ISO/IEC 27001 Information Security Management Systems – Training Courses
What is ISO/IEC 27001?
ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.
Why is Information Security important for you?
ISO/IEC 27001 assists you to understand the practical approaches that are involved in the implementation of an Information Security Management System that preserves the confidentiality, integrity, and availability of information by applying a risk management process. Therefore, implementation of an information security management system that complies with all requirements of ISO/IEC 27001 enables your organizations to assess and treat information security risks that they face.
Certified ISO/IEC 27001 individuals will prove that they possess the necessary expertise to support organizations implement information security policies and procedures tailored to the organization’s needs and promote continual improvement of the management system and organizations operations.
Moreover, you will be able to demonstrate that you have the necessary skills to support the process of integrating the information security management system into the organization’s processes and ensure that the intended outcomes are achieved.
Benefits of ISO/IEC 27001 Information Security Management
PECB ISO/IEC 27001 Certificate will prove that you have:
- Obtained the necessary expertise to support an organization to implement an Information Security Management System that complies with ISO/IEC 27001
- Understood the Information Security Management System implementation process
- Provide continual prevention and assessments of threats within your organization
- Higher chances of being distinguished or hired in an Information Security career
- Understood the risk management process, controls, and compliance obligations
- Acquired the necessary expertise to manage a team to implement an ISMS
- The ability to support organizations in the continual improvement process of their Information Security Management System
- Gained the necessary skills to audit organization’s Information Security Management System
ISO/IEC 27001 Introduction training course enables participants to get introduced to the basic concepts and elements of an information security management system (ISMS) based on ISO/IEC 27001.
Why Should You Attend?
ISO/IEC 27001 Introduction training course provides information that will help participants understand the fundamental concepts and principles of information security. The training course provides an overview of the main requirements of ISO/IEC 27001 for implementing an ISMS and the main steps to prepare for the certification audit.
By the end of the ISO/IEC 27001 Introduction training course, participants will be equipped with knowledge regarding an ISMS and its importance.
Who Should Attend?
This training course is intended for:
- Personnel responsible for managing information security in an organization
- Professionals and consultants seeking to gain knowledge about the main requirements of ISO/IEC 27001 for an ISMS
Learning Objectives
By the end of this training course, the participants will be able to:
- Understand the main concepts and principles related to information security
- Understand the structure and elements of an ISMS based on ISO/IEC 27001
Educational approach
- The training course contains essay-type exercises and multiple-choice quizzes.
- Participants are encouraged to communicate and engage in discussions and the completion of quizzes and exercises.
Prerequisites
There are no prerequisites to participate in this training course.
Course agenda
Day 1: Introduction to information security management system (ISMS) concepts based on ISO/IEC 27001
General Information
- Participants will be provided with training course materials containing over 100 pages of information and practical examples.
- An attestation of course completion worth 7 CPD (Continuing Professional Development) credits will be issued to participants who have attended the training course.
Why should you attend?
Who should attend?
- Managers and consultants seeking to know more about information security
- Professionals wishing to get acquainted with ISO/IEC 27001:2022 requirements for an ISMS
- Individuals engaged in or responsible for information security activities in their organization
- Individuals wishing to pursue a career in information security
Learning objectives
- Describe the main information security management concepts, principles, and definitions
- Explain the main ISO/IEC 27001:2022 requirements for an information security management system (ISMS)
- Identify approaches, methods, and techniques used for the implementation and management of an ISMS
Educational approach
- Lecture sessions are illustrated with practical questions and examples
- Practical exercises include examples and discussions
- Practice tests are similar to the Certificate Exam
Prerequisites
None
Course agenda
Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27001:2022
Day 2: Information Security Management System requirements and Certificate Exam
Examination
The exam fully meets the requirements of the PECB Examination and Certificate Program. It covers the following competency domains:
Domain 1: Fundamental principles and concepts of an Information Security Management System (ISMS)
Domain 2: Information Security Management System (ISMS)
For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certificate requirements
First, a candidate needs to complete the PECB ISO/IEC 27001:2022 Foundation training course. Then, they need to take the exam and after successfully passing the exam, candidates will be able to apply for the “PECB Certificate Holder in ISO/IEC 27001:2022 Foundation” certificate. This is an entry-level credential.
There are no prerequisites on professional or management system project experience required. Thus, following the training course, passing the exam and applying for the certificate are the only certificate program requisites that certificate holders shall meet before obtaining the certificate.
For more information, please refer to the Certification Rules and Policies.
General information
- Certificate and examination fees are included in the price of the training course
- Training material containing over 200 pages of information and practical examples will be distributed
- An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course
- In case of exam failure, you can retake the exam within 12 months for free.
Training Course Overview
ISO/IEC 27001 Lead Implementer training course enables participants to acquire the knowledge necessary to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an information security management system (ISMS).
Why Should You Attend?
Information security threats and attacks increase and improve constantly. The best form of defense against them is the proper implementation and management of information security controls and best practices. Information security is also a key expectation and requirement of customers, legislators, and other interested parties.
