Home » ISO/IEC 27001: 2013 Foundation

ISO/IEC 27001: 2013 Foundation

Delivery Method: E-learning, Onsite




This two-day course leads to the ISO/IEC27001 Foundation certificate in IT Security Management. The course overviews the recently revised version of 2013. ISO/IEC 27001:2013 builds upon established foundations as the most widely recognized international standard specifically aimed at information security management. The adoption of an Information Security Management System (ISMS) is a strategic decision driving the coordination of operational security controls across all of the organizations electronic and physical information resources.

ISO/IEC 27001:2013 defines the requirements for an ISMS, which includes: ISMS planning, support and operational requirements; leadership responsibilities; performance evaluation of the ISMS; internal ISMS audits; ISMS improvement; and, control objectives and controls.

The course consists of short lectures, exercises, discussions, examination technique training, mock examinations and culminates in an invigilated examination on the final day.

This course will ensure delegates understand the value to the business of the ISO/IEC 27001:2013 standard. There is an in-depth review of the key concepts and activities needed to properly plan for the implementation, management and improvement of an Information Security Management System. The course also ensures a thorough understanding of associated activities, roles, responsibilities, challenges, risks and critical success factors:

  • Best practice in Information Security Management and how to apply this within your organization
  • Scope and purpose of the ISO/IEC 27001 standard and how it can be implemented within an organisation
  • Understand the key terms and definitions used in ISO/IEC 27001 to effectively roll out the principles
  • Leverage the fundamental ISO/IEC 27001 requirements for an ISMS to address the need to continually improve
  • Recognize the purpose of internal audits and external certification audits, their operation and the associated terminology

ISO/IEC 27001:2013 is the formal specification and defines the requirements for an ISMS, which includes:

  • ISMS planning, support and operational requirements
  • Leadership responsibilities
  • Performance evaluation of the ISMS
  • Internal ISMS audits
  • ISMS improvement
  • Control objectives and controls

The ISO/IEC 27001:2013 Foundation would suit candidates working in the following professions or areas:

  • Both IT and business people will benefit from this course
  • Those requiring a basic understanding of the Information Security
    IT professionals or others working within an organization that is aligned or planning to be aligned with the ISO/IEC 27000 suite of standards
  • Anyone involved in or contributing to an on-going service improvement program
  • The Information Security Foundation is open to all individuals who may have an interest in the subject

Although there is no mandatory requirement, ideally candidates should have at least two years professional experience working within IT Service or Security Management.

Explore More IT Security Management Courses