ISO/IEC 27001:2022 Information Security Management System (ISMS) - Implementation

Organizations are increasingly aware of the value of their business-critical information and the need to protect their information related assets. An Information Security Management System (ISMS) is based on risk management approach to maintain the confidentiality, integrity and availability of the organization’s information.

ISO/IEC 27001:2022 Information Security Management System (ISMS) - Requirements - specifies requirements for the establishment, implementation, monitoring, review, maintenance and improvement of a management system for managing an organization’s information security risks.

This three-day course leads you through the requirements specified in ISO/IEC 27001:2022 for implementing ISMS. These include modules from understanding your organization, scoping your ISMS, assessing and evaluating risks and building security awareness program for your organization. You will also learn practical risk assessment guided by case study example in conducting a risk assessment.

This program defines the requirements to implement the ISO/IEC 27001:2022 Information Security Management System (ISMS). The course is designed to ensure information security management within your organization and the right way to review, monitor, operate, and improve information security. This helps you to protect organization's information and give confidence to any interested parties, especially your customers.


  1. ISMS Implementors
  2. ISMS Consultants
  3. IT Managers/Personnel
  4. Information Security Practitioners
  5. Individual who needs to acquire and develop specific knowledge and skills in implementing the ISMS based on ISO/IEC 27001:2013

Introduction to ISMS

  1. What is Information Security
  2. What is Information Security Management Systems (ISMS)
  3. ISMS Family of Standards
  4. ISO/IEC 27001:2022
  5. ISO/IEC 27002:2022
  6. Critical Success Factor
ISMS Establishment
  1. Standards Relevant to ISMS
  2. Trainings Relevant to ISMS
  3. Gap Analysis
  4. Context of the organization
  5. ISMS Scope
  6. Information Security Objectives
  1. Management Commitment
  2. Information Security Policy
  3. Roles and Responsibilities
ISMS Risk Assessment
  1. Introduction to Information Security Risk Management
  2. Standards Relevant for Risk Management
  3. Risk Assessment Process
  4. Risk Treatment Process
  5. Controls Determination
  6. Risk Treatment Plan (RTP)
  7. Residual Risk
  1. Resources
  2. Competence
  3. Awareness
  4. Communication
Documented Information
  1. What is Documented Information
  2. Control of Documented Information
  3. Mandatory Documented Information
  4. Other Required Documented Information
Performance Evaluation
  1. Monitoring, Measurement, Analysis and Evaluation
  2. Internal Audit
  3. Management review
ISMS Improvement
  1. Nonconformity
  2. Corrective Action
  3. Continual Improvement
Group Activities and Case Studies

Ts. Sabariah Binti Ahmad
Head of Department
Information Security Management & Assurance
CyberSecurity Malaysia

Sabariah Ahmad has 27 years of working experience in Information Security. She is currently with CyberSecurity Malaysia, who is responsible in implementing Information Security Management System (ISMS), maintaining ISO/IEC 27001 ISMS certification for CyberSecurity Malaysia, ensuring CyberSecurity Malaysia survivability and resiliency through business preparedness and continuity management as well as delivering services related to information security governance, risk management and compliance (GRC).

She is currently in the working group for WG/G/5-1 information security management system (ISMS). This working group is under Industry Standards Committee on Information Technology, Communications and Multimedia (ISC G) – national mirror committee overseeing national and international standardisation activities in the field of IT, communications and multimedia.

Sabariah Ahmad holds a Bachelor’s Degree in Computer Science from Utah State University, Logan, Utah, USA in 1993. She is a certified ISO/IEC 27001 Information Security Management Systems (ISMS) and ISO/IEC 22301 Business Continuity Management Systems (BCMS) Lead Auditor, Associate Business Continuity Professional (ABCP), Governance, Risk and Compliance (CGRC) and GIAC Security Essential Certification (GSEC). She is also a member of the Malaysia Board of Technologists (MBOT) and ISACA.

Pn. Ida Rajemee Bt Ramlee
Information Security Management & Assurance
CyberSecurity Malaysia

Ida Rajemee Bt Ramlee holds a Bachelor’s degree in Computer Science from University Science of Malaysia (USM), Malaysia. She started her career as a software engineer and later in system development and administration before joining CyberSecurity Malaysia in 2007.

She is part of the Information Security Management System (ISMS) team responsible for the internal ISMS implementation within CyberSecurity Malaysia. Her involvement ranges throughout the whole phases of ISMS implementation. She is also involved in audit activities for ISMS certification under CyberSecurity Malaysia ISMSCB scheme.

Ida Rajemee is an Associate Business Continuity Professional (ABCP) by the DRI International. She is also an alternate member for the Malaysian Technical Committee on Risk Management and a member of the Information Security Professional Association of Malaysia (ISPA). She is a certified ISO/IEC 27001 Information Security Management Systems (ISMS) and ISO/IEC 22301 Business Continuity Management Systems (BCMS) Lead Audit, Associate Business Continuity Professional (ABCP), Professional in Critical Infrastructure Protection (PCIP), Governance, Risk and Compliance (CGRC) and PSMB (HRDF) Certified Trainer.

Disclaimer: Trainer selection are subject to availability.


  • 21 - 23 February 2023
  • 1 - 3 August 2023
  • 28 - 30 November 2023
*dates are tentative, unless specified

MYR3,500.00 (subject to 8% SST)

Please click here to register

Contact us to request for a quotation

18 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at


Have any inquiries? Check out the FAQ