ISO/IEC 27000 is the international standard for Information Security . It defines the requirements for and provides details of the information security management system (ISMS) needed to provide information security to the organization of an acceptable quality, together with guidance on how to demonstrate conformity with the standard.
This 3 day course is aimed at those wishing to demonstrate a Foundation-level knowledge concerning ISO/IEC 27000 and its use in a IT organization and does not require any formal knowledge of Information security.
The training is delivered in a way that includes sufficient generic information security content to allow ISO/IEC 27000 to be understood in the context of how the standard operates in a typical IT organization.
- Introduction to and background of ISO/lEC 27000.
- The APMG certification scheme.
- ISO/IEC 27000 Standards family overview
- ISO/IEC 27001 and Annex A
- The terms, definitions and requirements contained in ISO/IEC 27000
- The fundamental requirements for an Information Security Management System and the need for continual improvement
- Eligibility, scoping requirements and the role of process owners and practitioners in the preparation for ISO/IEC 27000 certification
- Assessments, informal and RCB audits, and the associated terminology
- Exam practice and preparations.
The candidate should understand the scope, objectives, key terminology and high level requirements of the ISO/IEC 27001 standard, how it is used in an organization for information security, together with the main elements of the certification process.
Specifically, the candidate should understand:
- The scope and purpose of ISO/IEC 27001 and how it can be used
- The key terms and definitions used in the ISO/IEC 27000 series
- The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement
- The processes, their objectives and high level requirements
- Applicability and scope definition requirements
- Use of controls to mitigate IS risks
- The purpose of internal audits and external certification audits, their operation and the associated terminology
- The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.
Possession of the Foundation Certificate meets the pre-requisites for the Practitioner qualification.
This qualification is aimed at those who are:
- Supporting the implementation, operation or maintenance of an ISMS within an organization
- Required to audit an ISMS and to have a basic understanding of the standard
- Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001
- Preparing for the ISO/IEC 27001 Practitioner qualification.
There is no pre-requisite for the Foundation qualification but an interest and/or background in information security or service management would be an advantage.
Delegates who successfully complete the course and pass the exam will be recognized as Certified ISO/IEC 27000 Foundation under the APMG certification scheme.
For those delegates who do not meet the requirements stipulated in pre-requisites stated above or fail the exam would be awarded a course attendance certificate only.
- Multiple choice format
- 50 questions per paper
- 25 mark or more required to pass (out of 50 available) - 50%
- 40 minute duration
- Closed book.
The ISO/IEC 27000 Foundation qualification is a pre-requisite for the Practitioner.