Most direct purchasers of ISO 27001 training services don’t have the time to do the normal upfront due diligence to assess a service provider as they would normally do with any other type of service. The reason being is the reduced impact. That is to say, it only affects the purchaser who is also the consumer, or that of a small group.
So if one was to look objectively at an ISO 27001 training service provider, what are the things the purchaser should be looking for? Some of the things we recommend to clients who inquire with us are:
- Make sure the ISO 27001 training company employs active practitioners in the field. When you’re dealing with generalists, it may have been some time since they have been engaged in the topic. By engaging active participants in the industry, you will be assured to have not only expertise but practitioners with current knowledge of changes and implications.
- The next would be to make sure theirs ISO 27001 trainers have some type of validation as being a skilled adult educator. There are a lot of subject matter experts out there, but when it comes to communicating concepts and practices, they could leave you behind snoozing. You need an organization with trainers who go through screening and certification as a trainer specifically to make sure the trainer that will be leading your class has effective communication and engaging training skills.
- The next on our list is to make sure the ISO 27001 training organization and the training they provide is skills development focused. History has shown us that training designed to dump a lot of information in a short period of time in a "boot camp" style, may appear to offer value, but the information dissipates as time passes after completing the exam. A great example we hear a lot is, when the students get back to the office, they first and foremost have to focus on completing the SOX or PCI project they are already in the middle of. In about four to six months they will be kicking off their ISO 27001 program. Look for an ISO 27001 training company that offers training which includes practical exercises that allow you to apply the lessons being taught. It is a well-known fact that skills-based training has a much longer retention period, thus offers a greater value return to the student and training sponsor (employer).
- Having an ISO 27001 training engagement model is very important to avoid being “killed by PowerPoint,” so to speak. A training experience that changes it up, keeps the interest and attention of its audience. Trainers need to mix presentation and content from slides to video, open discussion, practical exercises, interactive polling, and other types of active engagement.
- One of the hidden needs of students subscribing to certified ISO 27001training is a commitment on behalf of the service provider. Too often professionals come to us after their original provider failed them by canceling a course due to low enrollment. Unfortunately, as practitioners, your availability to go on training tends to be dictated by lulls in your schedule or the rollout plan of an ISO 27001 program, not when others want to take training. As a result, when an ISO 27001 training provider cancels a course on you, you are the one still left to acquire the knowledge and skills.
Welcome to CIMA blog.