This training allows you to accelerate the process of implementing the standard ISO 27001 with the help of the concepts and approaches present in the RGPD.

The standard aims to assist organizations, regardless of their size or area of operation, in selecting appropriate and proportionate security controls for information security. Therefore, in order to support organizations through their business processes, this training enables the identification of weaknesses in terms of information security and the creation of an ISMS that takes their risks into account. At the end of the training, a certificate issued by Strongstep will be granted.

• Members of an information security team;
• Elements involved in implementing ISO 27001;
• Technical personnel involved in ISMS related operations;
• Auditors;
• CxO’s e Gestores Seniores de IT

• Know the principles and concepts of the GDPR;
• Know the principles and concepts of the RGPD;
• Map ISO 27001/RGPD;
• Implement the synergy of GDPR with ISO 27001

Knowledge of information security challenges, as well as knowledge of process improvement concepts. General computer and English knowledge. Knowledge of personal data and privacy.

• Introduction to the ISO/IEC 27000 family of standards;
• Introduction to management systems and the process approach;
• Fundamental principles of information security;
• General requirements: presentation of clauses 4 to 8 of ISO/IEC 27001;
• Implementation phases of the ISO/IEC 27001 framework;
• Continuous improvement of information security;
• Conducting an ISO/IEC 27001 certification audit;
• Principles and design of information security controls;
• Documentation of the information security controls environment;
• Monitoring and reviewing information security controls;
• Examples of Implementation of information security controls based on ISO/IEC 27002 best practices;
• RGPD and ISO/IEC 27001 mapping

Pedro Castro Henriques is the CEO and co-founder of Strongstep – Innovation in Software Quality. He was responsible for the IT department at ERS – Entidade Nacional de Regulação da Saúde in Portugal, where he managed the national system for the supervision of health entities. Worked at Ericsson (Q-Labs) on global process improvement and technology transfer support programs.

He has strong experience in process improvement and in the implementation and certification in software development quality (CMMI, ITMARK, AGILE, ASPICE, Industry 4.0, SCRUM, TSP / PSP) as well as in information security (Iso27001, GDPR & DPO). He has 15 years of experience as an executive and director in the consulting and technology businesses.

Pedro is a software engineering consultant and has worked in 12 countries (Europe, Africa and America) in process, tool and organization improvement, including consulting in software engineering, business strategy and information systems.