Discover your certification today Browse
Open page navigation
riskcompliancecontinual improvementframeworkscustomer confidencecyber securitydata breachesdata protection

ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).

The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.

ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.

Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.

The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.


Gain foundation level knowledge of how the standard operates in a typical organization.

Risk Management, Compliance, Cyber Security, Information Management & Analysis
Who is Foundation for?

This certification is aimed at those who are:

  • Supporting the implementation, operation or maintenance of an ISMS within an organization.
  • Required to audit an ISMS and to have a basic understanding of the standard.
  • Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.
  • Preparing for the ISO/IEC 27001 Practitioner qualification.
What are the key things you will learn?
  • The scope and purpose of ISO/IEC 27001 and how it can be used.
  • The key terms and definitions used in the ISO/IEC 27000 series.
  • The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement.
  • The processes, their objectives and high level requirements.
  • Applicability and scope definition requirements.
  • Use of controls to mitigate IS risks.
  • The purpose of internal audits and external certification audits, their operation and the associated terminology.
  • The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.
Exam format:
  • Multiple choice format
  • 50 questions per paper
  • 25 marks or more required to pass (out of 50 available) – 50%
  • 40 minute duration
  • Closed book



Learn to apply the standard to enable the management of information security.

Stakeholder Engagement, Risk Management, Compliance, Client Engagement, Cyber Security, IT Management, Information Management & Analysis
What is required?
  • APMG ISO/IEC 27001 Foundation certificate.
Who is Practitioner for?

This qualification is aimed at those who are:

  • Internal managers and personnel working to implement, maintain and operate an ISMS within an organization.
  • External consultants supporting an organization’s implementation, maintenance and operation of an ISMS.
  • Internal auditors who are required to have an applied knowledge of the standard.
What are the key things you will learn?
  • Applying the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context.
  • Applying the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security.
  • How to analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement.
  • How to analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS.
  • How to create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001.
  • How to identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001.
Exam format:
  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) – 50%
  • 2 ½ hour duration
  • Open book    


Advanced options


Knight raising his sword while blocking with his shield

Cyber Resilience and Security

Strengthen your knowledge or an organization’s resilience against cyber based threats

View more
Satellite overlooking earth

CDCAT® Insurance Services

Gain full awareness before accepting cover

View more
Person stood on a cliff edge looking upon clouds rolling through mountains

The Cloud Industry Forum (CIF) Code of Practice

Ensure your cloud services are a beauty to behold

View more



How is ISO/IEC 27001 Structured?

ISO/IEC 27001 is the formal specification defining the requirements for an ISMS. It includes:

  • ISMS planning, support and operational requirements.
  • Leadership responsibilities.
  • Performance evaluation of the ISMS.

What will the Foundation level qualification assess?

The Foundation level qualification assesses your knowledge of the contents and high level requirements of the ISO/IEC 27001 standard.

There is no pre-requisite for the Foundation qualification but a background in information security or service management would be an advantage.

**Please note that ISO/IEC 27001 Foundation candidates needs to study a supplementary paper in order to be fully prepared for the examination. 

Exam Format
Multiple choice format
50 questions per paper
25 marks or more required to pass (out of 50 available) – 50%
40 minute duration
Closed book.

What will the Practitioner level qualification assess?

The Practitioner level qualification assesses your application of ISO/IEC 27001 knowledge to given business scenarios, enabling the candidate to demonstrate more detailed knowledge and capability.

The Foundation qualification is a prerequisite for this qualification.

Exam Format

Objective Testing
4 questions per paper with 20 marks available per question
40 marks or more required to pass (out of 80 available) – 50%
2 ½ hour duration
Open book.

When will I receive my certificate?

A foundation certificate will be dispatched approximately 2 weeks after we have received your exam paper, if you only took the foundation exam. If you sat a practitioner or both exams, a practitioner certificate will be dispatched 2 weeks after the practitioner results have been released.
Please note that if you have taken your examinations via an ATO, certificates will be dispatched based on the preferences that the ATO selected when booking the exam. The ATO can select either an e-certificate or hard copy and whether this type is sent to the ATO or directly to the candidate. If you have not received your certificate within the above time frames please contact our Customer Interaction Team –


Please tell us your training requirements and we'll find you a training provider


Please provide your company details to begin your journey to becoming accredited