Browse our certifications
Find training
Open page navigation
  1. Inicio
  2. ISO/IEC 27001
compliancecontinual improvementcustomer confidencecyber securitydata breachesdata protectionframeworks

ISO/IEC 27001 (ISO 27001) is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).

The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.

ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.

Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.

The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.

 

db_ISO/IEC27001_foundation

ISO/IEC 27001 Foundation

Gain foundation level knowledge of how the standard operates in a typical organization.

Compliance, Cyber Security, Information Management & Analysis, Risk Management
Who is Foundation for?

This certification is aimed at those who are:

  • Supporting the implementation, operation or maintenance of an ISMS within an organization.
  • Required to audit an ISMS and to have a basic understanding of the standard.
  • Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.
  • Preparing for the ISO/IEC 27001 Practitioner - Information Security Officer qualification.
What are the key things you will learn?
  • The scope and purpose of ISO/IEC 27001 and how it can be used.
  • The key terms and definitions used in the ISO/IEC 27000 series.
  • The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement.
  • The processes, their objectives and high level requirements.
  • Applicability and scope definition requirements.
  • Use of controls to mitigate IS risks.
  • The purpose of internal audits and external certification audits, their operation and the associated terminology.
  • The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.
Exam format:
  • Multiple choice format
  • 50 questions per paper
  • 25 marks or more required to pass (out of 50 available) – 50%
  • 40 minute duration
  • Closed book

 

db_ISO/IEC27001_practitioner

ISO/IEC 27001 Practitioner - Information Security Officer

Learn to apply the standard to enable the management of information security.

Compliance, IT Management, Risk Management
What is required?
  • APMG ISO/IEC 27001 Foundation certificate.
  • TÜV SÜD ISO27001 Foundation certificate. 
  • ICO-CERT ISMS 27001 Foundation certificate.
Who is Practitioner - Information Security Officer for?

This qualification is aimed at those who are:

  • Internal managers and personnel working to implement, maintain and operate an ISMS within an organization.
  • External consultants supporting an organization’s implementation, maintenance and operation of an ISMS.
  • Internal auditors who are required to have an applied knowledge of the standard.
What are the key things you will learn?
  • Applying the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context.
  • Applying the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
  • How to analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement.
  • How to analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS.
  • How to create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001.
  • How to identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001.
Exam format:
  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) – 50%
  • 2 ½ hour duration
  • Open book    
db_ISO/IEC27001_auditor

ISO/IEC 27001 Auditor

Certify your expertise in performing audits against the ISO 27001 standard.

Information Management & Analysis
Who is ISO 27001 Auditor for?
  • Third-party auditors working for Certification Bodies, responsible for conducting audits which certify organizations against ISO 27001 and ISO 19011.
  • Internal auditors seeking to understand the specific requirements of auditing Information Security Management Systems needed to confirm that an organization conforms to the ISO 27001 or ISO 19011 standard.
What are the key things you will learn?
  • How to audit organizations to identify conformity with ISO 27001.
  • How to evaluate the principles of risk management - including risk identification, analysis and evaluation.
  • How to propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
  • Leading organizations through an audit program.
  • Directing audit teams.
  • Evaluating the effectiveness of applied corrective actions to maintain ISMS conformity with ISO 27001.
Exam format:
  • 40 questions
  • Multiple choice format
  • 120 minute duration
  • 20 marks or more required to pass (out of 40 available) - 50%
  • Open book: ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO 19011:2018, APMG ISO/IEC 27001 Suppmenentary Paper

Rate your experience with us...

