Text size: A A A

ISO/IEC 27001 Certification

Page Banner Certifications

ISO/IEC 27001 LogoISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.

It enables organizations to demonstrate excellence and prove best practice in Information Security management. Conformance with the standard requires commitment to continually improve control of confidential and sensitive information, providing reassurance to sponsors, shareholders and customers alike.

Re-released in 2013, ISO/IEC 27001 builds upon established foundations as the most widely recognized international standard specifically aimed at information security management. The adoption of an Information Security Management System (ISMS) is a strategic decision driving the coordination of operational security controls across all of the organization’s electronic and physical information resources.

The standard can be integrated with other management system framework standards, such as the quality standard ISO 9001 and ISO/IEC 20000 for IT service management.

ISO/IEC 27001 provides a model to establish, implement, maintain and continually improve a risk-managed ISMS. The design and implementation of the management system is tailored to the organization’s objectives, information assets, operational processes and governing legal and regulatory security requirements.

ISO/IEC 27001 is the formal specification and defines the requirements for an ISMS. It includes:

  • ISMS planning, support and operational requirements
  • Leadership responsibilities
  • Performance evaluation of the ISMS
  • Internal ISMS audits
  • ISMS improvement
  • Control objectives and controls.

  Find A Training

Benefits for Individuals

  • Learn about best practice in Information Security Management and apply this within your organization.
  • Realize the scope and purpose of the standard and how it can be implemented within an organization.
  • Understand the key terms and definitions used in ISO/IEC 27001 to effectively roll out the principles.
  • Leverage the fundamental ISO/IEC 27001 requirements for an ISMS to address the need to continually improve.
  • Recognize the purpose of internal audits and external certification audits, their operation and the associated terminology.
  • Apply your knowledge to business scenarios to enhance control of information. (Practitioner qualification only)

Benefits for Organizations

  • Establish a structured approach to information security management to secure information assets.
  • Improve information security through adoption of best practices.
  • Gain a competitive differentiator when tendering for business contracts.
  • Enhance reputation with the secure management of confidential and sensitive information.
  • Demonstrate compliance with an internationally recognized standard and the ability to satisfy customer security requirements.

Foundation Qualification

The Foundation level qualification assesses your knowledge of the contents and high level requirements of the ISO/IEC 27001 standard.

There is no pre-requisite for the Foundation qualification but a background in information security or service management would be an advantage.

**Please note that ISO/IEC 27001 Foundation candidates needs to study a supplementary paper in order to be fully prepared for the examination. Please download here.

Exam Format

  • Multiple choice format
  • 50 questions per paper
  • 25 mark or more required to pass (out of 50 available) - 50%
  • 40 minute duration
  • Closed book.

Practitioner Qualification

The Practitioner level qualification assesses your application of ISO/IEC 27001 knowledge to given business scenarios, enabling the candidate to demonstrate more detailed knowledge and capability.

The Foundation qualification is a prerequisite for this qualification

Exam Format

  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) - 50%
  • 2½ hour duration
  • Open book.

The Practitioner level qualification will available from May 2014 onwards

View/download our  ISO/IEC 27001 Certification Overview Leaflet.