Reviewing and improving an organisation’s ISMS critical for ISO 27001 surveillance audits


Ely, England, 6 September 2011IT Governance Ltd, the global leader in ISO 27001 training, consultancy, books, and tools, has reported that continuous improvement is the cornerstone of ISO 27001 compliance. Since there is very little guidance on what the next steps are, after gaining ISO 27001 certification, the first Reviewing and Improving Your ISMS Training programme has been recently launched in order to fill in the gap.

All information security management systems (ISMS) are constantly being challenged by new technical threats and vulnerabilities and by the demands of changes in legislation and compliance to additional standards. It is the responsibility of Information Security managers to ensure that their corrective action and preventative action (CAPA) plan is regularly updated in order to meet the ever-changing business and technology trends.

Alan Calder, CEO of IT Governance, says: “Gaining ISO 27001 certification is one thing, but what next? ISO 27001 is a security management standard that rightly expects you to continually reassess your business, risk and compliance environment in line with ‘real-world’ developments. Continuous improvement is defined in Clause 8 of the Standard and is an overt part of the Plan-Do-Check-Act approach. This is best achieved by implementing effective corrective and preventive plans together with a formal review process and strong internal audit structure.”

The Reviewing and Improving Your ISMS Training programme consists of four training courses delivered on a quarterly basis to ensure delegates receive timely and relevant information and the advice on how it affects their information security management system. Each course includes 18 topical sessions and uses case studies, giving delegates the opportunity to learn from real-life experiences.

With this training programme, which is the first of its kind, the experts from IT Governance are taking ISO 27001 training to the next level  by ensuring training is up to date and comprehensive. No two of the quarterly courses will be the same, as the trainers will take into account new laws and regulations, threats and vulnerabilities, technologies, standards and certification requirements.

Calder continues: ‘The courses are designed for individuals whose role requires them to have a broad understanding of current trends in information security, and to be aware of new and emerging regulation and technical standards and evolving best practice in reviewing and improving an ISMS. The scope of training, therefore, makes the courses relevant to everyone from an information security manager or an IT auditor to a board director or chief information officer.”

The Reviewing and Improving Your ISMS Training programme, will be led by Calder and Steve Watkins, Consultancy Director of ITG, who together co-authored IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002. The courses will provide delegates with an opportunity to interact with their trainers to help identify and apply current lessons to their own organisations.

The courses will be held in London, with the first course taking place on October 24-25 2011. The scheduled dates for 2012 are January 24-25, April 18-19 and July 17-18, with each course offering 15 hours of continuing professional development (CPD).

Organisations can book delegates onto the ISO 27001 courses online here Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone or by e-mail, to  We also welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.

This website uses cookies. View our cookie policy