FIND A TRAINING PROVIDER

ISO/IEC 27001 Foundation
ISO/IEC 27001 Practitioner - Information Security Officer
ISO/IEC 27001 Auditor
Opciones avanzadas
Choose for me

SFIA Framework

Visit SFIA
The SFIA Framework is the global common reference for skills and competency for the digital world
SFIA is a globally recognised framework that “identifies skills needed for the Information age”. This APMG certification has been mapped against the SFIA Framework to help you see which certifications are most relevant to your professional development.
Full details on SFIA website
ISO/IEC 27001 Foundation
Knowledge
This certification confirms (endorsement)
Generic attribute Knowledge up to level 3, Audit level 3, Information Security level 3, Threat Intelligence level 2
...
This certification would be useful for (development)
Same as above plus Information Security level 4, Vulnerability Assessment up to level 3
...
ISO/IEC 27001 Practitioner - Information Security Officer
Knowledge
This certification confirms (endorsement)
Generic attribute Knowledge up to level 4, Generic attribute Business Skills up to level 4, Audit up to level 4, Information Security up to level 4
...
This certification would be useful for (development)
Same as above plus Information Security level 5, Audit level 5
...
ISO/IEC 27001 Auditor
Knowledge
This certification confirms (endorsement)
Generic attribute Knowledge up to level 4, Generic attribute Business Skills up to level 4, Audit up to level 5
...
This certification would be useful for (development)
Same as above
...

RELATED PRODUCTS

Leopard

CDCAT® - Cyber Defence Capability Assessment Tool

Unrivalled intelligence and agility

View more
CIISec Product image

CIISEC - Information and Cyber Security Foundation (ICSF)

A brand new, entry level exam for Cyber Security from the Chartered Institute of Information Security (CIISec)

View more

Certified Cyber Professional (CCP) assured service

Recognising competent cyber security experts

View more

EXPAND YOUR KNOWLEDGE

AIP Image
Anuncio

New certification Artificial Intelligence Practitioner launches

APMG International is excited to announce a new enterprise-wide certification in Artificial Intelligence (Artificial Intelligence Practitioner)
Cyber Analyst
26 Noviembre 2024
Virtual event

Automation Days Asia 2024

Asia's largest automation virtual conference
Cyber Analyst
Blog

Cyber Security Analyst

Protecting your data, safeguarding your future – the digital guardians against cyber threats. This role is vital in ensuring the safety and integrity of an o...

CONTACT US

FAQs

What is ISO/IEC 27001?

ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS). It forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

Do I have to receive training to sit the exam?

No, however this is recommended. In addition to receiving accredited training, individuals also have the option of self-study to prepare for the examinations. APMG-International administer public exam sessions around the world to accommodate those who self-study.

How can I train for the ISO/IEC 27001 examinations?

Training for ISO/IEC 27001 is available from the network of Accredited Training Organizations (ATOs) who are assessed and certified by APMG-International. The full list of ISO/IEC 27001 ATOs can be found at https://www.apmg-international.com . Only these organizations and registered partners/affiliates are authorized to deliver ISO/IEC 27001 training.

How do I sit the exam(s)?

Accredited Training Organizations (ATOs) usually include the examination as part of their training course – please check with your ATO before booking.

For those who self-study, the exam can be taken anywhere in the world, from the comfort of your home or workplace, with online proctoring.  A proctor will access your exam as you take it to monitor the exam environment through your computer's desktop, webcam and microphone.

Once you have booked an exam, you will be given a registration email to schedule an appointment with your live proctor via our Candidate Portal. Our online proctoring system allows you to take your exam anytime as sessions are available 24 hours a day, 7 days a week. For more information, please click here: https://apmg-international.com/exams

APMG also administers a limited number of public exam sessions at some of our regional offices. Click here for further information and to book an exam: https://publicexambookings.apmg-international.com/

How much does it cost to sit the ISO/IEC 27001 examination?

If you are sitting the examination through an accredited training organization, the cost of the exam is generally included in the course fee but please check with your training provider at the time of booking.

APMG-International use a global pricing structure, so if you are studying at home, the cost is dependent on where the country in which the exam is being sat. To find out the cost in your region, please

Are there any pre-requisites for the ISO/IEC 27001 examinations?

  • Foundation: there are no pre-requisites for this level
  • Practitioner Information Security Officer: The Foundation qualification is a pre-requisite for this level. APMG will also accept TÜV SÜD ISO/IEC 27000 Foundation or ICO-CERT ISMS 27001 Foundation.
  • Auditor: It is recommended (not mandated) that candidates hold the APMG ISO/IEC 27001 Foundation level (or equivalent qualification) before attending this course. The Auditor level assumes candidates have knowledge of the ISO/IEC 27001 and ISO 19011 standards, and their application in a given situation.

