ISO 27001:2013 Requirements (1.0 Day) – Onsite Only


Our 1.0 day onsite course will explain and interpret the ISO 27001:2013 requirements for an information security management system at your organization. See the course outline below for the topics, class workouts, and team activities.

Course Outline

Annex L, Appendix 2 (was Annex SL)
Clause Structure
Requirement Grouping

Introduction to ISO 27001:2013
0.1 General
ISO 27001 Family of Standards
0.2 Compatibility with Other Management System Standards
Clause Structure in PDCA Cycle

1. Scope
2. Normative References
3. Terms and Definitions

Context of the Organization
4.1 Understanding the Organization and its Context
ISO 31000 Internal and External Context
4.2 Understanding the Needs and Expectations of Interested Parties
4.3 Determining the Scope of the Information Security Management System
4.4 Information Security Management System
Class Workout – Clause 4
Team Activity – Clause 4

5.1 General
5.2 Quality Policy
5.3 Organizational Roles, Responsibilities, and Authorities
Class Workout – Clause 5
Team Activity – Clause 5

6.1 Actions to Address Risks and Opportunities
6.1.1 General
6.1.2 Information Security Risk Assessment
6.1.3 Information Security Risk Treatment
6.2 Information Security Objectives and Planning to Achieve Them
Class Workout – Clause 6
Team Activity – Clause 6

7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information
7.5.1 General
7.5.2 Creating and Updating
7.5.3 Control of Documented Information
Class Workout – Clause 7
Team Activity – Clause 7

8. Operation
8.1 Operational Planning and Control
8.2 Information Security Risk Assessment
8.3 Information Security Risk Treatment
Class Workout – Clause 8
Team Activity – Clause 8

9. Performance Evaluation
9.1 Monitoring, Measurement, Analysis, and Evaluation
9.2 Internal Audit
9.3 Management Review
Class Workout – Clause 9

Team Activity – Clause 9

10. Improvement
10.1 Nonconformity and Corrective Action
10.2 Continual Improvement
Class Workout – Clause 10
Team Activity – Cause 10

Annex A
A.5 – Information security policies
A.6 – Organization of information security
A.7 – Human resource security
A.8 – Asset management
A.9 – Access control
A10 – Cryptography
A11 – Physical and environmental security
A.12 – Operations security
A.13 – Communication security
A.14 – System acquisition, development, and maintenance
A.15 – Supplier relationships
A.16 – Information security incident management
A.17 – Information security continuity
A.18 – Compliance with legal and contractual requirements
Team Activity – Annex A

Course Summary
Questions and Answers
Course Evaluations
Student Certificates

Course Handouts

Copy of Presentation Slides
Annex L – Appendix 2
Clause Quick Reference


1.0 days

Class Hours

8:30 AM to 4:30 PM


An onsite class is $2000, plus instructor travel expenses, plus $50 per student for materials. An all-inclusive price will be quoted.

A copy of the standard will not be needed for the course exercises. The class size should be at least 4 students and no more than 25 students.

NOTE: If you are interested in scheduling an onsite class, please send an email to

Whittington & Associates

We are committed to providing expert training, effective consulting, and valuable auditing. If you have any questions about our services, please contact us at 770-862-1766, or