Discover your certification today Browse
Open page navigation
riskcompliancecontinual improvementframeworkscustomer confidencecyber securitydata breachesdata protection

ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).

The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.

ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.

Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.

The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.

ISO/IEC 27001 Foundation digital badge


Gain foundation level knowledge of how the standard operates in a typical organization.

Risk Management, Compliance, Cyber Security, Information Management & Analysis
Who is Foundation for?

This certification is aimed at those who are:

  • Supporting the implementation, operation or maintenance of an ISMS within an organization.
  • Required to audit an ISMS and to have a basic understanding of the standard.
  • Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.
  • Preparing for the ISO/IEC 27001 Practitioner - Information Security Officer qualification.
What are the key things you will learn?
  • The scope and purpose of ISO/IEC 27001 and how it can be used.
  • The key terms and definitions used in the ISO/IEC 27000 series.
  • The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement.
  • The processes, their objectives and high level requirements.
  • Applicability and scope definition requirements.
  • Use of controls to mitigate IS risks.
  • The purpose of internal audits and external certification audits, their operation and the associated terminology.
  • The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.
Exam format:
  • Multiple choice format
  • 50 questions per paper
  • 25 marks or more required to pass (out of 50 available) – 50%
  • 40 minute duration
  • Closed book


ISO/IEC 27001 Practitioner digital badge

Practitioner - Information Security Officer

Learn to apply the standard to enable the management of information security.

Stakeholder Engagement, Risk Management, Compliance, Client Engagement, Cyber Security, IT Management, Information Management & Analysis
What is required?
  • APMG ISO/IEC 27001 Foundation certificate.
  • TÜV SÜD ISO27001 Foundation certificate. 
Who is Practitioner - Information Security Officer for?

This qualification is aimed at those who are:

  • Internal managers and personnel working to implement, maintain and operate an ISMS within an organization.
  • External consultants supporting an organization’s implementation, maintenance and operation of an ISMS.
  • Internal auditors who are required to have an applied knowledge of the standard.
What are the key things you will learn?
  • Applying the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context.
  • Applying the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
  • How to analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement.
  • How to analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS.
  • How to create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001.
  • How to identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001.
Exam format:
  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) – 50%
  • 2 ½ hour duration
  • Open book    


Advanced options


Satellite overlooking earth

CDCAT® Insurance Services

Gain full awareness before accepting cover

View more
Man with a head torch shining light into the sky

GCHQ Certified Training (GCT)

Leading the search for exceptional cyber security training courses

View more
Person stood on a cliff edge looking upon clouds rolling through mountains

The Cloud Industry Forum (CIF) Code of Practice

Ensure your cloud services are a beauty to behold

View more



What is a ISO/IEC 27001 digital badge?

Digital badges allow you to easily showcase your achievements online.

When you pass an exam - you'll instantly have the option to claim a digital badge representing your new certificate.

Your badge can be embedded on an email signature, website, social media or digital CV.

With just one click employers, customers and clients can easily view and verify your credentials and skills.

Please download our digital sharing presentation for more information.

How do I claim my ISO/IEC 27001 digital badge?

Once you’ve been notified that you’ve passed your exam - you will have the option to create a digital badge in APMG's Candidate Portal.

Visit APMG's Candidate Portal, view your exam results and select 'Create Badge'.

This takes you to the Acclaim website where the digital badges are hosted. You will be guided through the Acclaim account creation process.

Once you have created an account with Acclaim - login into the account and accept your pending badge.

How is ISO/IEC 27001 Structured?

ISO/IEC 27001 is the formal specification defining the requirements for an ISMS. It includes:

  • ISMS planning, support and operational requirements.
  • Leadership responsibilities.
  • Performance evaluation of the ISMS.

What will the Foundation level qualification assess?

The Foundation level qualification assesses your knowledge of the contents and high level requirements of the ISO/IEC 27001 standard.

There is no pre-requisite for the Foundation qualification but a background in information security or service management would be an advantage.

**Please note that ISO/IEC 27001 Foundation candidates needs to study a supplementary paper in order to be fully prepared for the examination. 

Exam Format

  • Multiple choice format
  • 50 questions per paper
  • 25 marks or more required to pass (out of 50 available) – 50%
  • 40 minute duration
  • Closed book.

What will the Practitioner - Information Security Officer level qualification assess?

The Practitioner - Information Security Officer level qualification assesses your application of ISO/IEC 27001 knowledge to given business scenarios, enabling the candidate to demonstrate more detailed knowledge and capability.

The Foundation qualification is a prerequisite for this qualification.
Exam Format

  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) – 50%
  • 2 ½ hour duration
  • Open book.

When will I receive my certificate?

A foundation certificate will be dispatched approximately 2 weeks after we have received your exam paper, if you only took the foundation exam. If you sat a Practitioner - Information Security Officer exam, or both exams, a Practitioner - Information Security Officer certificate will be dispatched 2 weeks after the Practitioner - Information Security Officer results have been released.
Please note that if you have taken your examinations via an ATO, certificates will be dispatched based on the preferences that the ATO selected when booking the exam. The ATO can select either an e-certificate or hard copy and whether this type is sent to the ATO or directly to the candidate. If you have not received your certificate within the above time frames please contact our Customer Interaction Team –


Please tell us your training requirements and we'll find you a training provider


Please provide your company details to begin your journey to becoming accredited