Develop Your Expertise in Information Security Management

ISO/IEC 27001 is an internationally recognised standard that describes the requirements of an Information Security Management System (ISMS). The ISMS helps organisations manage and protect their information assets so as to safeguard their confidentiality, integrity and availability. Apart from keeping organisations and their assets safe and secure, the knowledge in ISO/IEC 27001 helps individuals and teams continually review and refine the way of managing information security, not only for today, but also for the future.

ISO/IEC 27001 belongs to the ISO/IEC 27000 family that comprises standards and best practices on information security management, the management of information risks through information security controls within the context of the ISMS.

Gaining the understanding and accreditation of ISO/IEC 27001 demonstrates long-term commitment to existing and prospective customers that you are competent in leading your organisation to define, adopt and manage the worldwide recognised standards and best practices to safeguard your organisational assets. The benefits of ISO/IEC 27001 are summarised as:

  • Ensure the confidentiality, integrity and availability of assets are protected and safeguarded
  • Help your organisation protect information to minimise business disruptions
  • Reduce business risks and the likelihood of information security breaches, fines or prosecution
  • Improve trust and confidence in business relationship
  • Improve visibility of risks against key stakeholders
  • Show commitment to information security at all levels in your organisation
  • Help your organisation to comply with relevant legislations

What is the ISO/IEC 27001 certification?

PECB LogoISO/IEC 27001 (Information Security Management Systems) is an international standard that helps organisations ensure that information assets are kept safe and secure by building an information infrastructure against the risk of loss, damage or any other threat to missional-critical assets. The ISO/IEC 27001 certification can prove individuals and organisations to be capable of managing information security in a proper and efficient manner. This provides you and your organisation with competitive advantages, enhanced communications among staff members, key stakeholders and internal and external service suppliers, and improved alignment of information security policies with the vision, missions and objectives of your organisations.

Target Audience

The ISO/IEC 27001 certification is designed for candidates:

  • who are senior managers or senior consultants responsible for the ISMS of an enterprise;
  • who are portfolio managers, programme managers, project manager or senior consultants responsible for managing and/or mastering the implementation process of an ISMS;
  • who are auditors responsible for performing and leading the audit process of an Information Security Management System (ISMS);
  • who are staff members responsible for information security activities in the organisation;
  • who are team members of information security, risk management, legal and compliance, governance and controls or relevant departments in the organisations; or
  • who are experts responsible for providing advice about information security management.

Course Outline

ISO/IEC 27001 Introduction

PECB ISO/IEC 27001 Introduction

This one-day course enables participants to be familiar with the basic concepts of the implementation and management of an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013. The participants will learn the different components of an ISMS, including the ISMS policy, risk management, performance measurement, management's commitment, internal audit, management review and continual improvement.

  • Introduction to the ISO/IEC 27000 family
  • Introduction to management systems and the process approach
  • General requirements about the Clauses 4 to 8 of ISO/IEC 27001
  • Implementation phases of the ISO/IEC 27001 framework
  • Introduction to risk management according to ISO/IEC 27005
  • Continual improvement of information security
  • Description of conducting an ISO/IEC 27001 certification audit

ISO/IEC 27001 Foundation

PECB ISO/IEC 27001 Foundation

This two-day course enables participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001, as well as the best practices for implementing information security controls in the domains of the ISO/IEC 27002.

  • All the concepts covered in the ISO/IEC 27001 Introduction course
  • Concepts of the Information Security Management System (ISMS) as required by ISO/IEC 27001
  • Description of implementing information security controls according to ISO/IEC 27002
  • ISO/IEC 27001 Foundation exam, covering 2 domains:
    • Domain 1: Fundamental principles and concepts and information security
    • Domain 2: Information Security Management System (ISMS)

ISO/IEC 27001 Lead Auditor

PECB ISO/IEC 27001 Lead Auditor

This five-day intensive course enables participants to develop the knowledge and skills necessary to audit an Information Security Management System (ISMS) as specified in ISO/IEC 27001 and to manage a team of auditors by applying widely recognised audit principles, procedures and techniques.

Day 1: Concepts of Information Security Management System (ISMS) as required by ISO/IEC 27001

  • Normative, regulatory and legal framework related to information security
  • Fundamental principles of information security
  • The ISO/IEC 27001 certification process
  • Detailed presentation of the clauses of ISO/IEC 27001

Day 2: Planning and Initiating an ISO/IEC 27001 Audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and on risk
  • Preparation of an ISO/IEC 27001 certification audit
  • Documenting of an ISMS audit

Day 3: Conducting an ISO/IEC 27001 Audit

  • Communication during the audit
  • Audit procedures observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
  • Drafting test plans
  • Formulation of audit findings, drafting of non-conformity reports

