ISO 27701 Training & Certification - PIMS

The ISO/IEC 27701 Lead Implementer training course enables you to develop the necessary expertise to assist an organization to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS) based on ISO/IEC 27701 by enhancing an existing ISMS based on ISO/IEC 27001 and the guidance of ISO/IEC 27002.

Day 1: Introduction to ISO/IEC 27701 and initiation of a PIMS

• Training course objectives and structure
• Standards and regulatory frameworks
• Privacy Information Management System (PIMS)
• Fundamental concepts and principles of information security and privacy
• Initiation of the PIMS implementation
• Analysis of the ISMS scope and Statement of Applicability
• PIMS scope
• Management approval
• Privacy policy
• Privacy risk assessment

Day 2: Planning the implementation of a PIMS

• Privacy impact assessment
• PIMS Statement of Applicability
• Documentation management
• Selection of controls
• Implementation of controls

Day 3: Implementing a PIMS

• Implementation of controls (cont’d)
• Implementation of controls specific for PII controllers
• Implementation of controls specific for PII processors

Day 4: PIMS monitoring, continual improvement and preparation for the certification audit

• Awareness, training, and communication
• Monitoring, measurement, analysis, evaluation, and management review
• Internal audit
• Treatment of nonconformities
• Continual improvement
• Preparing for the certification audit
• Certification process and closing of the training course

Day 5: Certification Exam

A fundamental understanding of information security and comprehensive knowledge of the ISMS implementation principles.

The ISO/IEC 27701 Lead Auditor training course enables you to develop the necessary skills to perform a Privacy Information Management System (PIMS) audit by applying widely recognized audit principles, procedures and techniques.

Day 1: Introduction to Privacy Information Management System (PIMS) and ISO/IEC 27701

• Training course objectives and structure
• Standards and regulatory frameworks
• Certification process
• Fundamental information security and privacy concepts and principles
• Privacy information management system (PIMS)

Day 2: Audit principles, preparation, and launching of an audit

• Fundamental audit concepts and principles
• The impact of trends and technology in auditing
• Evidence-based auditing
• Risk-based auditing
• Initiation of the audit process
• Stage 1 audit

Day 3: On-site audit activities

• Preparations for stage 2 audit (on-site audit)
• Stage 2 audit
• Communication during the audit
• Audit procedures
• Creating audit test plans

Day 4: Closing the audit

• Drafting audit findings and nonconformity reports
• Audit documentation and quality review
• Closing of the audit
• Evaluation of action plans by the auditor
• Beyond the initial audit
• Managing an internal audit program
• Closing of the training course

Day 5: Certification Exam

A fundamental understanding of information security and privacy, and a comprehensive knowledge of audit principles.