Discover your certification today Browse
Open page navigation
compliancecontinual improvementcustomer confidencecyber securitydata breachesdata protectionframeworksrisk

ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).

The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.

ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.

Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.

The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.

Choose a level to get started

RELATED PRODUCTS

Man and woman displaying open palms, holding scrabble pieces spelling 'forever'

ISO/IEC 20000

Demonstrate your ongoing commitment to exceptional IT service management

View more
Towering skyscrapers from ground perspective

CHAMPS2® - Business Change

Facilitating a business' rise to greatness

View more
Plane landing in the ocean

Management of Portfolios (MoP®)

Navigating projects and programs towards a happy landing

View more

HAVE A QUESTION?

FAQs

How is ISO/IEC 27001 Structured?

ISO/IEC 27001 is the formal specification defining the requirements for an ISMS. It includes:

  • ISMS planning, support and operational requirements.
  • Leadership responsibilities.
  • Performance evaluation of the ISMS.

What will the Foundation level qualification assess?

The Foundation level qualification assesses your knowledge of the contents and high level requirements of the ISO/IEC 27001 standard.

There is no pre-requisite for the Foundation qualification but a background in information security or service management would be an advantage.

**Please note that ISO/IEC 27001 Foundation candidates needs to study a supplementary paper in order to be fully prepared for the examination. 

Exam Format
Multiple choice format
50 questions per paper
25 marks or more required to pass (out of 50 available) – 50%
40 minute duration
Closed book.

What will the Practitioner level qualification assess?

The Practitioner level qualification assesses your application of ISO/IEC 27001 knowledge to given business scenarios, enabling the candidate to demonstrate more detailed knowledge and capability.

The Foundation qualification is a prerequisite for this qualification.

Exam Format

Objective Testing
4 questions per paper with 20 marks available per question
40 marks or more required to pass (out of 80 available) – 50%
2 ½ hour duration
Open book.