ISO 27001 Training

The next ISO 27001 Training session starts soon. Register now and secure your spot!

Next Cohort: 23 e 24 de Abril

Time:: 9:30 – 13:00 (Mainland Portugal time)

Duration:: 2 mornings

Format: Online 

Investment:: €200 + VAT per person 

1.Introduction to ISO/IEC 27001:2022

Understand what has changed in the new version of the standard, why it matters, and how it fits into today’s organisational context.

2.Interpretation of the Standard’s Requirements 

Detailed analysis of the pillars that support an Information Security Management System (ISMS):

• Requirement 4 – Organisational Context
  How to align the ISMS with the organisation’s strategic objectives.

• Requirement 5 – Leadership
  The role of top management and its impact on the security culture.

• Requirement 6 – Planning
  Identification of risks, objectives, and strategic actions for information security.

• Requirement 7 – Support
  Resources, competencies, communication, and documentation essential to support the ISMS.

• Requirement 8 – Operation
  How to implement, control, and maintain security processes in day-to-day operations.

• Requirement 9 – Performance Evaluation
  Monitoring, analysis, and internal audits to ensure effectiveness.

• Requirement 10 – Improvement
  How to correct, adapt, and continuously improve the system.

3.Interpretation of Annex A Controls

Practical exploration of the standard’s four control groups:

• • • Organisational controls (5)
      Policies, roles, and processes that structure security at a strategic level.

    • People controls (6)
      Access management, training, and human responsibilities in protecting information.

    • Physical controls (7)
      Measures to protect the physical environment, devices, and physical access to information.

    • Technological controls (8)
      Technologies and practices that support digital security (firewalls, backups, encryption, etc.).

Carina Barbacena is a Consultant and Trainer at Strongstep, with expertise in implementing, auditing, and improving Integrated Management Systems, focusing on ISO 9001, ISO 14001, ISO 45001, and ISO 27001 standards.

With over a decade of professional experience, she has collaborated with organisations across various sectors to optimise processes, ensure regulatory compliance, and enhance organisational performance, developing approaches that combine operational efficiency with sustainability and continuous improvement.

She supports the structuring, monitoring, and auditing of Quality, Environment, Safety, and Information Security management systems, with a proven track record in:

• Conducting internal audits and preparing for certifications
• Implementing performance indicators (KPIs) and analysing operational data
• Drafting and reviewing normative procedures and organisational policies
• Monitoring legal requirements and compliance with international frameworks

Carina promotes practices aligned with principles of quality, operational excellence, regulatory compliance, good practice adoption, and continuous improvement.

Holding a degree in Sociology from ISCSP – University of Lisbon, she combines technical knowledge with organisational sensitivity, contributing to the strategic and sustainable development of companies in meeting international standards and market demands.