What are the main publications for ISO/IEC 27001 and where can I purchase them?

Foundation

The primary references for the Foundation qualification are the International Standards:

  • ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems – Requirements
  • ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems - Overview and vocabulary.

Other references are made to:

  • Supplementary reference paper for ISO/IEC 27001 Qualification.

The Foundation level requires knowledge of the requirements in ISO/IEC 27001:2022 and the terms, definition and concepts in ISO/IEC 27000:2018 as well as information in the supplementary reference paper as stated in the syllabus topic. It is essential that all delegates have access to a personal copy of ISO/IEC 27001:2022  and the Supplementary Reference Paper during any training course. Delegates should have access to a personal copy of ISO/IEC 27000:2018 or to the information referenced from it in this syllabus. Please note that the examination is closed book. The references provided should be considered to be indicative rather than comprehensive, i.e. there may be other valid references within the guidance.

For the primary reference, the relevant part of the standard is used as the major part of the reference and this is followed by the section number used e.g. ISO/IEC 27001, 4.2 relates to ISO/IEC 27001:2022 Clause 4.2.

The syllabus requires awareness of but does not require a detailed knowledge of other referenced standards:

  • ISO 9001:2015, Quality management systems — Requirements
  • ISO/IEC 20000-1:2018, Information technology – Service management - Part 1: Service management system requirements
  • ISO/IEC 27002:2022, Information technology -- Security techniques -- Code of practice for information security management
  • ISO/IEC 27003:2017, Information technology -- Security techniques -- Information security management systems guidance
  • ISO/IEC 27004:2016 Information technology -- Security techniques -- Information security management – Monitoring, Measurement, Analysis and Evaluation
  • ISO/IEC 27005:2022, Information technology -- Security techniques -- Information security risk management
  • ISO/IEC 27006:2015, Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems
  • ISO/IEC 27013:2015, Information technology -- Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1.

Practitioner Information Security Officer

The primary references for the Practitioner – Information Security Officer course are the International Standards:

  • ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems – Requirements
  • ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems - Overview and vocabulary
  • ISO/IEC 27002:2022, Information technology -- Security techniques -- Code of practice for information security controls
  • ISO/IEC 27005:2022, Information technology -- Security techniques -- Information security risk management

Reference is made to ISO/IEC 27003:2017, Information technology -- Security techniques Information security management system implementation guidance. Candidates do not need their own copy of this standard as the relevant information is available in the Supplementary reference paper for ISO/IEC 27001 Qualification, Sections 5 and 6.

Candidates are allowed to have a printed or digital copy of the standards listed above during the exam. 

Syllabus topics at levels 3 and 4 provide the primary references but may also include any other topic from the syllabus area. It is essential that all delegates have access to a personal copy of ISO/IEC 27001:2022 and the Supplementary Reference Paper during any training course. Delegates should have access to a personal copy of ISO/IEC 27002:2013 and ISO/IEC 27005:2022. Please note that the examination is open book.

Auditor

The primary references for the ISO/IEC 27001 Auditor course are the International Standards:

  • ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems – Requirements
  • ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems - Overview and vocabulary
  • ISO/IEC 27002:2022, Information technology -- Security techniques -- Code of practice for information security management
  • ISO 19011:2018 Guidelines for auditing management systems
  • APMG ISO/IEC 27001 Supplementary Paper

Other references are made to the Supplementary reference paper for ISO/IEC 27001 Qualification.

It is mandatory that all delegates have access to a personal copy of these documents during their training and at the Examination.

Please note that Auditor examinations are open book. No content related individual notes in the used standards are permitted.

Syllabus topics at levels 3 and 4 provide the primary references but may also include any other topic from the syllabus area.

The references provided should be considered to be indicative rather than comprehensive, i.e. there may be other valid references within the guidance.

For the primary reference, the relevant part of the standard is used as the major part of the reference and this is followed by the section number used e.g. ISO/IEC 27001, 4.2 relates to ISO/IEC 27001:2013 Clause 4.2.

