OUR SERVICES
ISO/IEC 27001 – INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

Build and operate an ISO/IEC 27001-aligned Information Security Management System (ISMS) that holds up in real audits. This training connects the standard’s requirements to practical implementation: governance, risk treatment, controls, evidence, and continual improvement — so your ISMS becomes an operational management system, not a documentation project.

Course outline

A structured programme that walks through the full ISO/IEC 27001 lifecycle — from defining scope and leadership commitment to risk assessment, control implementation, measurement, internal audit, and management review.

You will learn how to translate requirements into concrete ISMS artefacts and routines: a defensible scope, a risk methodology, a Statement of Applicability (SoA) that makes sense, and evidence that auditors can validate.

  • Module 1: ISO/IEC 27001 structure, intent, and audit expectations
  • Module 2: ISMS scope, context, interested parties, leadership & governance
  • Module 3: Risk assessment methodology, risk treatment planning, residual risk
  • Module 4: Controls & SoA (Annex A), implementation planning and integration
  • Module 5: Metrics, monitoring, evidence, documentation, and operational routines
  • Module 6: Internal audit, nonconformities & corrective actions, continual improvement
  • Module 7: Management review, readiness for certification audits (Stage 1 / Stage 2)

The training uses practical examples and structured exercises to ensure participants can build an ISMS that is implementable, measurable, and audit-ready — including how to argue scope, control choices, and risk treatment decisions clearly.

Your trainer
Christian Schlehuber – Managing Director
Christian Schlehuber
Managing Director · Lead OT Security Expert

Christian supports organisations in building security programmes that can be governed, evidenced, and audited — from policy frameworks and risk methods to implementation and continuous improvement. His background combines programme leadership with hands-on execution, which is critical when ISO/IEC 27001 needs to work across real business constraints.

Experience
13+ years Cybersecurity · Programme design, governance, and implementation
Relevant focus
Policy & governance frameworks · Risk management and audit evidence · Security awareness and organisational measures · Implementation roadmaps and remediation tracking
Education
M.Sc. IT Security
Key certifications
ISO 27001 Senior Lead Implementer · ISO 27001 Senior Lead Auditor · CISSP · CISM · NIS2 Directive Senior Lead Implementer · GICSP · CEH · CISA ICS (301 / 401)
What you receive

Participants leave with a practical implementation blueprint and the confidence to operate an ISMS day-to-day — including audit preparation and continual improvement routines.

  • ISMS artefact map: what to create, why it matters, and what auditors expect to see
  • Risk + SoA guidance: how to build a risk method and a defensible Statement of Applicability
  • Evidence approach: how to collect and maintain evidence for Stage 1 and Stage 2 audits
  • Operational routines: KPIs, internal audits, corrective actions, management review
Who this is for

Designed for organisations and individuals responsible for building, operating, or auditing an ISMS — whether you are implementing ISO/IEC 27001 for the first time or improving an existing system.

  • ISMS roles: ISMS managers, security managers, compliance & GRC professionals
  • Leadership: executives and managers accountable for governance and risk decisions
  • Technical & operational: IT/OT teams supporting controls and operational evidence
  • Assurance: internal auditors, risk owners, and certification preparation teams
Available courses

Choose a scheduled delivery below, or request a private cohort for your organisation (onsite or virtual).

Virtual Classroom

Live, instructor-led virtual classroom covering ISO/IEC 27001 requirements and practical implementation — from scope and risk to controls, evidence, internal audit, and certification readiness.

  • End-to-end ISO/IEC 27001 implementation workflow
  • Risk methodology + SoA logic + evidence approach
  • Exercises to connect requirements to real operational routines
View & purchase See all ISO/IEC 27001 courses

If your preferred date is not listed yet, contact us to reserve a slot for your team.

Onsite training for your company

Delivered onsite or as a private virtual cohort, tailored to your organisation’s scope, maturity, and certification goals — ideal for aligning leadership, risk owners, and implementation teams on one consistent approach.

  • Organisation-specific focus: scope, risk model, SoA decisions, and evidence expectations
  • Optional focus: policy house, audit preparation, internal audit programme, improvement cycle
  • Practical exercises adapted to your processes, tooling, and target certification timeline
Request onsite training Email us

Tell us your scope and certification goal, and we will propose a tailored agenda.

Scroll to Top

ANNOUNCEMENT!

We are happy to announce our exciting updates!
(Feb 2026)

Please switch your Browser

We detected that you are using Safari as browser. Please consider to switch to a chromium-based Browser to ensure compatibility!