0845 450 6120

ISO 27001: 2013 Foundation

This three day ISO/IEC 27001 Foundation training course will introduce delegates to the requirements and principles of ISO/IEC 27001, providing delegates with an awareness of the issues and challenges involved in implementing an information security management system.
This practical foundation course is designed to provide an introduction to information security management (ISM) systems as set out in ISO/IEC 27001:2013.

Intended Audience:

Security and IT professionals, those responsible for risk and audit or project managers responsible for ISO27001 compliance programmes.

Learning Objectives

  • The detailed requirements of ISO/IEC 27001:2013
  • How to identify information assets
  • How to identify the threats, vulnerabilities and risks associated with Assets
  • How to Plan the ISMS implementation program: Timescales and resources. Risk assessment and management, Producing a Statement of Applicability and Documentation, monitoring and auditing
  • Preparing for certification
  • Sources of information and further development


There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2013, and BS ISO_IEC 27002_2013.

Course Content

Day 1:

  1. Why do you need certification to ISO 27001?
  2. The relationship between ISO27001, and ISO27002
  3. What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit
  4. Over view of the stages of the ISMS
  5. Defining an Information Security Policy
  6. Defining the scope of the ISMS
  7. What are information assets, and identifying them?
  8. Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk
  9. Risk measurement

Results and conclusions resulting from an assessment
Risk reduction and acceptance techniques

Day 2:

  1. Determining control objectives
  2. Selecting control objectives and controls
  3. Information Security Overview
  4. ISO 27001/ ISO27002 control objectives and controls
  5. The application of countermeasures, Creating a workable countermeasure
  6. Preparing a Statement of Applicability
  7. Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit

Day 3:

  1. Preparing for formal certification audits
  2. The phase 1 and 2 ISO 27001 audits
  3. Maintaining Certification

Please note, this course does not include ISO27001 Lead Auditor training modules.

One Month
Two Months
Three Months
More than Three Months
PRINCE2 Foundation & Practitioner
MSP Foundation & Practitioner
APMP Certificate
ITIL Foundation
Scrum in One Day
Certified ScrumMaster
ISTQB Software Test Foundation
Microsoft Project
BCS Business Analysis Practice
Other - Please Specify Below

Our Customers Include