This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After attending the training course, you can take the exam. If you successfully pass it, you can apply for a “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which demonstrates your ability and practical knowledge to implement an ISMS based on the requirements of ISO/IEC 27001.
Who can Attend?
- Managers or consultants involved in and/or concerned with the implementation of an information security management system in an organization
- Project managers, consultants, or expert advisers seeking to master the implementation of an information security management system; or individuals responsible to maintain conformity with the ISMS requirements within an organization
- Members of the ISMS team
Learning objectives
By the end of this training course, the participants will be able to:
- Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
- Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an implementer
- Initiate and plan the implementation of an ISMS based on ISO/IEC 27001, by utilizing PECB’s IMS2 Methodology and other best practices
- Support an organization in operating, maintaining, and continually improving an ISMS based on ISO/IEC 27001
- Prepare an organization to undergo a third-party certification audit
Educational approach
- This training course contains essay-type exercises, multiple-choice quizzes, examples, and best practices used in the implementation of an ISMS.
- The participants are encouraged to communicate with each other and engage in discussions when completing quizzes and exercises.
- The exercises are based on a case study.
- The structure of the quizzes is similar to that of the certification exam.
Prerequisites
The main requirement for participating in this training course is having a general knowledge of the ISMS concepts and ISO/IEC 27001.
Course agenda
Day 1: Introduction to ISO/IEC 27001 and initiation of an ISMS
Day 2: Planning the implementation of an ISMS
Day 3: Implementation of an ISMS
Day 4: ISMS monitoring, continual improvement, and preparation for the certification audit
Day 5: Certification exam
Examination
The “PECB Certified ISO/IEC 27001 Lead Implementer” exam meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:
Domain 1: Fundamental principles and concepts of an information security management system (ISMS)
Domain 2: Information security management system (ISMS)
Domain 3: Planning an ISMS implementation based on ISO/IEC 27001
Domain 4: Implementing an ISMS based on ISO/IEC 27001
Domain 5: Monitoring and measurement of an ISMS based on ISO/IEC 27001
Domain 6: Continual improvement of an ISMS based on ISO/IEC 27001
Domain 7: Preparing for an ISMS certification audit
For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certification
After successfully passing the exam, you can apply for one of the credentials shown below. You will receive the certificate once you comply with all the requirements related to the selected credential. For more information about ISO/IEC 27001 certifications and the PECB certification process, please refer to the Certification Rules and Policies.
Note: PECB certified individuals who possess Lead Implementer and Lead Auditor credentials are qualified for the respective PECB Master credential, given that they have taken four additional Foundation exams related to this scheme. More detailed information about the Foundation exams and the Master credential requirements can be found here.
The ISMS project experience should follow best implementation practices and include the following activities:
- Drafting an ISMS implementation business case
- Managing an ISMS implementation project
- Implementing an ISMS
- Managing documented information
- Implementing metrics
- Implementing corrective actions
- Performing a management review
- Managing an ISMS performance
- Managing an ISMS team
General information
- Certification and examination fees are included in the price of the training course
- Participants will be provided with the training course material containing over 450 pages of explanatory information, examples, best practices, exercises, and quizzes.
- An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- In case candidates fail the exam, they can retake it within 12 months following the initial attempt for free.
ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.
Why should you attend?
During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.
After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Auditor” credential. By holding a PECB Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices.
Who can attend?
- Auditors seeking to perform and lead information security management system (ISMS) audits
- Managers or consultants seeking to master the information security management system audit process
- Individuals responsible to maintain conformity with the ISMS requirements in an organization
- Technical experts seeking to prepare for the information security management system audit
- Expert advisors in information security management
Learning objectives
By the end of this training course, the participants will be able to:
- Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
- Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor
- Evaluate the ISMS conformity to ISO/IEC 27001 requirements, in accordance with the fundamental audit concepts and principles
- Plan, conduct, and close an ISO/IEC 27001 compliance audit, in accordance with ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other best practices of auditing
- Manage an ISO/IEC 27001 audit program
Educational approach
- This training is based on both theory and best practices used in ISMS audits
- Lecture sessions are illustrated with examples based on case studies
- Practical exercises are based on a case study which includes role playing and discussions
- Practice tests are similar to the Certification Exam
Prerequisites
A fundamental understanding of ISO/IEC 27001 and comprehensive knowledge of audit principles.