How long will it take to learn the ISO/IEC 27001 material?

For individuals self-studying it is almost impossible to say. As all candidates have different experience and amount of time available for study, it varies from person to person. We suggest you buy the manual and have a look through for yourself before deciding how long you need to spend learning.

For those studying with an accredited training organization, Foundation courses are generally delivered over 3 days, while combined Foundation and Practitioner courses are generally delivered over 5 days. It is well worth investigating with individual providers, as some will offer tailored, online or blended learning solutions.

What is the structure of the ISO/IEC 27001 examinations?

Summaries of the structure of the ISO/IEC 27001 Foundation, Practitioner Information Security Officer and Auditor examinations are below:

Foundation

  • Multiple choice format
  • 50 questions per paper
  • 25 marks or more required to pass (out of 50 available) – 50%
  • 40 minute duration
  • Closed book.

Practitioner Information Security Officer

  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) – 50%
  • 2 ½ hour duration
  • Open book.
  • The exam is to be taken with the support of only the following British Standards,
    ISO/IEC 27000:2018
    ISO/IEC 27001:2022
    ISO/IEC 27002:2022
    ISO/IEC 27003:2017
    ISO/IEC 27005:2022

Auditor

  • Multiple choice exam, using mini scenario-based questions
  • 40 question paper
    • APMG ISO/IEC 27001 Supplementary Paper
  • The pass mark for candidates is 50% (20/40)
  • 120 minute duration
  • Restricted open book.
  • The following documents are allowed during the exam:

            ISO/IEC 27001:2013  

            ISO/IEC 27002:2013      

            ISO 19011:2018

Is there a sample paper that I can practice on?

Yes, all candidates can access a sample exam paper to practice on via the Candidate Portal. Access to the Candidate Portal is given once you have purchased a self-study exam or your ATO has registered your exam date and time with APMG.

When can I expect the results of my ISO/IEC 27001 examinations?

ISO/IEC 27001 Foundation examinations can be marked at the end of your exam with provisional results provided. Practitioner answer sheets are marked at APMG-International offices and results released soon after.

APMG will issue formal notification of your exam result once your exam paper has been received back into our office. All results will be made available in your Candidate Portal.

If you did not take your exam through an ATO, your results will be sent directly to you via the relevant APMG-International office approximately 7-10 days after the date of your exam.

When will I receive my certificate?

Candidates will automatically be sent an electronic certificate within two business days of their exam results being released. If you have not received your certificate within this timeframe please contact our Customer Interaction Team - servicedesk@apmg-international.com

Electronic certificates are environmentally friendly but can be printed if required. It is also very easy to share them with employers and other third parties. APMG will send you a link to your registered email address. This link will take you to your Candidate Portal where you will find your electronic certificate(s). You can always access all your electronic certificates using the APMG Candidate Portal.

How do I become an ISO/IEC 27001 trainer?

To be eligible to apply to become an ISO/IEC 27001 trainer, individuals must hold the certificate for the course that you wish to teach. All trainers must be ‘sponsored’ by an APMG accredited training organization. To find out more about becoming a trainer, please contact your local APMG representative: https://apmg-international.com/contact

How do I become an ISO/IEC 27001 accredited training organization (ATO)?

An organization wishing to become an ISO/IEC 27001 ATO must first contact our Service Desk. They will put you in touch with your local busines development manager who can discuss the accreditation process with you. 

Can I earn PMI® PDUs for attending an accredited training course?

It is possible to earn PMI Education PDUs for attending third-party provider training (training courses not offered by a PMI Authorized Training Partner), as long as the training meets the requirements around the skill areas of the PMI Talent Triangle. Please check the PMI website (https://www.pmi.org/certifications/certification-resources/maintain/earn-pdus/education) for further details on how to record your PDUs and what supporting evidence is required.