Day 4: Concluding and Ensuring the Follow-up of an ISO/IEC 27001 Audit

  • Audit documentation
  • Conducting a closing meeting and conclusion of an ISO/IEC 27001 audit
  • Evaluation of a corrective action plans
  • ISO/IEC 27001 surveillance audit and audit management program

Day 5: Certification Exam

The ISO/IEC 27001 Lead Auditor exam covers the following domains:

  • Domain 1: Fundamental principles and concepts of Information Security
  • Domain 2: Information Security Management System (ISMS)
  • Domain 3: Fundamental audit concepts and principles
  • Domain 4: Preparation of an ISO/IEC 27001 audit
  • Domain 5: Conduct of an ISO/IEC 27001 audit
  • Domain 6: Closing an ISO/IEC 27001 audit
  • Domain 7: Managing an ISO/IEC 27001 audit program

ISO/IEC 27001 Lead Implementer

PECB ISO/IEC 27001 Lead Implementer

This five-day intensive course enables participants to develop the knowledge and skills necessary to support an organisation in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001. Participants will also be given a thorough grounding in best practices used to implement information security controls from all areas of ISO/IEC 27002.

Day 1: Concepts of Information Security Management System (ISMS) as required by ISO/IEC 27001 and Initiating an ISMS

  • Introduction to management systems and the process approach
  • Presentation of the ISO/IEC 27000 family and regulatory framework
  • Fundamental principles of information security
  • Preliminary analysis and determining the level of maturity based on ISO/IEC 21827
  • Writing a business case and a project plan for the implementation of an ISMS

Day 2: Planning the Implementation of an ISMS based on ISO/IEC 27001

  • Defining the scope of an ISMS
  • Drafting an ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (based on ISO/IEC 27005)
  • Drafting the statement of applicability

Day 3: Implementing an ISMS based on ISO/IEC 27001

  • Implementation of a document management framework
  • Design of and implementation of controls
  • Information security training, awareness and communication program
  • Incident management (drawing on guidance from ISO/IEC 27005)
  • Operations management of an ISMS

Day 4: Control, Monitoring and Measuring an ISMS and the Certification Audit of an ISMS in accordance with ISO/IEC 27001

  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and dashboards in accordance with ISO/IEC 27004
  • ISO/IEC 27001 internal audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO/IEC 27001 certification audit

Day 5: Certification Exam

The ISO/IEC 27001 Lead Implementer exam covers the following domains:

  • Domain 1: Fundamental principles and concepts of Information Security
  • Domain 2: Information Security Control Best Practice based on ISO/IEC 27002
  • Domain 3: Planning an ISMS based on ISO/IEC 27001
  • Domain 4: Implementing an ISMS based on ISO/IEC 27001
  • Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO/IEC 27001
  • Domain 6: Continual improvement of an ISMS based on ISO/IEC 27001
  • Domain 7: Preparation for an ISMS certification audit

ISO/IEC 27001 Exam Format

 ISO/IEC 27001 FoundationISO/IEC 27001 Lead AuditorISO/IEC 27001 Lead Implementer
Question TypeEssay; short and long questionsEssay; short and long questionsEssay; short and long questions
No. of Questions41212
Duration60 minutes3 hours3 hours
Passing Score (%)70%70%70%

Requirements for ISO/IEC 27001

Participant(s) can apply for the ISO/IEC 27001 certification(s) if the following requirements are fulfilled.

CredentialExamProfessional ExperienceManagement System Audit / Assessment ExperienceISMS Project ExperienceOther Requirements
ISO/IEC 27001 FoundationPECB Certified ISO/IEC 27001 Foundation Exam or equivalentNoneNoneNoneSigning the PECB code of ethics
ISO/IEC 27001 Provisional AuditorPECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalentNoneNoneNoneSigning the PECB code of ethics
ISO/IEC 27001 AuditorPECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalentTwo years: One year of information security work experienceAudit activities totalling 200 hoursNoneSigning the PECB code of ethics
ISO/IEC 27001 Lead AuditorPECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalentFive years: Two years of information security work experienceAudit activities totalling 300 hoursNoneSigning the PECB code of ethics
ISO/IEC 27001 Provisional ImplementerPECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalentNoneNoneNoneSigning the PECB code of ethics
ISO/IEC 27001 ImplementerPECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalentTwo years: One year of information security work experienceNoneProject activities totalling 200 hoursSigning the PECB code of ethics
ISO/IEC 27001 Lead ImplementerPECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalentFive years: Two years of information security work experienceNoneProject activities totalling 300 hoursSigning the PECB code of ethics
ISO/IEC 27001 MasterPECB Certified ISO/IEC 27001 Lead Auditor Exam or equivalent and PECB Certified ISO/IEC 27001 Lead Implementer Exam or equivalentTen years: Six years of information security work experienceAudit activities totalling 500 hoursProject activities totalling 500 hoursSigning the PECB code of ethics

"The whole is more than the sum of its parts."

~ Aristotle

CONNECT WITH US