ISO 27001 Foundation

Information and information technology play a crucial role in most organisations today. Ensuring confidence in an organisation’s information security is now essential to business success. However, many organisations focus only on the cyber security risks and miss the opportunities that good information security enables. This is where ISO27001 can help.

ISO/IEC 27001 (ISO 27001) provides a robust and systematic approach to building and then governing information security to support business success. Being ISO 27001 certified is a trusted means to demonstrate that an organisation has an effective governance and management approach in place.

However, implementation of ISO27001 can challenge any organisation.

ALC’s 2-day ISO 27001 Foundation training allows you to learn about key concepts and the Information Security Management System and its conformance requirements in a simple and pragmatic way. The course will also demystify some of the common misconceptions of being ISO27001 certified.

Although aimed at Foundational level, the course includes methods and insights which will reward experienced risk, assurance, and compliance professionals as well.

The course includes a Foundation Certificate exam.

The ISO 27001 Foundation course is presented in association with Vital Advisory 

Learning outcomes

In this course you will learn and understand:

• How well-governed information security adds value to business
• Key concepts and structure of ISO27001
• The ISO 27000 series of standards including ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27701 (Privacy) together with ISO/IEC 31000 (Risk Management)
• Key differences between ISO/IEC 27002: 2013 and ISO/IEC 27002: 2022
• The structure and cyclical approach of an Information Security Management System (ISMS)

In addition you will gain a high-level understanding of:

• How to plan, implement and maintain an ISMS
• How to prepare for the next level of ISO 27001 in either implementation or audit 

Who should attend

This course will be beneficial to business or IT executives and team members equally. No previous experience with information security or risk management is required.

If you have any responsibilities relating to ISO 27001, or if you are just exploring whether ISO 27001 implementation is for you or not, this training is for you.

For professionals with cybersecurity, risk management, assurance, compliance or project management responsibilities, this course will provide a strong foundation to pursue advanced training (either ISO 27001 Lead Implementer or ISO 27001 Lead Auditor).

Typical attendance includes:

• ISMS process and risk champions
• Business leaders and executives
• Non-security IT team members
• Cybersecurity, technology risk or assurance professionals
• Enterprise risk, audit, or compliance professionals
• Anyone intending to pursue a career in Information Security Management

Course contents

1.   The Role of an ISMS

• Fundamental information / cyber security concepts and principles

• Information Security Management Frameworks, including ISO27001 and NIST Cybersecurity Framework
• Finding the balance between managing negative and positive information security risk
• How security supports business objectives

2.    Overview and Structure of ISO 27001 Standard

• Introduction to ISO 27001
• How ISO 27001 addresses information security issues
• The Plan-Do-Check-Act lifecycle of an ISMS implementation and maintenance
• Understanding the organisation and its context (Clause 4)
• Understanding information security risks, opportunities, and objectives (Clause 6)
• Provide governance, including leadership and commitment (Clause 5)
• Provide support and resources (Clause 7)

3.    Structure of ISO 27001 Standard

• Understand information security controls and the operational environment (Clause 8 and Annex A)
• Understand performance evaluation (Clause 9)
• Continual improvement using ISMS (Clause 10)
• Implementing Cyber Security Capability Framework (CSCF) using ISO 27001

4.    Understanding ISMS implementation and Auditing

• Initiating an ISMS project (capability assessment / gap analysis)
• High-level processes for implementing an ISMS
• To get certified or not (drivers for and benefits of ISO 27001 certification)
• Maintaining ISO 27001 certification (from initial achievement, on-going maintenance to retaining certification)
• Do’s and Don’ts of an ISMS implementation and maintenance
• Preparing for an ISMS audit (internal or external)

5.    ISO 27001 Foundation Exam

• Exam review and preparation
• Online exam in class

Course fees

Fees per person

• ISO 27001 Foundation Module (2 days)
• $1,850 + gst

Course fee includes:

• Course materials
• ISO 27001 Foundation Certificate exam voucher

Pre-Requisites

There are no pre-requisites to sit this course.

Foundation Exam

Live Virtual Training – Participants of the ISO Foundation course will sit the exam online during the course at the end of Day 2. The exams are invigilated live by the ALC trainer and supporting staff. The online exam is run via the exam portal Test Invite and accessed via a web browser.

• 50-minute duration
• 50 Multiple choice questions (MCQ)
• Closed book exam
• 50%+ score to pass (i.e. 25 or more correct answers required to pass from 50 available MCQ)