Discover your certification today Browse
Open page navigation
compliancecontinual improvementcustomer confidencecyber securitydata breachesdata protectionframeworksrisk

ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).

The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.

ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.

Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements.

The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.

Choose a level to get started


Cobit illustration

COBIT® 5 - IT Governance Framework

Optimizing IT across the entire enterprise

View more
Satellite overlooking earth

CDCAT® Insurance Services

Gain full awareness before accepting cover

View more
Oil drilling

Management of Value (MoV®)

Extracting the maximum value from your projects and programs

View more



How is ISO/IEC 27001 Structured?

ISO/IEC 27001 is the formal specification defining the requirements for an ISMS. It includes:

  • ISMS planning, support and operational requirements.
  • Leadership responsibilities.
  • Performance evaluation of the ISMS.

What will the Foundation level qualification assess?

The Foundation level qualification assesses your knowledge of the contents and high level requirements of the ISO/IEC 27001 standard.

There is no pre-requisite for the Foundation qualification but a background in information security or service management would be an advantage.

**Please note that ISO/IEC 27001 Foundation candidates needs to study a supplementary paper in order to be fully prepared for the examination. 

Exam Format
Multiple choice format
50 questions per paper
25 marks or more required to pass (out of 50 available) – 50%
40 minute duration
Closed book.

What will the Practitioner level qualification assess?

The Practitioner level qualification assesses your application of ISO/IEC 27001 knowledge to given business scenarios, enabling the candidate to demonstrate more detailed knowledge and capability.

The Foundation qualification is a prerequisite for this qualification.

Exam Format

Objective Testing
4 questions per paper with 20 marks available per question
40 marks or more required to pass (out of 80 available) – 50%
2 ½ hour duration
Open book.