ISO27001: 2017 Foundation

3 Day Course
Hands On
Official Curriculum

This course has been retired. Please view currently available Cyber Security Training Courses.


Collapse all

Day 1 (11 topics)

  • Why do you need certification to ISO 27001?
  • The relationship between ISO27001, and ISO27002
  • What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit
  • Over view of the stages of the ISMS
  • Defining an Information Security Policy
  • Defining the scope of the ISMS
  • What are information assets, and identifying them?
  • Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk
  • Risk measurement
  • Results and conclusions resulting from an assessment
  • Risk reduction and acceptance techniques

Day 2 (7 topics)

  • Determining control objectives
  • Selecting control objectives and controls
  • Information Security Overview
  • ISO 27001/ ISO27002 control objectives and controls
  • The application of countermeasures, Creating a workable countermeasure
  • Preparing a Statement of Applicability
  • Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit

Day 3 (3 topics)

  • Preparing for formal certification audits
  • The phase 1 and 2 ISO 27001 audits
  • Maintaining Certification


There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2017, and BS ISO_IEC 27002_2017.

Course PDF