PECB ISO/IEC 27005 Foundation Training Course

The PECB Certified DORA Lead Manager training program provides you with the essential skills to lead and manage the implementation of digital operational resilience strategies within financial entities, ensuring compliance with the European Union’s Digital Operational Resilience Act (DORA)

This training program is designed to help participants grasp the fundamental concepts and principles of a business continuity management system (BCMS) aligned with ISO 22301. Through this course, you will gain deeper insight into the standard's structure and requirements, including the BCMS policy, top management’s commitment, internal audits, management reviews, and the continual improvement process.

In light of the increasing frequency of disruptions and the unpredictable nature of various disasters—ranging from natural and occupational hazards to information security incidents—organizations are increasingly striving for ISO 22301 certification. As compliance with ISO 22301 becomes more critical, there is a rising demand for competent auditors equipped with the skills and knowledge to evaluate and verify organizational conformity.

Disasters affect organizations in diverse ways. They may stem from natural occurrences, information security violations, or a variety of other incidents. Their unpredictable nature underscores the critical importance of preparedness, which helps distinguish your business and define its future trajectory. Consequently, adequate planning is vital for mitigating risks, limiting adverse outcomes, and handling the negative effects of disasters and incidents, while guaranteeing that daily operations continue seamlessly to satisfy customer needs without any disruption.

Why participate?

The ISO/IEC 27001 Foundation training equips you with the fundamental knowledge required to implement and manage an Information Security Management System (ISMS) in accordance with ISO/IEC 27001. Throughout this course, you will gain a comprehensive understanding of the various ISMS components, such as ISMS policies, procedures, performance metrics, management commitment, internal auditing, management review, and the principle of continual improvement.

Upon successful completion of the course, you will be eligible to take the examination and apply for the “PECB Certified ISO/IEC 27001 Foundation” credential. This certificate validates your grasp of the essential methodologies, requirements, frameworks, and management approaches defined by the standard.

Target Audience

• Professionals engaged in Information Security Management
• Individuals aiming to acquire knowledge about the core processes of Information Security Management Systems (ISMS)
• Career seekers interested in Information Security Management

Training Methodology

• Lectures are enhanced with practical questions and real-world examples
• Practical exercises feature illustrative examples and interactive discussions
• Practice tests mirror the format and style of the Certification Exam

ISO/IEC 27001 Lead Auditor

The ISO/IEC 27001 Lead Auditor training program equips you with the essential expertise to conduct Information Security Management System (ISMS) audits by applying internationally recognized audit principles, procedures, and techniques.

Why should you attend?

Through this training course, you will gain the knowledge and skills required to plan and execute both internal and external audits in accordance with ISO 19011 and the ISO/IEC 17021-1 certification process.

Based on practical exercises, you will master audit techniques and become competent in managing audit programs and teams, handling customer communications, and resolving conflicts.

Upon acquiring the necessary expertise to perform this audit, you may sit for the exam and apply for the “PECB Certified ISO/IEC 27001 Lead Auditor” credential. Holding a PECB Lead Auditor Certificate demonstrates that you possess the capabilities and competencies to audit organizations based on best practices.

Who should attend?

• Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
• Managers or consultants seeking to master an Information Security Management System audit process
• Individuals responsible for maintaining conformance with Information Security Management System requirements
• Technical experts seeking to prepare for an Information Security Management System audit
• Expert advisors in Information Security Management

Learning objectives

• Understand the operations of an Information Security Management System based on ISO/IEC 27001
• Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
• Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
• Learn how to lead an audit and audit team
• Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
• Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011

Educational approach

• This training is based on both theory and best practices used in ISMS audits
• Lecture sessions are illustrated with examples based on case studies
• Practical exercises are based on a case study which includes role playing and discussions
• Practice tests are similar to the Certification Exam

ISO 9001 and ISO 27001 stand as globally acknowledged benchmarks for quality management and information security management systems, respectively.

