In 2018:  Zygma completed 25 years of continuous independent operations;   Drafted and edited Kantara's NIST SP 800-63 rev.3 IAL2/AAL2 Service Assessment Criteria; Managed on behalf of a client the first SP 800-63 rev.3 service assessment - the service was the first to receive Kantara's "NIST 800-63 rev.3" Approval;   Performed three Kantara Service Assessments, each resulting in a Grant of Approval;   Transitioned to operating as an S-Corporation.      
   Home      Site map      About Us      Legal       Contact



ISO/IEC 27001

ISO 27001/05 Training

Kantara Support

Standards & Regulations




Curricula Vitae

Course: Certified ISO 27001 Lead Implementer (IS27001LI)
Mastering the implementation, operation and management of an Information Security Management System (ISMS) based on ISO 27001


This five-day intensive course develops the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2005. Participants will also gain an understanding of the prescribed code of practice for the selection and implementation of information security controls from all areas of ISO 27002.  The course adopts good practices for project management as established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects).  The training is also fully aligned to ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).  This course develops much greater detail than does the Foundation course and leaves participants ready to implement, operate and manage an ISMS.

Back to Top»»

Who should participate?
  • Project Managers and other IT Professionals wanting to prepare and to support an organization in the implementation of an ISMS
  • Managers and IT specialists responsible for implementing, operating and managing an ISO 27001 ISMS
  • Those responsible for information security and/or GRC within an organization
  • Technical experts preparing for an information security rôle or for an ISMS project management function
  • IT Subject Matter Experts & Advisors
  • ISO 27001 Auditors who want to master the ISO 27001 Implementation process

Back to Top»»

Learning objectives

Participants will develop the skills for, and therefore an understanding of:

  • the application of an Information Security Management System in the context of ISO 27001
  • the interrelationships between ISO 27001 and other 27000-family standards (ISO 27000, 27002, ISO 27003, ISO 27004, and ISO 27005, …)
  • key components of an Information Security Management System (ISMS) in the context of ISO 27001
  • the concepts, approaches, standards, methods and techniques which lead to effective management of an ISMS
  • the relationship between an Information Security Management System (including risk management, controls and compliance) and the interests of the various stakeholders associated with the ISMS
  • the necessary expertise to manage a team implementing ISO27001
  • analysis and decision making in a context of information security management
  • the stages of the ISO 27001 certification process
  • advising organizations on best practices in the management of information security

Back to Top»»


Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001: Initiating an ISMS

  • Introduction to management systems and the process approach
  • Overview of ISO 27001, ISO 27002 and ISO 27003 and regulatory frameworks
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing information security management system based upon ISO 21827
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan for achieving conformity with ISO 27001

Day 2: Planning an ISO 27001-conformant ISMS

  • Defining the ISMS scope
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management:  ISO 27005 guidance on the identification, analysis and treatment of risk
  • Drafting the Statement of Applicability

Day 3: Implementing an ISO 27001-conformant ISMS

  • Implementation of a document management framework
  • Selection and design of controls
  • Documenting procedures
  • Implementation of controls
  • Development of a training & awareness program
  • Communicating information security
  • Incident management (with reference to ISO 27035)
  • Managing ISMS operations

Day 4: Management and Operation of an ISO 27001-conformant ISMS: preparing for a Certification audit

  • Monitoring information security controls
  • Developing metrics, performance indicators and dashboards (with reference to ISO 27004)
  • ISO27001 internal Audit
  • Management review
  • Implementing a continuous improvement program
  • Preparing for the ISO 27001 certification audit

Day 5: Examination

Back to Top»»


ISO 27001 Foundation certification, or a general understanding of ISO 27001 and ISO 27002 (meaning you should understand the scope, structure, purpose and content of those documents without being expected to quote from them clause numbers and titles or verbatim text).

Back to Top»»

Tutoring Approach

The course consists of presentation of the source material with examples based on real cases interspersed with practical exercises based on a full case study including role plays and narrative presentation .  The use of these exercises helps prepare participants for the examination, taken on the fifth day. 

Given the number of practical exercises, the number of training participants may be limited.

Back to Top»»

Examination and Certification

The “ISO 27001 Lead Implementer” examination lasts 3 (three) hours and fully meets the requirements of the PECB Examination Certification Programme (ECP).  The exam covers the following competence domains:

Domain 1: Fundamental principles and concepts of  information security

Domain 2: Information Security Controls Best Practices, based on ISO 27002

Domain 3: Planning an ISO 27001-conformant ISMS

Domain 4: Implementing an ISO 27001-conformant ISMS

Domain 5: Performance evaluation, monitoring and measurement of an ISO 27001-conformant ISMS

Domain 6: Continuous improvement of an ISO 27001-conformant ISMS

Domain 7: Preparing for an ISO 27001 ISMS certification audit

After successfully completing the examination, participants may apply for an ISO  27001 Provisional Implementer, ISO 27001 Implementer or ISO 27001 Lead Implementer credential, depending on their level of professional experience.  Certification will be granted to participants who successfully pass the examination and comply with all other requirements related to this credential.

Back to Top»»

Certification Experience Requirements

The table below shows the professional experience required for each of the ISO 27001 Implementer Certifications.

Course Professional Experience ISMS-specific Experience
Certified ISO 27001 Provisional Implementer None None
Certified ISO 27001 Implementer 2 years total;
1 year in information security
200 hours of implementation
Certified ISO 27001 Lead Implementer 5 years total;
2 years in information security
300 hours of implementation

For Certification purposes, the following implementation types constitute valid implementation experience:

  • Internal implementation
  • External/consulting implementation
  • Partial implementation

To be considered valid, implementation activities should follow best implementation practices and include most of the following activities:

  • Drafting an ISMS implementation business case
  • Managing an ISMS implementation project
  • Implementing information security controls
  • Managing information security controls
  • Implementing metrics
  • Implementing corrective or preventive action
  • Performing a management review
  • Performing a risk assessment
  • Managing incidents
  • Managing an information security team

In addition, all applicants for Certification will be required to sign and to uphold PECB's Code of Ethics and should also make themselves aware of the applicable Rules & Policies.  Further details may be found here: PECB: Certification & Examination Process.

Back to Top»»

General Information

Each participant will receive:

  • a student manual containing over 450 pages of information and practical examples
  • a 31 CPE (Continuing Professional Education) participation certificate
All examination and certification charges are included in the course fee.

Back to Top»»

© 1993 - 2018   Zygma Incorporated     Telephone: +1 714 797 99 42      Email: Enquiries @    
All Zygma services are provided in accordance with its Ethics Policy.
Note - if you are submitting an enquiry or expect to receive email from us, please ensure that your spam filtering will accept mail from the domain ''