SC124: ISMS Implementation for Energy Utilities / CRITIS in accordance with ISO/IEC 27001:2022 and ISO/IEC 27019

Training: Governance, Risk & Compliance - Security - Certification

Participants learn the fundamentals of implementing an ISMS according to ISO/IEC 27001:2022 in combination with ISO/IEC 27019 for utilities/critical infrastructures. The training covers ISO/IEC 27001, 27002, TR 27019, and relevant IT security catalogs in depth. Exercises, case studies, and discussions provide practical insights into how to implement standard requirements and apply them in their own environment.

Online training Online training

Start: 2025-11-03 | 10:00 am

End: 2025-11-05 | 05:00 pm

Location: Online

Price: 1.650,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-01-12 | 10:00 am

End: 2026-01-14 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training Presence training

Start: 2026-03-23 | 10:00 am

End: 2026-03-25 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-06-15 | 10:00 am

End: 2026-06-17 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training Presence training

Start: 2026-09-07 | 10:00 am

End: 2026-09-09 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training Presence training

Start: 2026-11-30 | 10:00 am

End: 2026-12-02 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Online training Online training

Start: 2025-11-03 | 10:00 am

End: 2025-11-05 | 05:00 pm

Location: Online

Price: 1.650,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-01-12 | 10:00 am

End: 2026-01-14 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training Presence training

Start: 2026-03-23 | 10:00 am

End: 2026-03-25 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-06-15 | 10:00 am

End: 2026-06-17 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training Presence training

Start: 2026-09-07 | 10:00 am

End: 2026-09-09 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Presence training Presence training

Start: 2026-11-30 | 10:00 am

End: 2026-12-02 | 05:00 pm

Location: Nürnberg

Price: 1.650,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Part 1: Brief introduction: Understanding information security and threat landscape

  • Part 2: The ISO/IEC 27001 standard family, as well as legal, regulatory requirements
    • Overview of the standards diversity
    • Structure of ISO/IEC 27001, 27002 and ISO/IEC 27019
    • IT security catalogs §11 (1a), (1b) EnWG (IT-SiK)
    • Conformity assessment program of BNetzA
    • BSI™ Act and BSI™-KRITIS ordinance, §8a requirements
    • Sector-Specific Security Standards (B3S)

  • Part 3: The management system ISO/IEC 27001, Chapters 4 - 10
    • Chapter 4: Context of the organization
      • What is the internal and external context, interested parties?
      • How should the so-called scope be derived and how could a scope document be structured?
      • What influence do IT-SiK and §8a requirements have on the scope
    • Chapter 5: Leadership
      • Requirements and roles of management in the ISMS
      • Components of an information security policy
      • Roles and responsibilities in the ISMS
    • Chapter 6: Planning
      • ISMS Risk Management: Standard requirements and solution approaches for practice to fulfill the requirements from IT-SiK or §8a BSI™-G
      • Components of risk management according to ISO/IEC 27005
      • Structure of a Statement of Applicability (SoA)
      • How are company-specific controls appropriately implemented? "Everyone reads from the same standard, but what does this mean specifically for energy suppliers?"
      • Risk matrix, risk owner and risk treatment options/plans
    • Chapter 7: Support
      • Resources, competencies, awareness, documented information
    • Chapter 8: Operation
      • Requirements and challenges for maintaining a management system
    • Chapter 9: Performance evaluation
      • Measuring and evaluating with metrics and KPIs
      • Conducting internal audits, structure of audit plans and audit programs
      • Components of a management review
    • Chapter 10: Improvement
      • Requirements for corrective actions from audits and security incidents
      • Establishment of a continuous improvement process (CIP)

  • Part 4: Presentation and discussion of selected technical-organizational controls from ISO/IEC 27001, Annex A
    • ISO/IEC 27001/27002: among others asset management, supplier management, incident management
    • ISO/IEC 27019: Content of the 14 new controls and use of the supplementary implementation guidance, among others physical security of control rooms and operational facilities.
    • Reporting obligations from §11 (1c) EnWG and §8b (3) BSI™-G. structure of a contact point for constant accessibility by the Federal Office for Information Security

  • Part 5: Certification & audits
    • The certification cycle
    • The path to successful certification - what must be considered?

Objectives:

The goal of the course is to fundamentally understand a management system according to ISO/IEC 27001 and to be able to derive requirements for certifications and audits.

You will receive comprehensive knowledge for the planning, implementation, monitoring, improvement, and ongoing operation of an ISMS.

Furthermore, the course provides a solid foundation for further advanced courses, such as:

An active exchange of information among participants is encouraged.

The course does not aim to present a set of templates and documentation but is directed at individuals who want to operate a standards-compliant management system. The course does not constitute legal advice on the application of legal and regulatory requirements.

At the end of the last training day, there is an opportunity to take an exam. Upon passing, a certificate will be issued. All exam content will be covered in the seminar.

The certificate title is: "ISMS Implementer for Energy Supply Companies/Critical Infrastructure according to ISO/IEC 27001 and 27019"

Target audience:

Legal requirements and the increase in cyber threats present new challenges in information security for the energy supply sector.

The course is primarily aimed at:

- Operators of energy supply networks electricity/gas §11 (1a) EnWG (distribution network/transmission network operators)

- Operators of energy facilities according to §11 (1b) EnWG (power plants, gas storage facilities, etc.)

- Critical infrastructure operators according to §8a BSI™ Act (e.g., virtual power plants)

- Companies with ISMS operations according to ISO/IEC 27001 and process IT background

Prerequisites:

The seminar SC124 ISMS Implementation for Energy Utilities / CRITIS in accordance with ISO/IEC 27001:2022 and ISO/IEC 27019 is aimed equally at beginners and experienced professionals. Prior knowledge of management systems (e.g., ISO/IEC 27001, ISO 9001, etc.) is helpful but not a mandatory requirement.

If an ISMS is already implemented in your own company, participants should inform themselves about it in advance in order to potentially ask targeted questions and better contextualize course content.

Description:

Our seminar SC124 ISMS Implementation for Energy Utilities / CRITIS in accordance with ISO/IEC 27001:2022 and ISO/IEC 27019 establishes the essential foundations for building an Information Security Management System in accordance with ISO/IEC 27001 in conjunction with ISO/IEC 27019. The course is based on the 2022 version of the standard.

It intensively works with the following standards: ISO/IEC 27001, ISO/IEC 27002, ISO/IEC TR 27019, as well as the IT security catalogs.

Exercises, case studies, and room for discussion from practice make the dry standard theory exciting.
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

1.650,00 € plus VAT.

(including lunch & drinks)

Exam (Optional):

100,00 € plus VAT.

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.