Call Us 0800 540 161
Call Us 0800 540 161
This course is presented as Live Virtual Training. Click for more details.

ISO 27001 Lead Implementer

  • Practical orientation - not just theory.  Features extensive use of case studies from actual implementations led by the course presenter
  • The ONLY independently accredited ISO 27001 Lead Implementer training in Asia-Pacific
  • Certificate exam 3rd-party set and marked
  • Based on most recent version ISO 27001:2022 updated to include latest changes in the ISO/IEC 27002:2022 standard

This course provides comprehensive and practical coverage of all aspects of implementing and maintaining an ISO 27001 project. If you are involved in information security management, writing information security policies or implementing ISO 27001 - either as a Lead Implementer, or as part of the planning/implementation team - this course will give you the all the key steps for implementing and maintaining a successful Information Security Management System.

Based on the most recent version ISO 27001:2022 updated to include latest changes in the ISO/IEC 27002:2022 standard, this training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).

The trainer makes the difference!

When you attend a training course there are actually two costs – the course fee, and the value of your time. You can see the fee. But whether you get value for your time and money depends totally on the quality of the course.

Lots of things go into making a great course, but the single most important is always the trainer - their knowledge of the subject, their real-world experience that they can draw upon in class, their ability to answer questions, their communication skills and their obvious enthusiasm for the subject. This is what makes the difference. When it comes to ISO 27001 Lead Implementer, ALC offers outstanding trainers. Please contact us if you wish to know the designated trainer for your course.

Learning outcomes

  • Understanding the application of an Information Security Management System in the context of ISO 27001
  • Mastering the  concepts,  approaches,  standards,  methods  and techniques required in an effective management of an Information Security Management System
  • Understand  the  relationship  between   the  components   of  an Information Security Management System, including risk management, controls and  compliance with the  requirements of different stakeholders of the organisation
  • Acquiring the necessary expertise to support an organisation in implementing, managing and maintaining an ISMS as specified in ISO27001
  • Acquiring   the   necessary   expertise   to   manage   a   team implementing the ISO27001 standard
  • Develop the knowledge and skills required to advise organisations on best practices in management of information security
  • Improve  the  capacity  for  analysis  and  decision  making  in  a context of information security management

Who should attend

  • Project manager or consultant wanting to prepare and to support an organisation in the implementation of an Information Security Management System (ISMS)
  • ISO 27001 Auditor who wants to master the Information Security Management System implementation process
  • Person responsible for the Information security or conformity in an organisation
  • Members of the information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security function or for an ISMS project management function

Course contents

Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS
  • Introduction to management systems and the process approach
  • Detailed presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2005
Day 2: Planning an ISMS based on ISO27001
  • Defining the scope of the ISMS
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology  for risk assessment
  • Risk management according to ISO 27005: identification, analysis and treatment of risk
  • Drafting the Statement  of Applicability
Day 3: Launching and implementing an ISMS based on ISO27001
  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident Management according to ISO 27035
  • Operations management of an ISMS
Day 4: Control, act and the certification audit of the ISMS according to ISO 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and the dashboard in accordance with ISO 27004
  • ISO 27001 Internal Audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparing for the ISO 27001 certification audit
Day 5
  • Course review
  • Exam preparation
  • Certificate exam

Course fees

$3,560 + gst

Fees are per person and include:

  • Course presentation
  • Course workbook
  • Supplementary materials
  • Certificate exam


ISO 27001 Foundation certification or a basic knowledge of ISO 27001 and ISO 27002 is recommended.


Live Virtual Training – At course completion participants will receive an online exam voucher. The online exam is web-based and hosted by the PECB Exam System which is accessed via a web browser. The exam can be taken at any time after the course. The exam voucher has a 12 month validity period.

Face-to-Face Training – Participants will be provided with a paper-based exam which is completed whilst at the course in the same venue of the course itself.

Exam Format:

  • 80 questions
  • Multiple choice
  • Open book
  • 3 hours (30 additional mins for EASL)
  • Pass mark 70%
  • If delegates fail their first attempt they can retake it for free within 12 months

The Certified ISO/IEC 27001 Lead Implementer exam is conducted under the auspices of the PECB Examination and Certification Programme (ECP).

  • You will receive an exam voucher on the last day of the course to be used for booking your exam
  • The exam is held as an online web-proctored exam
  • The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of information security
    • Domain 2: Information security control best practice based on ISO 27002
    • Domain 3: Planning an ISMS based on ISO 27001
    • Domain 4: Implementing an ISMS based on ISO 27001
    • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001
    • Domain 6: Continual improvement of an ISMS based on ISO 27001
    • Domain 7: Preparing for an ISMS certification audit
  • A certificate will be issued to participants who successfully pass the exam via PECB

Examination Re-Sit Options:

  • If you are unsuccessful on your first attempt at the exam, you are eligible for one FREE re-take of the exam within 12 months from the initial date.
  • Exam re-sit fees apply for 3rd attempts at the exam or additional attempts post the initial 12 month period.

Certification Levels

There are three levels of accreditation that you can apply for after passing the exam, depending on professional experience:

  • ISO/IEC 27001 Provisional Implementer - exam passed, no direct professional experience, no ISMS project experience
  • ISO/IEC 27001 Implementer - exam passed, two years professional experience with at least one year in information security, project experience of at least 200 hours
  • ISO/IEC 27001 Lead Implementer - exam passed, five years professional experience with at least two years in information security, project experience of at least 300 hours

Candidates can apply for the appropriate level of accreditation once exam results have been received.

Exam Re-takes

There is no limit to the number of times a candidate can retake an exam. However, there are certain limitations in terms of the time span between exam retakes.
  • If a candidate does not pass the exam on the 1st attempt, s/he must wait 15 days after the initial date of the exam for the next attempt (1st retake).
Note: Candidates who have completed the training course with ALC and failed the first exam attempt, are eligible to retake for free the exam within a 12-month period from the date the coupon code is received (because the fee paid for the training course, includes a first exam attempt and one retake). Otherwise, retake fees apply.
To arrange exam retakes, based on exam format, candidates that have completed a training course, must follow the steps below:
  1. Online Exam: when scheduling the exam retake, use initial coupon code to waive the fee.
  2. Paper-Based Exam: candidates need to contact ALC.