMS implementation.
  • Practical approach to ISMS topics:
  • Practical approach to identifying and inventorying information assets.
  • Practical approach to classifying information groups.
  • Risk analysis within the ISMS.
  • Risk assessment for identified assets and development of a risk treatment plan.
  • Verification of the effectiveness of applied controls.
  • Development of the statement of applicability of controls.
  • Break
  • Prevention and management of information security incidents.
  • Evaluation of the effectiveness and continuous improvement of the ISMS.
  • Risk assessment for identified assets.
  • Development of a risk treatment plan.
  • Verification of the effectiveness of applied controls.
  • Continuous improvement of the information security management system.
  • The functioning of the system within the organization.
  • Possible works related to the system’s development.
  • Summary – Questions and discussion

Training price

The price per participant: 2,250 PLN (net).

Terms of participation

Price

The price of the training refers to the service, which is the right for one participant to attend a one-day training session. It includes training materials, a certificate, coffee breaks, and lunch during the training. The price does not include accommodation.

Payment will be made based on the correctly issued VAT invoice within 14 days from the date the invoice is received, to the bank account of the organizer indicated on the invoice.

Conditions

Confirmation of acceptance of the registration will be sent to the email address specified in the registration form.

The organizer reserves the right to cancel the course. In case of course cancellation by the organizer, participants will receive a full refund of the course fee. A written withdrawal of the participant’s registration no later than 10 working days before the training start date will incur a fee of 30% of the course price. A written resignation submitted less than 10 working days before the start date will result in a 100% course fee charge.

The training price listed in the training schedules is net and must be increased by the current VAT rate.

The individual/organization registering for participation in the training gives consent to the processing of personal data provided by PBSG SA, with its registered office at Szyperska 14, Poznań, for the purpose of executing the order.

Certificates

Certificates of participation will be sent to participants who meet the conditions of at least 70% correct answers on the knowledge test and have settled the payment.

To participate in the training, the registration form must be completed.

Submitting a registration means acceptance of the terms of participation and consent to the processing of personal data of the registered participants by PBSG SA for the purpose of order fulfillment and for promotion and marketing purposes carried out by PBSG SA.

Organizational information

Registration for the in-person training

Fill out this form if you wish to participate in the Open In-Person Training. If you are interested in online participation, please register here: Online Training Registration Form.

It is also possible to organize a closed training tailored to your specific request: send an inquiry and receive a quote.

Submitting the registration form means acceptance of the terms and conditions of participation.

Online training

Training program

Day 1
9:00 - 16:00

  • Welcome of participants
  • Introduction to information security management.
  • What is information security management?
  • Basic terms and definitions.
  • Structure of ISO 27001 standard.
  • Requirements of the ISO 27001 standard.
  • Context of the organization.
  • Stakeholder analysis.
  • Leadership.
  • PDCA approach in the context of information security management.
  • Information security areas (physical, IT, personal, and organizational-legal).
  • Break
  • Practical approach to identifying the context of the organization.
  • Estimating resources necessary for successful implementation of ISMS (Information Security Management System).
  • Practical approach to ISMS issues:
  • Practical approach to identifying and inventorying information assets.
  • Practical approach to information classification.
  • Risk analysis within ISMS.
  • Risk assessment for identified assets and preparation of a risk treatment plan.
  • Verification of the effectiveness of applied security measures.
  • Preparation of the statement on security controls implementation.
  • Break
  • Preventing and managing information security incidents.
  • Assessing the effectiveness and continuous improvement of ISMS.
  • Risk assessment for identified assets.
  • Developing a risk treatment plan.
  • Verification of the effectiveness of security measures.
  • Continuous improvement of information security management system.
  • System operation within the organization.
  • Possible work related to development.
  • Summary – Questions and Discussion

 

Training price

Price per participant: 1,150 PLN (net)

Conditions of participation

Price

The price of the training refers to the service of granting the right to participate in a one-day training for one participant.

The price includes training materials and a certificate.

Payment will be made based on a correctly issued VAT invoice within 14 days from the date of receiving the invoice, to the bank account of the organizer indicated on the invoice.

Terms and Conditions

The acceptance of the registration will be confirmed via the email address provided in the registration form.

The organizer reserves the right to cancel the course. In the event of course cancellation by the organizer, participants will receive a full refund of the fee paid for the course. A written withdrawal of the participant’s registration at least 10 working days before the course start date will result in a fee of 30% of the course price. A written resignation submitted less than 10 working days before the course start date will incur a fee of 100% of the course price.

