ITIL® Intermediate - Service Strategy

Course Description

This course provides a basic insight in the ISO 27000 and ISO 27001. ISO 27000 defines the terminology. ISO 27001 defines the requirements for an ISMS.

It includes:

  • ISMS planning, support and operational requirements
  • Leadership responsibilities
  • Performance evaluation of the ISMS
  • Internal ISMS audits
  • ISMS improvement
  • Control objectives and controls

Course Objective

At the conclusion of the course attendees will understand:

  • The scope and purpose of ISO/IEC 27001
  • The terms and definitions used in the ISO/IEC 27000 series
  • The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement
  • The processes, their objectives and high level requirements
  • Applicability and scope definition requirements
  • Use of controls to mitigate IS risks
  • The purpose of internal audits and external certification audits
  • The relationship with best practices and with other related International Standards; ISO 9001 and ISO/IEC 20000

Target Audience

This is an introductory course for everyone in an organization who is involved with the information management lifecycle. The module is also suitable for small independent businesses for which some basic knowledge of information security is necessary. This module may be a good start for new information security professionals.



This program is 3 days of intensive training class.


Course Outline

Module 1 : Course Introduction
  • What are ISO/IEC 27001:2013 Standard, History and Definitions
  • The ISO/IEC 27001 Certification
  • The ISO/IEC 2700x Norms
  • The Information Security Management System (ISMS)
Module 2 : Relations With Other Standards
  • Relation with the ISO 9001, ISO 14001, ISO 20000-1 Standards
  • Relations with other standards and regulations (PCI DSS, SOGP, FIPS, HIPAA, SOX, etc.)
Module 3 : Establishment, Implementation and Operating of The ISMS
  • The Information Security Management System (ISMS)
  • Management Responsibilities
  • Internal Audit and Management of the ISMS
  • Continuous Improvement of the ISMS
Module 4 : The Information Security Controls
  • The Information Security Controls
Module 5 : Making the ISO / IEC 27001 an Organization
  • The Reasons for an Audit
  • The different Audit Types and its Expected Audit Results
  • Audit the Evidence to Demonstrate Compliance
  • Preparation and Participation to a Certification Audit
  • Conducting an Audit