Certified ISO 27001 Lead Implementer (LIVE IN ATLANTA)
Event Information
| Event Date | 02-09-2026 8:30 am |
| Event End Date | 02-13-2026 4:30 pm |
| Cut Off Date | 01-19-2026 5:00 pm |
| Cancel Before Date | 01-26-2026 |
| Individual Price | USD $5,295.00 |
| Location | US | GA | Hyatt Place Atlanta/Cobb Galleria |
| Attachment | ISO-27001-LI-Program.pdf |
Group Rate
| Number of participants | Rate/Person (USD $) |
|---|---|
| 5 | 4,236.00 |
Certified ISO 27001 Lead Implementer Track
- Session 1 -
Learn how to assess
information security, cybersecurity, and privacy risk
as part of Enterprise Risk Management
(Monday - Wednesday)
Overview
Learn ISO 31000 Enterprise Risk Management, and how to leverage the ISO 31000 standard to establish and maintain an ERM program for conducting risk assessments throughout the enterprise.
Then build-out the initial risk program policy right in class! 
A successful risk management initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support.
And since information security, business continuity/disaster recovery, environmental health and safety, and other critical management systems have the primary purpose of identifying and treating risk, it is essential that your organization establish a common platform and approach for managing risk.
As the foundation session of CIS risk management training courses, this 3-day risk management training and policy workshop session provides thorough coverage of the ISO 31000, 31010, 27005, and 23894 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:
- Describe the principles and processes of risk governance and management;
- Provide a thorough overview of the requirements of ISO 31000, ISO 31010, 27005, and 23894;
- Give practical guidance on designing and implementing a suitable enterprise risk management framework;
- Establish a firm program starting point by using ISO standards 31000:2018, 31010, 27005, and 23894 to build out the initial ERM core policy. Soft-copy editable templates are provided in the instructor-led class:
- Complete ERM Policy (18-Page template provided)
- ERM Context and Scope Document (10-Page template provided)
- ERM Risk Assessment and Risk Treatment Methodology Document (18-Page template provided)
- Procedure for Training and Development Needs Analysis document (8-Page template provided)
- ERM Program project kick-off document (9-Page template provided)
- Procedure for Identification of ERM Project Requirements document (4-Page template provided)
- Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
- Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010, ISO 27005 and ISO 23894 best practices
- Leverage ISO best practices to properly identify, analyze, and evaluate risk
- Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria)
- Establish risk monitoring, communication, and reporting
- Prepare participants for the ISO 31000 CICRA exam #RM101
Class details
- Duration: 3 days, 8:30 - 4:30
- CPE Credit: 24
- Materials included with live instructor-led training:
- Class manual (complete hard copy of class presentation)
- Hardcopy policy templates
- Softcopy policy templates
- 14 days of unlimited access to online practice exams for exam #RM101
- 1 attempt for the online certification exam #RM101
- Current-year membership in the CIS Body of Certified Professionals
-
- Professional Certification: This course fulfills all prerequisite training requirements for certification exam #RM101 for professional ISO certifications:
- Certified ISO 31000 Internal Controls Risk Analyst (No further training or exam is required beyond what is included with this course)
- Certified ISO 27001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
- Certified ISO 27001 Internal Controls Architect (Further training and an exam is required beyond what is included with this course)
- Certified ISO 27001 Lead Auditor (Further training and an exam is required beyond what is included with this course)
- Certified ISO 22301 Business Continuity Strategist (Further training and an exam is required beyond what is included with this course)
- Certified ISO 22301 Business Continuity Manager (Further training and an exam is required beyond what is included with this course)
- Certified ISO 42001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
- Certificate included with class: Upon course completion, we will provide you with an achievement certificate for 24 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
- Recommended prerequisite training: None
- Catering for participants attending in-person at location. (Not available for remote virtual classroom participants):
- Morning refreshments and snack
- Lunch
- Afternoon refreshments
- Hotel and/or Travel: Not included
| * ISO Standards are NOT included in this risk management training, nor provided in class. ISO standards are available for purchase at www.iso.org. |
Audience
Recommended Attendance by Position
Recommended participants for this ISO 31000 enterprise risk management certification training include:
- CEO / Managing Director / Policy Approvers / Strategy Decision Makers
- Chief Information Officer (CIO / CISO)
- ISO 9001:2015 Quality Managers
- ISO 14001:2015 EMS Managers
- Information security managers
- Compliance officers
- Revenue protection managers
- IT managers
- Risk manager (s)
- Business Continuity Manager (s)
- Health, Safety, and Environment (HSE) Risk Manager (s)
- Facilities managers
- Operations department heads (business unit managers)
- Auditors
Learning Objectives
CIS Policy Workshop: ISO 31000 Enterprise Risk Management Content Outline:
- Introduction to ISO 31000, 31010, 27005 and 23894 risk management
- Nature and impact of risk
- Principles of risk management
- Review of ISO 31000
- Achieving the benefits of ERM
- Risk management architecture and strategy
- Program leadership
- Establishing the risk committee and its charter
- Program planning and designing
- Risk context development
- Creating an ERM Policy and supporting documentation
- Roles & responsibilities
- Scope
- Implementing and benchmarking
- Measuring and monitoring
- Improving and reporting
- Program leadership
- Risk assessment and risk treatment methodology (Protocol)
- Criteria development
- Scoping
- Performing risk assessments
- Risk identification
- Risk analysis
- Risk evaluation / Business Impact Assessment
- Risk treatment evaluation
- Risk treatment accreditation, risk monitoring, risk review, and risk communication
Establish a firm program starting point by using ISO 31000 to build out the initial ERM core policy. Throughout the class, our expert instructor will convert ISO standard concepts and requirements into a real ISO-conforming Enterprise Risk Policy. Bring your laptop, and you can work right along with the instructor using electronic (MS Word format) templates we provide in class!* Along with the instructor, you will get your ERM program properly initiated by constructing:
- Complete ISO 31000 ERM Policy (18-Page template provided)
- ISO 31000 ERM Context and Scope Document (10-Page template provided)
- ERM Risk Assessment and Risk Treatment Methodology Document (18-Page ISO 31010/27005 template provided)
- Procedure for Training and Development Needs Analysis document (8-Page template provided)
- ISO 31000 ERM Program project kick-off document (9-Page template provided)
- Procedure for Identification of ERM Project Requirements document (4-Page template provided)
- Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
* ISO Standards are NOT included in this risk management training, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org.