Course agenda
Day 1: Introduction to the information security management system (ISMS) and ISO/IEC 27001
Day 2: Audit principles, preparation, and initiation of an audit
Day 3: On-site audit activities
Day 4: Closing the audit
Day 5: Certification Exam
Day 1: Introduction to the information security management system (ISMS) and ISO/IEC 27001
Day 2: Audit principles, preparation, and initiation of an audit
Day 3: On-site audit activities
Day 4: Closing the audit
Day 5: Certification Exam
Examination
The “PECB Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program(ECP). The exam covers the following competency domains:
Domain 1: Fundamental principles and concepts of Information Security Management System (ISMS)
Domain 2: Information Security Management System (ISMS)
Domain 3: Fundamental audit concepts and principles
Domain 4: Preparation of an ISO/IEC 27001 audit
Domain 5: Conducting an ISO/IEC 27001 audit
Domain 6: Closing an ISO/IEC 27001 audit
Domain 7: Managing an ISO/IEC 27001 audit program
For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certification
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. For more information about ISO/IEC 27001 certifications and the PECB certification process, please refer to the Certification Rules and Policies.
Note: PECB Certified Individuals who do possess the Lead Implementer and Lead Auditor Credentials are qualified for the respective PECB Master Credential, given they have taken 4 additional Foundation Exams which are related to this scheme. For more detailed information about the Foundation Exams and the overall Master Requirements, please go to the following link: https://pecb.com/en/master-credentials.
To be considered valid, these audits should follow best audit practices and include the following activities:
- Audit planning
- Audit interview
- Managing an audit program
- Drafting audit reports
- Drafting non-conformity reports
- Drafting audit working documents
- Documentation review
- On-site Audit
- Follow-up on non-conformities
- Leading an audit team
General information
- Certification and examination fees are included in the price of the training course
- Training material containing over 450 pages of information and practical examples will be distributed
- An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- In case of exam failure, you can retake the exam within 12 months for free
The ISO/IEC 27001 Transition training course enables participants to thoroughly understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022. In addition, participants will acquire knowledge on the new concepts presented by ISO/IEC 27001:2022.
Why should you attend?
The new version of ISO/IEC 27001 has been recently published and is now aligned with the new version of ISO/IEC 27002, which was published in February, 2022.
The major changes between ISO/IEC 27001:2022 and ISO/IEC 27001:2013 are noticed in the information security controls of Annex A, whereas a few other minor changes are present in the clauses of the standard too. Furthermore, the title of ISO/IEC 27001:2022 differs from the title of ISO/IEC 27001:2013, as now the standard is titled Information security, cybersecurity and privacy protection — Information security management systems — Requirements.
The “PECB ISO/IEC 27001 Transition” training course provides detailed information on the revised clauses, the new terminology, and the differences in the controls of Annex A. Additionally, this training course provides participants with the necessary knowledge to support organizations in planning and implementing the changes in their ISMS to ensure conformity with ISO/IEC 27001:2022. As such, you will be able to participate in projects to transition from an ISMS based on ISO/IEC 27001:2013 to an ISMS based on ISO/IEC 27001:2022.
Once you become acquainted with the new concepts and requirements of ISO/IEC 27001:2022 by attending the training course, you can sit for the exam, and if you successfully pass it, you can apply for the “PECB Certified ISO/IEC 27001 Transition” credential. This certificate will prove that you have up-to-date knowledge and professional capabilities to successfully update an ISMS based on the requirements of ISO/IEC 27001:2022.
Who should attend?
This training course is intended for:
- Individuals seeking to remain up-to-date with ISO/IEC 27001 requirements for an ISMS
- Individuals seeking to understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022 requirements
- Individuals responsible for transitioning an ISMS from ISO/IEC 27001:2013 to ISO/IEC 27001:2022
- Managers, trainers, and consultants involved in maintaining an ISMS
- Professionals wishing to update their ISO/IEC 27001 certificates
Learning objectives
Upon successfully completing the training course, participants will be able to:
- Explain the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022
- Interpret the new concepts and requirements of ISO/IEC 27001:2022
- Plan and implement the necessary changes to an existing ISMS in accordance with ISO/IEC 27001:2022
Educational approach
- This training course is based on theory, and best practices used in the process of transitioning an ISMS from ISO/IEC 27001:2013 to ISO/IEC 27001:2022
- Lecture sessions are illustrated with quizzes
- Quizzes have a similar structure to the certification exam
Prerequisites
Participants who attend this training course need to have a fundamental understanding of information security concepts and ISO/IEC 27001 requirements.
Course agenda
Day 1: Introduction to ISO/IEC 27001:2022 and comparison to ISO/IEC 27001:2013
Day 2: Comparison between Annex A controls of ISO/IEC 27001:2013 and ISO/IEC 27001:2022
Examination
The “PECB Certified ISO/IEC 27001 Transition” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:
Domain 1: Differences between main clauses of ISO/IEC 27001:2013 and ISO/IEC 27001:2022
Domain 2: Differences between Annex A controls of ISO/IEC 27001:2013 and ISO/IEC 27001:2022
For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certification
After successfully completing the exam, you can apply for the credential shown on the table below. You will receive a certificate once you fulfill all the requirements of the credential.
General information
- Certification and examination fees are included in the price of the training course.
- Participants will be provided with training course materials containing over 120 pages of information, practical examples, and quizzes.
- An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- Candidates who have completed the training course but failed the exam are eligible to retake the exam once for free within a 12-month period from the initial date of the exam.