+49 (911) 80 10 30

Give us a call or have us call you back!

Simply leave a message with your callback appointment

Your Name *

Your phone number *

Callback date *

Callback time *

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.

* All fields marked with an asterisk are mandatory fields.
Send a message

Your Name *

Your email *

Your phone number

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.*

* All fields marked with an asterisk are mandatory fields.
Social Media

Share page

SC120: ISMS Implementation according to ISO/IEC 27001:2022

Training: Governance, Risk & Compliance - Security - Certification

Participants receive an introduction to the implementation of an information security management system (ISMS) in accordance with ISO/IEC 27001:2022. The course covers fundamentals, key requirements, and the structured handling of sensitive information across people, processes, and technical components.

Appointment selection

Appointments in German language (8)


Hybrid training	2025-11-10 \| 10:00 am	2025-11-12 \| 05:00 pm	Nürnberg
Hybrid training	2025-12-15 \| 10:00 am	2025-12-17 \| 05:00 pm	Nürnberg
Hybrid training	2026-02-09 \| 10:00 am	2026-02-11 \| 05:00 pm	Nürnberg
Presence training	2026-04-27 \| 10:00 am	2026-04-29 \| 05:00 pm	Nürnberg
Hybrid training	2026-06-22 \| 10:00 am	2026-06-24 \| 05:00 pm	Nürnberg
Presence training	2026-09-14 \| 10:00 am	2026-09-16 \| 05:00 pm	Nürnberg
Hybrid training	2026-11-09 \| 10:00 am	2026-11-11 \| 05:00 pm	Nürnberg
Hybrid training	2026-12-14 \| 10:00 am	2026-12-16 \| 05:00 pm	Nürnberg

Possible course languages: German

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Hybrid training

Start: 2025-11-10 | 10:00 am

End: 2025-11-12 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training

Start: 2025-12-15 | 10:00 am

End: 2025-12-17 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training

Start: 2026-02-09 | 10:00 am

End: 2026-02-11 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training

Start: 2026-04-27 | 10:00 am

End: 2026-04-29 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training

Start: 2026-06-22 | 10:00 am

End: 2026-06-24 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training

Start: 2026-09-14 | 10:00 am

End: 2026-09-16 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training

Start: 2026-11-09 | 10:00 am

End: 2026-11-11 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training

Start: 2026-12-14 | 10:00 am

End: 2026-12-16 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Agenda:

Part 1: Brief introduction: Understanding information security and threat landscape
Part 2: The ISO/IEC 27001 Standard family, BSI™ IT-Grundschutz
- Overview of the standards environment
- Structure and interaction of ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27003
Part 3: The management system ISO/IEC 27001, Chapters 4 - 10
- Chapter 4: Context of the organization
  - What is the internal and external context, interested parties?
  - How should the scope be derived and how should a good scope document be structured?
- Chapter 5: Leadership
  - Requirements and roles of management in the ISMS
  - Components of an information security policy
  - Roles and responsibilities in the ISMS
- Chapter 6: Planning
  - ISMS risk management: Standard requirements and solution approaches for practice
  - Components of risk management according to ISO/IEC 27005
  - Structure of a Statement of Applicability (SoA)
  - How are company-specific controls appropriately implemented?
  - Risk matrix, risk owner and risk treatment options/plans
- Chapter 7: Support
  - Resources, competencies, awareness, documented information
- Chapter 8: Operation
  - Requirements and challenges for maintaining a management system
- Chapter 9: Performance evaluation
  - Measuring and evaluating with metrics and KPIs
  - Conducting internal audits, structure of audit plans and audit programs
  - Components of a management review
- Chapter 10: Improvement
  - Requirements for corrective actions from audits and security incidents
  - Establishment of a continuous improvement process
Part 4: Selected topics from ISO/IEC 27001, Annex A
- Information classification
- Information security incident management
- Information security aspects in Business Continuity Management
Part 5: Certification & audits
- The certification cycle
- The path to successful certification - what must be considered?