The price of the training listed in the training schedule is the net price, which should be increased by the applicable VAT rate.

The person/organization registering the participant for the training authorizes PBSG SA, located at Szyperska 14 in Poznań, to process the provided personal data for the purpose of fulfilling the order.

Certificate

Training participation certificates will be sent to participants after meeting the conditions, including a minimum of 70% correct answers on the knowledge test and payment settlement.

To participate in the training, please fill out the registration form.

Submitting the registration means accepting the terms and conditions of participation and consent to the processing of the personal data of the registered participants by PBSG SA for the purposes of order fulfillment, as well as for promotion and marketing activities conducted by PBSG SA.

Organizational information

Participants of the online training will receive access to the training platform. On the day of the training, you need to log into the platform. The training will begin at the scheduled time. During the session, the screen will be divided into three sections: presentation, trainer, and chat. Communication during the training will take place via chat.

Technical Requirements:

  • Hardware Requirements: A computer with internet access, a minimum 1.6GHz processor, and at least 4GB of RAM.
  • Browser: The latest version of Google Chrome, Mozilla Firefox, or Safari.

Quality of Training

The training will be conducted in accordance with the Training Service Quality Standards Manual.

Registration for online training

Fill out this form if you wish to participate in the online training. If you are interested in attending the in-person training, please register here: Offline Training Registration Form.

It is also possible to organize a closed training tailored to your specific needs: send an inquiry and receive a quote.

Submitting the registration form means acceptance of the terms and conditions of participation.

Internal training

Dedicated exclusively to your organization – this approach ensures comfort and flexibility to thoroughly discuss specific issues and situations within your organization. We understand that every company is different, so to effectively translate the acquired knowledge into your organization, we tailor the examples presented to suit your unique needs and business situation.

Training program

Day 1
9:00 - 16:00

Welcome participants
Introduction to Information Security Management
What is Information Security Management
Basic terms and definitions
Structure of the ISO 27001 standard
Requirements of the ISO 27001 standard
Context of the organization
Stakeholder analysis
Leadership
PDCA approach in the context of Information Security Management
Areas of Information Security (physical, IT, personal, and organizational-legal security)

Break

Practical approach to identifying the context of the organization

Break

Estimating the resources necessary for the successful implementation of ISMS

Break

Practical approach to ISMS issues
Practical approach to identifying and inventorying information assets
Practical approach to classifying information groups

Day 2
9:00 - 16:00

Risk analysis within the ISMS
Risk assessment for identified assets and development of a risk treatment plan

Break

Risk analysis within the ISMS – continuation
Verification of the effectiveness of implemented security controls
Development of the statement of applicability

Break

Prevention and management of information security incidents
Effectiveness assessment and improvement of the ISMS
Risk assessment for identified assets
Development of a risk treatment plan
Verification of the effectiveness of implemented security controls

Break

Improvement of the Information Security Management System
Operation of the system within the organization
Potential development-related tasks

Summary – questions and discussion

How does it work?

Step 1

APPLICATION

In the first step, please fill out the registration form to express your interest in organizing a dedicated training session for your company.

Step 2

DATE

We will set the date and location of the training – we will accommodate your availability and individual expectations.

Step 3

PRICE

We will present the commercial terms for organizing the training based on the agreed parameters and number of participants.

Step 4

TRAINING

We will deliver the tailored training in accordance with the agreed terms.

Would you like to inquire about the pricing for a internal training session?

Check the program of other trainings

Training

NIS2 training for boards of directors

Dowiedz się więcej
Training

DORA: Fundamentals, Risk Management, and Organizational Preparation

Dowiedz się więcej
Training

Training on the requirements of the NIS2 Directive

Dowiedz się więcej

What do we do?

Information security

We help protect the key informational assets of your organization.

Check here

IT Security

We will enhance the resilience of your network and infrastructure against cyberattacks.

Check here

Personal data security

We enhance the level of personal data protection in your organization.

Check here

Cybersecurity

We conduct a threat assessment for your organization and help create a personalized cybersecurity plan.

Check here

Management control

We assist public entities in formulating goals, tasks, and conducting risk analysis.

Check here

Risk management

We offer comprehensive services in designing and implementing risk management systems.

Check here

Business continuity management

We will strengthen your organization’s resilience and prepare you for managing crisis situations and business continuity.

Check here

IT services management

We will build a set of principles and practices for delivering your IT services to end users.

Check here

erisk

Comprehensive risk management software. An efficient way to manage risk without spreadsheets.

Check here