ISO27001 Foundation Training

Understand the key ISMS fundamentals

Information and information technology play a crucial role in most organisations today. Ensuring confidence in an organisation’s information security is now essential to business success. However, many organisations focus only on the cyber security risks and miss the opportunities that good information security enables. This is where ISO27001 can help.

Invest in your information security capabilities

Training: 11 & 12 June 2024.
Examination: 13 June 2024.

ISO/IEC 27001 (ISO 27001) provides a robust and systematic approach to building and then governing information security to support business success. Being ISO 27001 certified is a trusted means to demonstrate that an organisation has an effective governance and management approach in place. However, implementation of ISO27001 can challenge any organisation.

Vital Advisory’s two day ISO 27001 Foundation training – delivered online – allows you to learn about key concepts of an Information Security Management System, and its conformance requirements, in a simple and pragmatic way. The course will also demystify some of the common misconceptions of being ISO27001 certified.

Although aimed at Foundational level, the course includes methods and insights which will reward experienced risk, assurance, and compliance professionals as well.

The course includes an optional Foundation Certificate exam.

+ Training: 11 & 12 June 2024.
+ Examination: 13 June 2024.

Key benefits and outcomes

+ Understanding how well governed information security adds value to business
+ Understanding the key concepts and structure of ISO27001
+ Understanding the ISO 27000 series of standards including:
.   ~ ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27701 (Privacy), and ISO/IEC 31000 (Risk Management)
.   ~ Understanding the key differences between ISO/IEC 27002: 2013 and ISO/IEC 27002: 2022
+ Learning the structure and cyclical approach of an Information Security Management System (ISMS)
+ Gaining a high-level understanding of how to plan, implement and maintain an ISMS
+ Preparing for the next level of implementation or audit training

Who should attend?

This course will be beneficial to business or IT executives and team members equally. No previous experience with information security or risk management is required.

If you have any responsibilities relating to ISO 27001, or if you are just exploring whether ISO 27001 implementation is for you or not, this training is for you.

For professionals with cybersecurity, risk management, assurance, compliance or project management responsibilities, this course will provide a strong foundation to pursue advanced training (either ISO 27001 Lead Implementer or ISO 27001 Lead Auditor).

Typical attendees includes:
+ ISMS process and risk champions
+ Business leaders and executives
+ Non-security IT team members
+ Cybersecurity, technology risk or assurance professionals
+ Enterprise risk, audit, or compliance professionals
+ Anyone intending to pursue a career in Information Security Management

Course Content

Course Schedule

+ Sessions are delivered online

  • + Fundamental cyber security concepts and principles
    + Information Security Management Frameworks, including ISO27001 and NIST Cybersecurity Framework
    + Finding the balance between managing negative and positive information security risk
    + How security supports business objectives

  • + Introduction to ISO 27001
    + How ISO 27001 addresses information security issues
    + The Plan-Do-Check-Act lifecycle of an ISMS implementation and maintenance
    + Understanding the organisation and its context (Clause 4)
    + Understanding information security risks, opportunities, and objectives (Clause 6)
    + Provide governance, including leadership and commitment (Clause 5)
    + Provide support and resources (Clause 7)
    + Understand information security controls and the operational environment (Clause 8 and Annex A)
    + Understand performance evaluation (Clause 9)
    + Continual improvement using ISMS (Clause 10)
    + Implementing Cyber Security Capability Framework (CSCF) using ISO 27001

  • + Initiating an ISMS project (capability assessment / gap analysis)
    + High-level processes for implementing an ISMS
    + To get certified or not (drivers for and benefits of ISO 27001 certification)
    + Maintaining ISO 27001 certification (from initial achievement, on-going maintenance to retaining certification)
    + Do’s and Don’ts of an ISMS implementation and maintenance
    + Preparing for an ISMS audit (internal or external)

  • + 50-minute duration
    + 50 Multiple choice questions (MCQ)
    + 60%+ score to pass (i.e., 30 or more correct answers required to pass from 50 available MCQ)
    + Paper-based closed book exam

For bookings or further information, call our Registration Desk on +61 410 379 407.

Training backed by experience

Our trainers have extensive experience in developing and auditing ISO 27001 Information Security Management Systems with organisations of all sizes. They will facilitate interactive sessions during this training where participants are encouraged to discuss and explore their security management challenges and build potential solutions.

Our Trainers:


If you’d like to discuss our ISO 27001 Foundation training, please contact Vaishali Shah on +61 410 379 407‬.