ISO/IEC 27001:2022 Foundation Course (Self-Paced Online)

This self paced online course is your introduction to ISO/IEC 27001:2022, the international standard for information security management systems. In about a day you will learn what the standard requires, how it is structured, and how it helps an organisation protect the confidentiality, integrity and availability of its information. This is a foundation level course: it builds understanding of the standard itself, not auditing. As a bonus, it also explains how ISO certification works, so you understand how organisations achieve and maintain certification.

Key concepts covered

• Information security management and the ISO/IEC 27001:2022 framework
• The confidentiality, integrity and availability of information
• The high level structure shared across ISO management system standards
• Risk based thinking, risk assessment and risk treatment
• The Statement of Applicability
• Annex A and the information security controls across the four themes
• Continual improvement

An understanding of ISO/IEC 27001:2022 is valuable across every part of an organisation. This foundation course enables you to:

• Understand ISO/IEC 27001:2022 and speak the language of information security with confidence
• Contribute to your organisation's information security management system and its certification readiness
• Build a solid foundation before progressing to Internal Auditor training
• Earn a globally recognised foundation credential

Why learning online works for you

• Learn anytime, anywhere. Study on demand, on site or off site, whenever it suits you
• Self paced. Move at your own speed and spend more time on the areas you want to master
• Cost effective. No travel, accommodation, or time away from the office to fund
• Lifetime access. Return to the materials whenever you need them
• Built to stick. Interactive, multi format lessons keep you engaged and improve retention

By the end of this course you will be able to:

• Explain the purpose and benefits of an information security management system
• Describe the structure of ISO/IEC 27001:2022 and how its clauses fit together
• Explain the key concepts: confidentiality, integrity and availability, and the risk based approach
• Describe how risk assessment, risk treatment and the Statement of Applicability work
• Describe Annex A and the four themes of information security controls
• Explain what ISO certification is and how organisations achieve and maintain it

As a bonus, this course explains how ISO certification works. You will learn what it means for an organisation to be certified, the role of accredited certification bodies and accreditation, and how organisations achieve and maintain certification.

This course is designed for anyone who wants a working understanding of the standard, including:

• Anyone new to ISO 27001 or information security
• People who work within or contribute to an information security management system
• Managers, staff, and consultants who need a working understanding of the standard
• Anyone preparing to progress to Internal Auditor training
• Those supporting their organisation towards ISO 27001 certification

There are no prerequisites for this course. It is suitable for complete beginners.

You will need a computer, laptop, or tablet with a reliable internet connection. The course works in any modern web browser, such as Google Chrome, Microsoft Edge, Mozilla Firefox, or Apple Safari. For the best experience, keep your browser updated to the latest version.