Delivered through instructor-led live sessions, available either online or on-site, this training is designed for professionals at an intermediate level who aim to master the interpretation of ISO 9001 and ISO 27001 standards and execute internal audits with confidence.

Upon completing this course, participants will be equipped to:

• Grasp the fundamental principles and mandatory requirements of both ISO 9001 and ISO 27001.
• Apply the interpretation of specific clauses and controls to practical, real-world situations.
• Effectively plan and carry out internal audits in accordance with ISO standards.
• Detect nonconformities and propose appropriate corrective measures.

Course Delivery Format

• Engaging interactive lectures paired with group discussions.
• Practical auditing exercises and in-depth case studies.
• Direct analysis of quality and security scenarios to reinforce learning.

Customization Options

• For tailored training solutions based on this curriculum, please reach out to us to coordinate arrangements.

The ISO/IEC 27001 Transition training course allows participants to gain a comprehensive understanding of the distinctions between ISO/IEC 27001:2013 and ISO/IEC 27001:2022. Furthermore, participants will learn about the new concepts introduced by ISO/IEC 27001:2022.

Who can attend?

• Auditors seeking to perform and lead information security management system (ISMS) audits
• Managers or consultants seeking to master the information security management system audit process
• Individuals responsible to maintain conformity with the ISMS requirements in an organization
• Technical experts seeking to prepare for the information security management system audit
• Expert advisors in information security management

Learning objectives

By the end of this training course, the participants will be able to:

1. Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
2. Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor
3. Evaluate the ISMS conformity to ISO/IEC 27001 requirements, in accordance with the fundamental audit concepts and principles
4. Plan, conduct, and close an ISO/IEC 27001 compliance audit, in accordance with ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other best practices of auditing
5. Manage an ISO/IEC 27001 audit program

Educational approach

• This training is based on both theory and best practices used in ISMS audits
• Lecture sessions are illustrated with examples based on case studies
• Practical exercises are based on a case study which includes role playing and discussions
• Practice tests are similar to the Certification Exam

This instructor-led, live training in Serbia (online or onsite) is aimed at intermediate-level professionals who wish to develop a systematic approach to identifying, analyzing, and resolving problems using RCA methodologies.

By the end of this training, participants will be able to:

• Understand essential concepts of RCA and continuous improvement cycles.
• Apply different RCA tools to identify the root cause of problems.
• Develop and implement effective problem-solving strategies.
• Integrate RCA into organizational improvement and prevention efforts.

The primary objective of this program is to shift the audit process from a reactive approach focused on identifying issues to a proactive strategy centered on prevention. By mastering Root Cause Analysis, the Internal Audit team will focus on eliminating recurring findings. This ensures that when a weakness is identified, the recommendations offer a lasting solution, thereby protecting the company's operational efficiency and financial integrity.

Failing to implement structured RCA creates a high-risk environment:

• Financial Erosion: Unaddressed root causes in financial processes result in cumulative losses that increase over time.
• Resource Wastage: Auditors spend 40% more time re-auditing the same failed controls rather than focusing on new strategic risks.
• Diminished Authority: Continuously reporting the same issues weakens the Audit Division's influence with senior management and auditees.

This instructor-led, live training in Serbia (available online or onsite) is intended for intermediate-level internal auditors aiming to boost their audit effectiveness through the application of structured RCA techniques.

By the conclusion of this training, participants will be able to:

• Grasp RCA methodologies and their role in internal auditing.
• Identify and analyze the root causes of audit findings.
• Apply RCA tools such as the 5 Whys, Fishbone Diagram, and Failure Mode and Effects Analysis (FMEA).
• Develop corrective and preventive action plans based on RCA findings.
• Integrate RCA into the internal audit process to improve risk management.

This instructor-led, live training (available online or onsite) is designed for intermediate-level safety professionals and operational managers seeking to enhance their skills in investigating incidents, identifying systemic weaknesses, and developing effective corrective and preventive actions.