Corporate Security Policy Design Workshop

Course Description

The value of information and the recent high-level information security violations created a constantly growing need for protecting all sorts of information at organizations. Information Security Management System (ISMS) is a management system for ensuring the security of an organization’s valuable and sensitive information.

The objective of this training is to inform the participants for the development of the main Information Security policy, the initial building block of ISMS practices that fulfill the requirements of ISO 17799 (now called ISO 27002) and that meet the certification criteria of ISO 27001:2005, if desired, and to have the participants develop the information security policy in accordance with the ISO 27001 standard following the workshop.

The program consists of practical implementation rather than theoretical ones and of the implementation of an actually small ISMS with a specific methodology.

Who Should Attend

The Project Team assigned with the establishment of the Information Security Management System, Information Security Team.


During the workshop, participants will learn how to formulate the Information Security policy rapidly, accurately and efficiently. They will work on draft documents during the training, and prepare a number of policies on the basis of case studies, which will be distributed to participants at the end of the training.

Training Structure

  • Why is it important to customize the Policies regarded as the Constitution of the Corporate Governance System (CGS) according to the company?
  • Necessity and origin of policies
  • How should things be according to ISO 27001?
  • Important considerations for documentation
  • Policy updates and responsibility
  • Development of a sample main policy

Training Duration

1 day