OUR SERVICES
ISO/IEC 27001 – INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

Build and operate an ISO/IEC 27001-aligned Information Security Management System (ISMS) that holds up in real audits. This training connects the standard’s requirements to practical implementation: governance, risk treatment, controls, evidence, and continual improvement — so your ISMS becomes an operational management system, not a documentation project.

Course outline

A structured programme that walks through the full ISO/IEC 27001 lifecycle — from defining scope and leadership commitment to risk assessment, control implementation, measurement, internal audit, and management review.

You will learn how to translate requirements into concrete ISMS artefacts and routines: a defensible scope, a risk methodology, a Statement of Applicability (SoA) that makes sense, and evidence that auditors can validate.

  • Module 1: ISO/IEC 27001 structure, intent, and audit expectations
  • Module 2: ISMS scope, context, interested parties, leadership & governance
  • Module 3: Risk assessment methodology, risk treatment planning, residual risk
  • Module 4: Controls & SoA (Annex A), implementation planning and integration
  • Module 5: Metrics, monitoring, evidence, documentation, and operational routines
  • Module 6: Internal audit, nonconformities & corrective actions, continual improvement
  • Module 7: Management review, readiness for certification audits (Stage 1 / Stage 2)

The training uses practical examples and structured exercises to ensure participants can build an ISMS that is implementable, measurable, and audit-ready — including how to argue scope, control choices, and risk treatment decisions clearly.

Your trainer
Christian Schlehuber – Managing Director
Christian Schlehuber
Managing Director · Lead OT Security Expert

Christian supports organisations in building security programmes that can be governed, evidenced, and audited — from policy frameworks and risk methods to implementation and continuous improvement. His background combines programme leadership with hands-on execution, which is critical when ISO/IEC 27001 needs to work across real business constraints.

Experience
13+ years Cybersecurity · Programme design, governance, and implementation
Relevant focus
Policy & governance frameworks · Risk management and audit evidence · Security awareness and organisational measures · Implementation roadmaps and remediation tracking
Education
M.Sc. IT Security
Key certifications
ISO 27001 Senior Lead Implementer · ISO 27001 Senior Lead Auditor · CISSP · CISM · NIS2 Directive Senior Lead Implementer · GICSP · CEH · CISA ICS (301 / 401)
What you receive

Participants leave with a practical implementation blueprint and the confidence to operate an ISMS day-to-day — including audit preparation and continual improvement routines.

  • ISMS artefact map: what to create, why it matters, and what auditors expect to see
  • Risk + SoA guidance: how to build a risk method and a defensible Statement of Applicability
  • Evidence approach: how to collect and maintain evidence for Stage 1 and Stage 2 audits
  • Operational routines: KPIs, internal audits, corrective actions, management review
Who this is for

Designed for organisations and individuals responsible for building, operating, or auditing an ISMS — whether you are implementing ISO/IEC 27001 for the first time or improving an existing system.

  • ISMS roles: ISMS managers, security managers, compliance & GRC professionals
  • Leadership: executives and managers accountable for governance and risk decisions
  • Technical & operational: IT/OT teams supporting controls and operational evidence
  • Assurance: internal auditors, risk owners, and certification preparation teams
Available courses

Choose a scheduled delivery below, or request a private cohort for your organisation (onsite or virtual).

Virtual Classroom

Live, instructor-led virtual classroom covering ISO/IEC 27001 requirements and practical implementation — from scope and risk to controls, evidence, internal audit, and certification readiness.

  • End-to-end ISO/IEC 27001 implementation workflow
  • Risk methodology + SoA logic + evidence approach
  • Exercises to connect requirements to real operational routines
View & purchase See all ISO/IEC 27001 courses

If your preferred date is not listed yet, contact us to reserve a slot for your team.

Onsite training for your company

Delivered onsite or as a private virtual cohort, tailored to your organisation’s scope, maturity, and certification goals — ideal for aligning leadership, risk owners, and implementation teams on one consistent approach.

  • Organisation-specific focus: scope, risk model, SoA decisions, and evidence expectations
  • Optional focus: policy house, audit preparation, internal audit programme, improvement cycle
  • Practical exercises adapted to your processes, tooling, and target certification timeline
Request onsite training Email us

Tell us your scope and certification goal, and we will propose a tailored agenda.

Scroll to Top

ANNOUNCEMENT!

We are happy to announce our exciting updates!

  • NIS2 & CRA QUICK CHECKS – FAST, NO FULL COMMITMENT
    Get quick clarity on your obligations and next steps – no long-term contract.

  • RAIL CYBERSECURITY ENGINEERING – PROFESSIONAL PROGRAM (NEW)
    Learn how to design, assess, and defend railway systems in line with TS 50701 and IEC 62443.
  • New Courses Available

Please switch your Browser

We detected that you are using Safari as browser. Please consider to switch to a chromium-based Browser to ensure compatibility!