Way We Do's Cyber Complete for ISO27001 Information Security Management (ISMS)

Unlock your path to cyber security excellence with weekly support! Join Way We Do’s Cyber Complete, a 20-week program designed to fast-track your ISO27001 implementation and certification goals.

Let our expert instructors guide you through a weekly 2-hour masterclass, complete with best-practice templates in Way We Do, to craft an Information Security Management System (ISMS) tailored just for you. At the end of this transformative journey, your organization will be ‘Certification-Ready’ for ISO27001, primed for a successful audit by a 3rd party.

Book a meeting nowNext round starts: TBC
Book a meeting to access your Pre-Season Tasks!

What’s included?

  • 20 x 2-hour weekly training sessions led by a live instructor — so you can ask questions and be supported through your ISO27001 journey.
  • 100+ policy, process, and procedure templates — for ease of implementation and provision of best practices. Use Way We Do AI to quickly customize to your needs.
  • A Way We Do account with 1 x Goals and Controls board – your SOP Software solution to manage your ISMS governance (for new subscribers, 5-month subscription).
  • Guided requirements for the organization to implement with your IT provider
  • Weekly cohort accountability sessions

Who is Cyber Complete for?

  • CEOs, CTOs, founders, compliance and other business managers
  • IT Service Providers to help their clients implement ISO27001 international standards
  • Administrators who will support the ISMS management team

Benefits of attending Way We Do’s Cyber Complete ISO27001 program…

  1. Structured Learning: The five-month program is designed to give participants a comprehensive understanding of information security management, breaking down the complex ISO27001 standard into digestible modules.
  2. Time-Efficiency: With the heavy lifting done for you, you can achieve certification readiness much faster than going it alone.
  3. Expert Guidance: The program is led by professionals who provide real-world insights and best practices.
  4. Audit Preparedness: The curriculum is designed to make organizations ready for Stage 1 audits by a third-party auditor, minimizing stress and increasing the likelihood of a successful audit.
  5. Hands-On Approach: The program includes practical exercises and assessments, ensuring that you not only understand the theory but can also apply your knowledge effectively.
  6. Resource Savings: With a clear roadmap, businesses can better allocate resources and budget, saving time and money in the long run.

Cyber Complete program topics...

  • TEST

    ISMS Management & Governance

    Setting up your information security management system

    In the first month of Way We Do's Cyber Complete program, participants will dive into the fundamentals of the ISO27001 Information Security Management System (ISMS).

    Key Implementation Outcomes:

    1. Context and Leadership: Understand your organization's security landscape and the leadership roles in ISMS.

    2. Security Policies: Learn how to draft policies that support your security goals.

    3. Risk Assessment: Gain skills in evaluating risks and opportunities related to information security.

    4. Statement of Applicability: Create a statement outlining which ISMS controls are relevant to your organization.

    5. Resourcing, Training and Communication: Learn how to allocate resources, deliver information security awareness training, and communicate ISMS importance within the organization.

    6. Operational Planning: Draft an actionable plan for ISMS implementation and implementing change management practices.

    7. Performance Evaluation: Understand metrics for monitoring ISMS effectiveness and conducting a management review.

    8. Continual Improvement: Learn the basics of updating and refining your ISMS, and implementing preventive and corrective action (CAPA).

    By month's end, you’ll have the foundational knowledge to implement or enhance your organization’s ISMS, setting the stage for ISO27001 certification.

  • Cyber Complete Month 2

    Organizational Controls

    Keeping your info security rules current and following all important laws.

    In the second month of Way We Do's Cyber Complete program, participants will delve deeper into the ISO27002 framework, specifically focusing on Organizational Controls.

    Key Implementation Outcomes:

    1. Policy Framework: Create and implement policies tailored for information security per ISO27002 guidelines.

    2. Roles and Responsibilities: Understand the distinct roles and responsibilities tied to information security, as well as the importance of segregating duties.

    3. Stakeholder Communication: Learn about effective communication with authorities and special interest groups, including threat intelligence gathering.

    4. Project Management: Integrate information security best practices within project management workflows.

    5. Inventory Management: Learn how to maintain an organized inventory of information and other associated assets.

    6. Information Classification: Grasp the concepts behind the classification and labeling of sensitive information.

    7. Access and Identity Management: Dive into access controls, identity management, and authentication protocols.

    8. Supplier Relationships: Cover security considerations in supplier agreements, ICT supply chain, and cloud services, along with monitoring and change management.

