ISO/IEC Information Security Lead Implementer Course


5 Days


Employees of federal, state and local governments; and businesses working with the government.

Course Description:

This five-day intensive course enables the participants to develop the expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013. Participants will also master the best practices for implementing information security controls from the eleven areas of ISO/IEC 27002:2005.

This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).


  • Project manager or consultant wanting to prepare for and support an organization in the implementation of an Information Security Management System (ISMS)
  • ISO27001 Auditor who wants to master the Information Security Management System implementation process
  • Person responsible for the information security or conformity in an organization
  • Member of the information security team
  • Expert advisor in information technology
  • Technical expert wanting to prepare for an information security function or for an ISMS project management function

Learning Objectives:

At the end of this course, the participant will gain competencies in:

  • Understanding the application of an Information Security Management System in the ISO/IEC 27001:2013 context
  • Mastering the concepts, approaches, standards, methods and techniques allowing effective management of an Information Security Management System
  • Understanding the relationship between an Information Security Management System, including risk management and controls and compliance with the requirements of different stakeholders of the organization
  • Acquiring expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001:2013
  • Acquiring the expertise necessary to manage a team in implementing the ISO/IEC 27001:2013 standard
  • Developing personal skills and knowledge required to advise organizations on best practices in management of information security
  • Improving the capacity for analysis and decision making in a context of information security management

Case Study:

  • Scenario driven learning is essential to mastering the content taught during the training. This training includes a real life case study and assignments to:
  • Provide applicable situations and cases
  • Present a real world connect using situations that can happen in the day to day life of participants
  • Discuss the use and implementation of an ISMS with group members


  • ISO 27001 Foundation Certification or a basic knowledge of ISO 27001 is recommended
  • Participants are required to purchase a copy of the ISO/IEC 27001:2013 Standard from
  • Upon passing the Lead Implementer Exam, the candidate can get registered with PECB to become:
  • A Provisional Implementer – Required: No experience required
  • An Implementer – Required: 2 years of professional experience, 1 year of information security experience, ISMS project activities totalling 200 hours
  • A Lead Implementer – Required: 5 years of professional experience, 2 years of information security experience, ISMS project activities totalling 300 hours

Course Material:

Participants receive:

  • A copy of the classroom presentation material
  • A study handbook containing information and practical examples

About the Examination:

The “Certified ISO/IEC 27001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:

  • Domain 1: Fundamental principles and concepts of information security
  • Domain 2: Information security control best practice based on ISO 27002
  • Domain 3: Planning an ISMS based on ISO 27001
  • Domain 4: Implementing an ISMS based on ISO 27001
  • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001
  • Domain 6: Continual improvement of an ISMS based on ISO 27001
  • Domain 7: Preparing for an ISMS certification audit

The “Certified ISO/IEC 27001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form)

The paper-based exam consists of 12 essay-type questions

Open book: Participants may use all PECB provided documentation plus their own course notes, but will not be permitted to use any computer, laptop or any other electronic device.

Paper-based exam

A minimum score of 70% is required to pass the exam

The exam lasts 180 minutes

After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Implementer, Certified ISO/IEC 27001 Implementer or Certified ISO/IEC 27001 Lead Implementer, depending on their level of experience
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential


Day 1

  • Introduction to Information Security Management System (ISMS) concepts as required by
  • ISO 27001; Initiating an ISMS
  • Introduction to management systems and the process approach
  • Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and establishment of the level of the maturity level of an existing information security management system based on ISO 21827
  • Writing a business case and a project plan for the implementation of an ISMS

Day 2:

  • Planning the implementation of an ISMS based on ISO 27001
  • Defining the scope of an ISMS
  • Development of an ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (drawing on guidance from
  • ISO 27005)
  • Drafting the Statement of Applicability

Day 3

  • Implementing an ISMS based on ISO 27001
  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident management (based on guidance from ISO 27035)
  • Operations management of an ISMS

Day 4

  • Controlling, monitoring, measuring and improving an ISMS; certification audit of the ISMS
  • Controlling and Monitoring the ISMS
  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004
  • ISO 27001 internal Audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO 27001 certification audit

Day 5

  • Certification Exam