Sorry, you need to enable JavaScript to visit this website.
ISO/IEC 27001 logo

ISO/IEC 27001 Certification

Demonstrate best practice in information security management with ISO/IEC 27001 certification

Find a training provider
Professional with long dark hair in blue top working at computer desk wearing glasses

About ISO/IEC 27001 Certification

Overview

As cyber threats grow and data protection laws become stricter, many organizations face a serious challenge: how to manage sensitive and confidential information in a safe and reliable way.  

Without a clear system in place, they risk data breaches, legal issues, and loss of trust from customers and partners.  

The ISO/IEC 27001 Certification provides the solution.

This international standard offers a proven framework for setting up and improving an Information Security Management System (ISMS).  

Become certified and learn how ISO/IEC 27001 helps organizations manage risk, protect information, and meet legal and regulatory requirements. 

ISO/IEC 27001 Training and Certification

  • ISO/IEC 27001 is an international standard for Information Security Management (ISM) and provides a model to establish, implement, maintain and continually improve a risk-managed ISM System.
  • Organizations certified under ISO/IEC 27001 demonstrate ongoing commitment to controlling sensitive and confidential information.
  • Individuals who earn their ISO/IEC certification demonstrate proficiency in key areas including risk management, compliance, cyber security, and information management and analysis.
  • You can study in a way that suits you: self-paced e-learning, online (virtual) classroom, or in-person training. Alternatively, you can book an exam directly and self-study
  • The typical duration of each course is:
    • 3 days for the ISO/IEC 27001 Foundation
    • 2 days for the ISO/IEC 27001 Practitioner
    • 2 days for the ISO/IEC 27001 Auditor
  • Pricing options are available through our Accredited Training Organization (ATO) network, or for an exam-only option, via our Public Exam Portal.
Two professionals collaborating at a computer, reviewing data and working together in an office.

Who is ISO/IEC 27001 Certification for?

  • Internal managers and personnel working to implement, maintain and operate an ISMS within an organization.
  • External consultants supporting an organization’s implementation, maintenance and operation of an ISMS.
  • Internal auditors who are required to have an applied knowledge of the standard.
  • IT professionals including security, analysts, and auditors.
  • Anyone interested in effective information security management systems (ISMS).

Benefits of ISO/IEC 27001 Certification

For Individuals

  • Learn the specific requirements of auditing an ISMS for conformity with the ISO/IEC 27001 standard, both from an internal and external resource point of view. 
  • Gain a better understanding of ISO/IEC and how to apply the standard in my own organization. 
  • Open doors to career advancement opportunities by gaining the expertise needed to safely implement and improve an ISMS. 
  • Develop a thorough understanding of potential ISMS risks and their consequences. 
  • Understand and articulate best-practises of an effective ISMS.

For Organizations

  • Helps organizations understand the specific requirements for auditing an ISMS.
  • Prepares organizations for conformity with ISO/IEC 27001 or maintaining their ISO/IEC 27001 certification.
  • Improves the storage, processing and transfer of business and customer information, protecting confidential and sensitive information.
  • Establishes a competitive differentiator for tendering and procurement.
  • Ensures information security practices are ready for the scrutiny of internal and external audits.

Documentation

Document thumbnail
pdf - 211.86 KB - 17 June 2025
Document thumbnail
pdf - 756.65 KB - 17 June 2025
Document thumbnail
pdf - 296.84 KB - 17 June 2025

Success in 1 2 3

Over 2.6 million people in 192 countries have an APMG certification. Our certifications are used by 80% of the FTSE 100 and a third of the Fortune 500 and S&P 500, and are proven to deliver better outcomes.

Select your certification

APMG certifications can advance your career, build your confidence and help you transition into a new field. Browse our careers section for inspiration or visit our certification pages for details of what you’ll learn and how you will benefit from certification.

Browse our certifications

Choose your learning style

APMG is not a training provider. Please contact accredited training organization's listed on our website for prices and dates. Alternatively, you can self-study for an exam directly through APMG.

Browse training providers Book an exam

Pass the exam & receive a certificate

When you are ready to take your exam, book an online timeslot yourself with APMG, or your training organization may organize this for you. If you pass your exam APMG will issue you with a digital badge for you to share!

How to take an examClaim my badge

ISO/IEC 27001 Certification levels

ISO/IEC 27001 Foundation badge

ISO/IEC 27001 Foundation

Gain foundation level knowledge of how the standard operates in a typical organization.

Read more Training providers Book an exam
ISO/IEC 27001 Practitioner - Information Security Officer badge

ISO/IEC 27001 Practitioner

Learn to apply the standard to enable the management of information security.

Read more Training providers Book an exam
ISO/IEC 27001 Auditor badge

ISO/IEC 27001 Auditor

Certify your expertise in performing audits against the ISO 27001 standard.

Read more Training providers Book an exam

Ready to start your learning journey?

Choose a Training Organization

APMG accredits Training Organizations (ATOs) to make sure they are delivering our products and certifications to high standards.

Buy a training course and exam through one of our Training Organizations below.

