* Dual Certification Course *

Summary | Schedule | Who | Objectives | What You Get | Notes | Agenda | Exam


CISPM Cert Badge PrintThis Certified Information Security Program Manager (CISPM™) course is a three-day information packed learning experience leading to a dual certification including ISO 27001 Lead Implementer. It is designed to develop a level of competence to support the design, development, roll-out and maintenance of an organizational Information Security Program. Drawing upon best practices from ISO 27001, ISO 27002, ISO 27003, ISO 27017, students will learn the fundamental requirements to meet the expectations of ISO 27001 certification auditors.

To develop a well rounded understanding of the standard’s expectations, students will be familiarized with the supplementary guidance offered by the forum’s Information Security Program Framework, as well as ISO 27004, 27005, ISO 27034, ISO 27035, ISO 55000 and others.

Notes: this course is compatible with many ISO 27001 Lead Implementer course offerings, while offering broader depth.


The course will be offered as an intense three-day course at ISLF Chapter conferences. For specific dates and locations, please refer Events > 2017 Conferences > (available locations), from the main menu on our site.

Why ISLF Training

ISLF training was developed by experienced international certified instructors with years of implementation, audit, as well as, training development and delivery experience. The ISLF training program is unique in that the ISLF establishes the training and certification scheme, and the training material. How do we differ from other offerings you might find out on the market?

  • – We offer high-demand certification training at accessible prices
  • – Our training courses are based on an official study guide
  • – We minimize out of office time, by offering pre-course reading assignments, and allowing students to complete their exams fully online after the training, at the comfort of your own home or office.
  • – Courses are developed based on standards developed by the ISLF, which includes a course training standard (scheme) and exams.
  • – Our industry leading exam pass guarantee – If you don’t pass, you can attend another session of the course within the next 12 months for free to help you get prepared to rewrite the exam.
  • – Our instructors go through a rigorous screening and training process, resulting in the assignment of the credential as an ISLF Certified Instructors


Who Should Take This Course?

  • Information Security professionals and managers involved in any aspect of the development, roll-out or operational maintenance of an Information Security Management System (ISMS)
  • IT Managers and professionals, Project Managers, and consultants wanting to prepare and to support an organization in the implementation or maintenance of an Information Security Management System (ISMS)
  • Auditors who want to understand and be able to demonstrate competence in an Information Security Management System implementation
  • Persons responsible for information security or its conformity in an organization
  • Consultants looking to understand and support clients implementing and information security management system
  • Corporate / industrial / physical security specialists
  • Technical experts wanting to prepare for an Information Security function or for an ISMS project management function


Learning Objectives

  • Understand the application of an Information Security Program as prescribed by ISO 27001.
  • Master the concepts, approaches, standards, methods and techniques required for the effective management of an organizational Information Security Program
  • Understand the various sub-programs under an Information Security Program, and their interrelationships to establish a holistic enterprise information security programDevelop the expertise, to support an organization in the implementation, management and maintenance of an Information Security Program
  • Develop the expertise to manage a team that is implementing the ISO27001 standard


What You Get!

Students will receive:

  1. a copy of all slides presented during the class, packaged into an e-book;
  2. a certificate of completion awarding 27 Continuing Professional Development (CDP) units;
  3. A Student Information Package (SIP) with study tips and other helpful and insightful information for the course and exam; and
  4. An exam and certification application voucher.



  • Student are prohibited from recording (audio or video) any session(s), or portions of any session.
  • Prior to the course, students will be enrolled by their assigned instructor in the ISLF’s Learning Center and receive per-course reading assignments, where applicable. It will be assumed at the beginning of the course, any reading assigned has been completed.
  • All student material for this course will be provided in electronic format.


AgendaCourse Agenda

Day 1 -Introduction and Planning for an Information Security Management System (ISMS)

  • Introduction to management systems and the process approach
  • Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing information security management system based upon ISO 21827
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO 27001
  • Defining the scope of the ISMS
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management according to ISO 27005: identification, analysis and treatment of risk
  • Drafting the Statement of Applicability

Day 2- Implementing an ISMS based on ISO 27001

  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident management according to ISO 27035
  • Operations management of an ISMS
  • Monitoring the ISMS controls

Day 3- Program Oversight and Auditing an ISMS based on ISO 27001

    • Development of metrics, performance indicators and dashboards in accordance with ISO 27004
    • Internal Audit
    • Management review of the ISMS
    • Implementation of a continuous improvement program
    • Preparing for the ISO 27001 certification audit



Exams are administered and proctored online, following the training. Our online proctored exams are available 24 hours a day, seven (7) days week for your convenience. After the course is complete, you will receive information by e-mail explaining the online exam proctoring process and the web page to log in, as well as other relevant information. The exam must be taken within 30 days from the date of completion of the course.

Already ISO 27001 Implementer Certified? If you have an existing active certification with another recognized certification authority and would like to convert over to an ISLF certification, you may elect to challenge our exam for a free of $30 + $100 for your first year’s certification maintenance fee.

Have the experience but no training, and want to challenge the exam? If you already meet the certification experience criteria and want to challenge the exam, we’re happy to accommodate.  You can purchase an exam voucher and application fee and sit for an exam without taking the training. We strongly recommend, before taking this option, you purchase a copy of the course study guide and review it in detail.