The purpose of the practitioner qualification is to validate if the candidate has achieved sufficient understanding of ISO/IEC 27001 and its application in a given situation. On completion of this training course, learners will be able to:
- Apply the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context
- Apply the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
- Analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement.
- Analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS.
- Understand, create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001.
- Identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001.