Objectives:

The objective of the course SC120 ISMS Implementation according to ISO/IEC 27001:2022 is to fundamentally understand a management system in accordance with ISO/IEC 27001 and to be able to derive requirements for certifications and audits.

You will gain in-depth knowledge for the planning, implementation, monitoring, improvement, and ongoing operation of an ISMS.

Furthermore, the course provides a solid foundation for further advanced courses, such as:

An active exchange of information among participants is encouraged.

The course does not aim to present a set of templates and documentation but is directed at individuals who wish to operate a standards-compliant management system. The course does not constitute legal advice on the application of legal and regulatory requirements.

On the last day of the training, there is an opportunity to take an exam. Upon passing, a certificate will be issued. All exam content will be covered in the seminar.

The certificate title is "ISMS Implementer for ISO/IEC 27001:2022".

Target audience:

Security Consultants

Individuals Responsible for the Implementation and Execution of ISO/IEC 27001:2022

Note: If you are working in the environment of energy suppliers/Critical Infrastructure (KRITIS), we offer the SC124 ISMS Implementation for Energy Utilities / CRITIS in accordance with ISO/IEC 27001:2022 and ISO/IEC 27019, a course specialized to meet your specific requirements.

Prerequisites:

The seminar SC120 ISMS Implementation according to ISO/IEC 27001:2022 is aimed equally at beginners and experienced professionals. Prior knowledge of management systems (e.g., ISO/IEC 27001, ISO 9001, etc.) is helpful but not a mandatory requirement.

If an ISMS is already implemented in your own company, participants should inform themselves about it in advance in order to potentially ask targeted questions and better contextualize course content.

Description:

The training SC120 ISMS Implementation according to ISO/IEC 27001:2022 addresses the fundamentals of an ISMS in accordance with ISO/IEC 27001:2022.

The necessity for organizations to better protect their information is underscored by the increasing frequency of security breaches and the rising value of information.
The Information Security Management System (ISMS) provides a controlled and organized approach to handling an organization's sensitive information, ensuring it is always secure and under control. Implementation affects people, processes, and technical components.

Guaranteed implementation:

from 2 Attendees

Booking information:

Duration:

3 Days

Price:

1.650,00 € plus VAT.

(including lunch & drinks)

Exam (Optional):

100,00 € plus VAT.

Appointment selection:

Testimonials:

Cheerful male participant, representative of all customers who have provided feedback on qSkills' services.

#Testimonials

If qualification, then qSkills™

Authorized training partner

NetApp Partner Authorized Learning

Commvault Training Partner

CQI | IRCA Approved Training Partner

Veeam Authorized Education Center

Acronis Authorized Training Center

AWS Partner Select Tier Training

ISACA Accredited Partner

CompTIA Authorized Partner

EC-Council Accredited Training Center

Authorized training partner

NetApp Partner Authorized Learning

Commvault Training Partner

CQI | IRCA Approved Training Partner

Veeam Authorized Education Center

Acronis Authorized Training Center

AWS Partner Select Tier Training

ISACA Accredited Partner

iSAQB

CompTIA Authorized Partner

EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit

TeleTrust Pioneers in IT security

Bundesverband der IT-Sachverständigen und Gutachter e.V.

Bundesverband mittelständische Wirtschaft (BVMW)

Allianz für Sicherheit in der Wirtschaft

NIK - Netzwerk der Digitalwirtschaft

Bayern Innovativ

IHK Nürnberg für Mittelfranken

Sicherheitsnetzwerk München e.V.

Memberships

Allianz für Cyber-Sicherheit

TeleTrust Pioneers in IT security

Bundesverband der IT-Sachverständigen und Gutachter e.V.

Bundesverband mittelständische Wirtschaft (BVMW)

Allianz für Sicherheit in der Wirtschaft

NIK - Netzwerk der Digitalwirtschaft

BVSW

Bayern Innovativ

KH-iT

CAST

IHK Nürnberg für Mittelfranken

eato e.V.

Sicherheitsnetzwerk München e.V.