Professional Certification/Credentialing
This program is required for the following professional certification: Certified ISO 31000 Internal Controls Risk Analyst
Certification Exam-Pass Guarantee
Preparing for Certified Information Security's professional certification exam #RM101 is serious business. This is where we can help. If you first successfully complete:
- All prerequisite course training; and
- All RM101 online practice exams
Certified Information Security guarantees your success in passing CIS exam #RM101.
If you do not pass exam #RM101 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.
- Session 2-
Learn how to plan, manage, and maintain
information security, cybersecurity, and privacy risk
according to ISO 27001 requirements
(Thursday - Friday)
Overview
Get a thorough understanding of ISO 27000 standards for information security governance, and how to leverage the ISO 27000 standards to establish and maintain an information security management system (ISMS) program.
Then build-out the initial ISO-conforming information security program policy right in class!
Information Security Governance
ISO 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security program within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. This ISO standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Designed to follow our 3-day ISO 31000 Enterprise Risk Management program, this 2-day ISO 27001 training and certification workshop continues our information security risk assessment training to provide thorough coverage of the ISO 27000 standards, as well as setting out advice on the implementation of an information security initiative. The purpose of the course is to:
- Describe the principles and processes of information security governance and management;
- Provide thorough coverage of the requirements of ISO 27001;
- Give practical guidance on designing a suitable framework;
- Give practical advice on implementing information security management;
- Prepare you for your ISO 27001 certification exams required for Certified Internal Controls Architect (CICA) professional credentialing.
- Establish a firm program starting point by using ISO 27001, ISO 27002, and 27003 to build out the initial Information Security Management core policy. Soft-copy editable templates are provided in class:
- Complete ISO 27001-conforming Information Security System Policy (15-Page template provided)
- Procedure document for Training and Development Needs Analysis (9-Page template provided)
- Kick-off ISMS project plan (9-Page template provided)
- Procedure document for Identification of Requirements (4-Page template provided)
- Procedure document for identification of statutory, regulatory, contractual, and other requirements (1-Page template provided)
Class details
- Duration: 2 days, 8:30 - 4:30
- CPE Credit: 16
- Materials included with live instructor-led training:
- Class manual (complete hardcopy of class presentation)
- Hardcopy policy templates
- Softcopy policy templates
- 14 days of unlimited access to online practice exams for exam #ISMS101
- 1 attempt for the online certification exam #ISMS101
- Current-year membership in the CIS Body of Certified Professionals
-
- Professional Certification: This course fulfills all prerequisite training requirements for certification exam #ISMS101 for professional ISO certifications:
- Certificate included with class: Upon course completion, we will provide you with an achievement certificate for 16 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
- Recommended prerequisite training: CIS Policy Workshop: ISO 31000 Enterprise Risk Management
- Catering for participants attending in-person at location. (Not available for remote virtual classroom participants):
- Morning refreshments and snack
- Lunch
- Afternoon refreshments
- Hotel and/or Travel: Not included
Audience
Recommended Attendance by Position
- Chief Information Officer (CIO / CISO)
- Information security managers
- IT managers
- Operations Technology (OT) Managers
- Policy Approvers / Strategy Decision Makers
- Compliance officers
- Risk managers
- Business Continuity Managers
- Operations department heads (business unit managers)
- Auditors
Learning Objectives
- Information Security and ISO 27000 Standards
- Principles of information security
- Review of ISO 27001, ISO 27002, ISO 27003, ISO 27005, ISO 27007, and ISO 27008
- Achieving the benefits of information security
- Managing InfoSec
- Planning and designing
- Implementing and benchmarking
- Measuring and monitoring
- Learning and reporting
- Establish a firm program starting point by using ISO 27000 standards to build out the initial information security core policy. Throughout the class, our expert instructor will convert ISO 27000 series concepts and requirements into a real ISO 27001 InfoSec Policy. Bring your laptop, and you can work right along with the instructor using electronic (MS Word format) templates we provide in class!* Along with the instructor, you will get your information security program properly initiated by constructing:
- Information Security Policy Statement
- General Terms and Definitions
- Scope Document
- Strategy Statement including identification of requirements for the Information Security program setup, initiation, operation, maintenance, and improvement
- Organizational Roles and Responsibilities Statement
- Risk Policy
* ISO Standards are NOT included in this course, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org.
Professional Certification/Credentialing
Completion of this training is required for eligibility for the following professional certifications:
Certification Exam-Pass Guarantee
Preparing for Certified Information Security's professional certification exams #ISMS101 and #ISMS102 is serious business.
This is where we can help. If you first successfully complete:
- All prerequisite ISO 27001 training; and
- All ISMS101 and ISMS102 online practice exams
Certified Information Security guarantees your success in passing certification exams #ISMS101 and #ISMS102.
If you do not pass exams #ISMS101 and #ISMS102 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exams.
| Group discounts up to 20% are available! Discounts are automatically applied when placing booking reservation. |
