+49 (911) 80 10 30

Give us a call or have us call you back!

Simply leave a message with your callback appointment

Your Name *

Your phone number *

Callback date *

Callback time *

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.

* All fields marked with an asterisk are mandatory fields.
Send a message

Your Name *

Your email *

Your phone number

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.*

* All fields marked with an asterisk are mandatory fields.
Social Media

Share page

SC185: Practical Implementation of ISO 27001/27002

Training: Governance, Risk & Compliance - Security

Participants learn how to apply Annex A of ISO 27001/27002 in practice. The workshop provides concrete examples and demonstrates how to bring the generic requirements of the standard to life. Experienced information security consultants and CISOs share insights into typical implementation strategies and best practices to build and operate an effective ISMS.

Appointment selection

Appointments in German language (3)


Hybrid training	2025-11-24 \| 10:00 am	2025-11-28 \| 01:30 pm	Nürnberg
Hybrid training	2026-04-13 \| 10:00 am	2026-04-17 \| 01:30 pm	Nürnberg
Hybrid training	2026-10-05 \| 10:00 am	2026-10-09 \| 01:30 pm	Nürnberg

Possible course languages: German

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Hybrid training

Start: 2025-11-24 | 10:00 am

End: 2025-11-28 | 01:30 pm

Location: Nürnberg

Price: 2.950,00 € plus VAT.

Hybrid training

Start: 2026-04-13 | 10:00 am

End: 2026-04-17 | 01:30 pm

Location: Nürnberg

Price: 2.950,00 € plus VAT.

Hybrid training

Start: 2026-10-05 | 10:00 am

End: 2026-10-09 | 01:30 pm

Location: Nürnberg

Price: 2.950,00 € plus VAT.

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Agenda:

Overview of the standards
ISMS implementation – Essential points
Practical implementation of requirements / controls
Organizational requirements group
- IS incident management (reporting and handling of IS incidents, tools for incident management, forensics fundamentals, incident analysis)
- Security in development processes (test data protection, outsourced development, test development and production environment, development methodologies)
- Vulnerability management (organizational linkage to risk management, technical vulnerability management methods, tools)
- Asset management (tools, asset identification, identification and inventory, CMDB, CIS)
- Classification policies (digital rights management, classification levels, structure and content)
- Policies (private/business separation, BYOD, private internet and email usage, employer control rights and obligations)
- Operations and communications management, IT operations processes (change management, capacity management)
- Procurement, development and maintenance of information systems
- User management (password fundamentals, LDAP, identity and access management, active directory)
- Information exchange (exchange agreements, NDAs, technical data exchange + special features)
- Access to information and applications (tools, role and rights management, audit)
Human resources requirements group
- User responsibility (password handling, social engineering, clear desk and clear screen)
- Mobile computing and teleworking (fundamentals, organization and technology)
Physical requirements group
- Access control (security zone concepts, access control systems, CCTV, intrusion and fire detection)
- Physical security (cabling security, power supply, air conditioning, fire suppression systems, secure infrastructure operations)

Technical requirements group
- Network access control (fundamentals, protocols)
- Monitoring (system monitoring, logging, log file analysis, legal requirements for monitoring and logging, forensic investigation)
- Cryptographic measures (cryptography fundamentals, encryption methods e.g. AES and RSA, organizational key management foundation)
- Important security protocols (SSL/TLS, VPN, IPSEC)
- Malware protection (definition, function, protection methods, removal measures)
- Backup (backup fundamentals, storage, SAN, archiving, technical data backup, backup concepts)
- Media handling (endpoint security, media encryption, secure deletion procedures)
- Operating system access (user management)
Summary and discussion

Objectives:

In the workshop SC185 Practical Implementation of ISO 27001/27002, you will learn from experienced practitioners how to handle information security in a practical and successful manner. The focus is on functional and tailored concepts and solutions, aligned with Annex A of ISO 27001 and ISO 27002. You will be equipped to "enter the negotiation ring" with your IT and other stakeholders to assess the effectiveness and appropriateness of particularly technical measures.

In the workshop, we primarily deal with the controls of Annex A of the standard and the practical implementation of ISO 27002. Due to the abundance of control variations, certain emphases are set and addressed. Individual questions from participants are thoroughly addressed. Limitation: Not all industry-specific questions can be answered within the scope of the workshop; participation does not replace targeted consulting or an audit review of your own ISMS.

This course can be attended (also independently) as a supplement to the course SC120 ISMS Implementation according to ISO 27001:2022. It is also of interest to participants of the course SC121 Update 2022 for ISO/IEC 27001 / 27002.

Target audience:

Members of operational security teams or governance
CISOs and decision-makers
ISMS officers
Auditors
Certification candidates

Prerequisites:

The workshop SC185 Practical Implementation of ISO 27001/27002 is suitable for all levels. Beginners to advanced participants can attend the course. No technical prerequisites are necessary, as the course provides detailed instruction on the technical fundamentals required to understand the requirements of the Annex of ISO 27001 and ISO 27002.

Description:

Most ISMS officers and auditors are familiar with this:
When it comes to bringing Annex A of ISO 27001 or 27002 to life, the question "What does the standard require?" quickly arises. The disappointment is usually great when the standard, in its generic language, provides hardly any concrete clues for practical implementation.

In the workshop SC185 Practical Implementation of ISO 27001/27002, you will learn from experienced information security consultants/CISOs how to handle Annex A of ISO 27001 and how it can be applied exemplarily.