ISO/IEC 27001 Training
Maintain robust information security that safeguards your organisation against risk.
ISO/IEC 27001 is the international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).
The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.
An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.
ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.
Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.
The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements
The ISO/IEC 27001 Foundation certification is aimed at those who are:
- Supporting the implementation, operation or maintenance of an Information Security Management System (ISMS) within an organization.
- Required to audit an Information Security Management System (ISMS) and to have a basic understanding of the standard.
- Working within an organization with an Information Security Management System (ISMS), whether the organization is already certified or is considering certification to the ISO/IEC 27001 standard.
- Preparing for the ISO/IEC 27001 Practitioner – Information Security Officer qualification.
The ISO/IEC 27001 Foundation course covers :
- The scope and purpose of ISO/IEC 27001 and how it can be used.
- The key terms and definitions used in the ISO/IEC 27000 series.
- The fundamental requirements for an Information Security Management System (ISMS) in ISO/IEC 27001 and the need for continual improvement.
- The processes, their objectives and high-level requirements.
- Applicability and scope definition requirements.
- Use of controls to mitigate Information Security risks.
- The purpose of internal audits and external certification audits, their operation and the associated terminology.
- The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.
This course is delivered online as a virtual instructor-led training (VILT) course and is also available in a self-paced, e-learning format too.
About the ISO/IEC 27001 Foundation Exam
The ISO/IEC 270001 Foundation exam is a multiple-choice format exam. There are 50 questions per paper, 1 mark per question. The pass mark is 50% (25 marks or more required to pass (out of 50 available). The exam takes 40 minutes. The exam is closed book.
The ISO/IEC 27001 Practitioner course will teach you how to apply the standard to enable the management of information security.
A minimum requirement for attendance is one of the following:
- APMG ISO/IEC 27001 Foundation certificate.
- TÜV SÜD ISO27001 Foundation certificate.
- ICO-CERT ISMS 27001 Foundation certificate.
The ISO/IEC 27001 Practitioner qualification is aimed at those who are:
- Internal managers and personnel working to implement, maintain and operate an Information Security Management System (ISMS) within an organization.
- External consultants supporting an organization’s implementation, maintenance and operation of an Information Security Management System (ISMS).
- Internal auditors who are required to have an applied knowledge of the standard.
In the ISO/IEC 27001 Practitioner course you will learn how to:
- Apply the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context.
- Apply the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
- Analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement.
- Analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS.
- Create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001.
- Identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001.
About the ISO/27001 Practitioner Exam:
The exam is an open book, objective testing multiple-choice exam. Each paper comprises 4 questions with 20 marks available per question. A pass mark is 50% (ie 40 out the total 80 marks available). The exam duration is 2½ hours.
APM Group International launched the ISO/IEC 27001 Auditor qualification in 2020. This qualification certifies your expertise in performing audits against the ISO 27001 standard.
This course is aimed at:
- Third-party auditors working for Certification Bodies, responsible for conducting audits which certify organizations against ISO 27001 and ISO 19011.
- Internal auditors seeking to understand the specific requirements of auditing Information Security Management Systems needed to confirm that an organization conforms to the ISO 27001 or ISO 19011 standard.
The ISO/IEC 27001 Auditor course covers:
- How to audit organizations to identify conformity with ISO 27001.
- How to evaluate the principles of risk management – including risk identification, analysis and evaluation.
- How to propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
- Leading organizations through an audit program.
- Directing audit teams.
- Evaluating the effectiveness of applied corrective actions to maintain ISMS conformity with ISO 27001.
About the ISO/IEC 27001 Auditor Exam:
The exam will be a 2 hour duration open book, multiple choice exam. Each paper will comprise 40 questions for 1 mark each. A mark of 50% (20 of the available 40 marks) will be required to pass.