    9. Incident Response: Understand how to plan for, assess, and respond to information security incidents.

    10. Legal and Compliance: Address legal, statutory, and contractual obligations, including intellectual property rights and protection of PII.

    11. Independent Review and Compliance: Learn to conduct independent reviews and ensure ongoing compliance with information security policies.

    By the end of Month 2, participants will have a well-rounded understanding of Organizational Controls as per the ISO27002 framework, positioning them closer to achieving ISO27001 certification.

  • Cyber Complete Month 3

    People Controls

    Mastering the 'people aspect' of information security, from pre-employment screening to remote work

    In month 3, Way We Do's Cyber Complete program zeroes in on ISO27002's People Controls. Participants will learn the essentials of human-centric information security management.

    Key Implementation Outcomes:

    1. Screening and Employment Terms: Learn the best practices for pre-employment screening and crafting terms of employment that prioritize information security.

    2. Security Training and Awareness: Gain insights into creating effective information security awareness programs and training modules.

    3. Disciplinary Process: Understand how to implement disciplinary measures for information security violations.

    4. Post-Employment Responsibilities: Cover the essential security responsibilities employees have after termination or role change.

    5. Confidentiality Agreements: Grasp the importance and structure of non-disclosure agreements in safeguarding information.

    6. Remote Working: Learn the do's and don’ts of maintaining information security while working remotely.

    7. Event Reporting: Understand the protocols for reporting information security events effectively.

    By the end of Month 3, participants will have the skills to manage the 'people aspect' of information security, enhancing the organizational posture towards achieving ISO27001 certification.

  • Cyber Complete Month 4

    Physical Controls

    Covering everything from facility access to equipment disposal.

    Month 4 of the program delves into the realm of Physical Controls under the ISO27002 framework, focusing on safeguarding your organization's tangible assets.

    Key Implementation Outcomes:

    1. Perimeter and Entry: Learn how to establish and secure physical security perimeters and control physical entry.

    2. Facility Security: Understand the best practices for securing offices, rooms, and other facilities.

    3. Monitoring and Threats: Gain insights into physical security monitoring and protecting against environmental threats.

    4. Secure Areas: Explore the guidelines for working securely within designated areas.

    5. Desk and Screen Policies: Understand the importance of clear desk and clear screen policies.

    6. Equipment Siting: Learn about the optimal placement and protection of hardware.

    7. Off-Premises Security: Master the security of assets located off the organizational premises.

    8. Media and Utilities: Get acquainted with secure storage media handling and the role of supporting utilities.

    9. Cabling and Maintenance: Understand cabling security and regular equipment maintenance protocols.

    10. Equipment Disposal: Learn how to securely dispose or repurpose old equipment.

    By the end of Month 4, participants will be well-versed in managing the physical aspects of information security, taking another crucial step toward ISO27001 certification.

  • Cyber Complete Month 5

    Technological Controls

    Using software, hardware, and best practice solutions to protect an organization's information assets.

    In Month 5, the program shifts its focus to Technological Controls as outlined in the ISO27002 framework. This module dives deep into the technology-based aspects that safeguard an organization's information assets.

    Key Implementation Outcomes:

    1. Endpoint Security: Learn best practices for securing user endpoint devices.

    2. Access Management: Understand privileged access rights and information access restrictions, including source code.

    3. Authentication and Capacity: Master secure authentication techniques and capacity management.

    4.Malware and Vulnerabilities: Get insights into protection against malware and managing technical vulnerabilities.

    5. Configuration and Data Management: Cover the basics of configuration management, data masking, and information deletion.

    6. Networks and Services: Dive into network security, including segregation of networks and web filtering.

    7. Cryptography: Understand the usage of cryptography in safeguarding information.

    8. Software Development: Learn about secure development life cycles, application security requirements, and secure coding practices.

    9. Testing and Environments: Understand security testing in various development stages and the separation of development, test, and production environments.

    10. Change and Audit Management: Tackle change management and protection measures during audit testing.

    By the end of Month 5, participants will not only possess an in-depth understanding of the technological controls essential for robust information security, but will also be primed and ready for their Stage 1 audit, setting the stage for successful ISO27001 certification.

Way We Do's Cyber Complete ISO27001 Training Program

We've done all the heavy lifting, so you don't have to!

Unlock ISO27001 Certification with Way We Do’s Cyber Complete: Your Five-Month Journey from Information Security Basics to Audit-Ready Expertise. Secure your organization’s future today and get ready to grow!

Book a meeting to discuss more

Have questions?