FIND ME A TRAINING PROVIDER

ISO/IEC 27001

Please tell us your training requirements and we'll find you a training provider

BECOME A TRAINING ORGANISATION

Please provide your company details to begin your journey to becoming accredited

Catalogue & details
Close

Certifications & Solutions

Accredited Training Organizations

Aerospace

Aerospace Auditor Authentication Body (AAB) Scheme

Business

Active Qualified Human Resource Organization (AQRO®) Stress-Free Efficiency

Analytics Translation

APMP Micro-Certification

APMP® - Bid & Proposal Management Certification

Business Relationship Management (BRM) certification

Business Resilience Fundamentals

businessagility.works® Foundations

Certified Customs Clearance Agent Training

Certified Professional Technical Communicator (CPTC™)

Chain of Responsibility (CoR) Lead Auditor Certification

Clear Path to Cash Professional

Critical Communication Capability Certification

Data Science with Python

Digital Transformation Certification

DTMethod® (Design Thinking Methodology)

Enterprise Big Data Certification (EBDC)

Facilitation Training and Certification

ISO 37000 Governance of Organizations

Lean Green Belt

Lean Six Sigma

Organizational Behavior Management (OBM)

Private Brand Fundamentals

PuMP® Certification

SFIA Assessments

SFIA Digital Badges

Sourcing Governance

Strategy Implementation Professional (SIP)

The Process Communication Model® (PCM)

The Professional Services (PS) Professional®

TSIM Foundation Course

Change, Risk & Benefits

Agile Change Management Certification

Certified Local Change Agent (CLCA)

CHAMPS2® - Business Change

Change Management

Managing Benefits™ Certification

Neuroscience for Change Certification

Cyber Security

Artificial Intelligence Practitioner Certification (AIP)

CDCAT® - Cyber Defence Capability Assessment Tool

CDCAT® Classic Assessment

Certified Cyber Professional (CCP) assured service

CIISEC - Information and Cyber Security Foundation (ICSF)

Cloud Computing

Cyber Essentials

DVMS Institute - NIST Cybersecurity Framework

ISO/IEC 27001

NCSC Assured Training

NCSC Assured Training - Differentiate your course

IT Governance & Service

Artificial Intelligence – AI Certification

ASL®2 Certification - Application Services Library

BiSL® (Business Information Services Library)

COBIT® 5 - IT Governance Framework Certification

Digital Information Design (DID)

Experience Collab Certification and Training

FitSM®

IAITAM - IT Asset Management Certifications

ISACA Certifications

ISACA COBIT 2019 – IT Governance Certification

ISACA Cybersecurity Certificate Programs

ISO/IEC 20000

Lean IT Certification

OpenSM™

Site Reliability Engineering (SRE)

Technology Business Management (TBM) Certification Training

The Service Automation Framework (SAF)

Unified Service Management (USM)

Project, Programme & Portfolio

Agile Digital Services (AgileDS™)

Agile Programme Management (AgilePgM®)

Agile Project Management (AgilePM®) Certification

AgileBA (Agile Business Analysis) Certification

AgilePM for Scrum

AI-Driven Project Manager (AIPM)

Better Business Cases™

Climate-Resilient Infrastructure Officer (CRIO) Certification

CP3P The APMG Public-Private Partnerships (PPP) Certification Program

Digital Assurance® Business Owner

Earned Value

Essentials for PMO Administrators

Essentials for PMO Analysts

Essentials for PMO Directors

Essentials for PMO Managers

Forest Garden Certification (FGC)

Global Agile Assurance®

Global Gateway Assurance®

Half Double Certification

House of PMO Essentials

Infrastructure Business Cases - International

IPMA Project Management Certification

Managing Portfolios Certification

Model Based System Engineering (MBSE) with SysML Certification Training

Praxis Framework™ - Project and Programme Management Certifications

Project Analytics Certification

Project Canvas Practitioner

Certificación Foundation en Gestión de Proyectos (PM²)

Project Management for Sustainable Development (PM4SD™)

Project Planning and Control™ (PPC) Certification

Scrum Certification

Stakeholder Engagement

WISP® (Working in Small Projects)

Leadership

STAR® Manager

Accredited training providers

Certifications & Solutions

Seleccione cualquier filtro y pulse Aplicar para ver los resultados

Búsqueda avanzada