Self-study

Buy your book and exam from APMG

Book an exam
Close filters

Training options

Advanced options

Search for an organization

Training organizations for ISO/IEC 27001 Certification

Displaying 1 - 6 results of 102
Open filters
Choose for me
Socos GmbH
  • Based in Cologne, Germany
  • Provides training for Individuals, Teams, Organizations
Read more Contact
Analytix Academy Pty Ltd
  • Based in Johannesburg, South Africa
  • Provides training for Individuals, Teams, Organizations
Read more Contact
ANMARIS Gesellschaft für Seminare und Beratung GmbH
  • Based in Oberhaching, Germany
  • Provides training for Individuals, Teams, Organizations
Read more Contact
INTERPROM USA
  • Based in Phoenix, United States
  • Provides training for Individuals, Teams, Organizations
Read more Contact
Suerte Academy
  • Based in Oud Ade, Netherlands
  • Provides training for Individuals, Teams, Organizations
Read more Contact
Torque IT
  • Based in Rivona, South Africa
  • Provides training for Individuals, Teams, Organizations
Read more Contact
  • Training options
  • My details
  • Review and submit

Find me a training organization

for ISO/IEC 27001 Certification

Training options

Videos

Videos

What to expect when implementing ISO/IEC 27001

SFIA

The SFIA Framework is the global common reference for skills and competency for the digital world.

This APMG certification has been informally mapped against the SFIA Framework to indicate the skills that are addressed and referenced by the certification. Although it is not yet possible to claim this digital badge, the indicative skills can be used to plan your professional development through assessing the skills you have and the skills you need for the role you want.

SFIA badge knowledge
ISO/IEC 27001 Foundation

ISO/IEC 27001 Foundation

SFIA elements this certification confirms (endorsement)

Generic attribute Knowledge up to level 3, Audit level 3, Information Security level 3, Threat Intelligence level 2

SFIA elements this would be useful for (development)

Same as above plus Information Security level 4, Vulnerability Assessment up to level 3

SFIA badge knowledge
ISO/IEC 27001 Practitioner

ISO/IEC 27001 Practitioner

SFIA elements this certification confirms (endorsement)

Generic attribute Knowledge up to level 4, Generic attribute Business Skills up to level 4, Audit up to level 4, Information Security up to level 4

SFIA elements this would be useful for (development)

Same as above plus Information Security level 5, Audit level 5

SFIA badge knowledge
ISO/IEC 27001 Auditor

ISO/IEC 27001 Auditor

SFIA elements this certification confirms (endorsement)

Generic attribute Knowledge up to level 4, Generic attribute Business Skills up to level 4, Audit up to level 5

SFIA elements this would be useful for (development)

Same as above

SFIA badge knowledge
ISO/IEC 27001 Foundation

ISO/IEC 27001 Foundation

SFIA elements this certification confirms (endorsement)

Generic attribute Knowledge up to level 3, Audit level 3, Information Security level 3, Threat Intelligence level 2

SFIA elements this would be useful for (development)

Same as above plus Information Security level 4, Vulnerability Assessment up to level 3

SFIA badge knowledge
ISO/IEC 27001 Practitioner

ISO/IEC 27001 Practitioner

SFIA elements this certification confirms (endorsement)

Generic attribute Knowledge up to level 4, Generic attribute Business Skills up to level 4, Audit up to level 4, Information Security up to level 4

SFIA elements this would be useful for (development)

Same as above plus Information Security level 5, Audit level 5

SFIA badge knowledge
ISO/IEC 27001 Auditor

ISO/IEC 27001 Auditor

SFIA elements this certification confirms (endorsement)

Generic attribute Knowledge up to level 4, Generic attribute Business Skills up to level 4, Audit up to level 5

SFIA elements this would be useful for (development)

Same as above

FAQs

ISO/IEC 27001 is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS). It forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

Foundation

The primary references for the Foundation qualification are the International Standards:

  • ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems – Requirements
  • ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems – Overview and vocabulary.

Other references are made to:

  • Supplementary reference paper for ISO/IEC 27001 Qualification.

The Foundation level requires knowledge of the requirements in ISO/IEC 27001:2022 and the terms, definition and concepts in ISO/IEC 27000:2018 as well as information in the supplementary reference paper as stated in the syllabus topic. It is essential that all delegates have access to a personal copy of ISO/IEC 27001:2022  and the Supplementary Reference Paper during any training course. Delegates should have access to a personal copy of ISO/IEC 27000:2018 or to the information referenced from it in this syllabus. Please note that the examination is closed book. The references provided should be considered to be indicative rather than comprehensive, i.e. there may be other valid references within the guidance.

For the primary reference, the relevant part of the standard is used as the major part of the reference and this is followed by the section number used e.g. ISO/IEC 27001, 4.2 relates to ISO/IEC 27001:2022 Clause 4.2.

The syllabus requires awareness of but does not require a detailed knowledge of other referenced standards:

  • ISO 9001:2015, Quality management systems — Requirements
  • ISO/IEC 20000-1:2018, Information technology – Service management - Part 1: Service management system requirements
  • ISO/IEC 27002:2022, Information technology -- Security techniques -- Code of practice for information security management
  • ISO/IEC 27003:2017, Information technology -- Security techniques -- Information security management systems guidance
  • ISO/IEC 27004:2016 Information technology -- Security techniques -- Information security management – Monitoring, Measurement, Analysis and Evaluation
  • ISO/IEC 27005:2022, Information technology -- Security techniques -- Information security risk management
  • ISO/IEC 27006:2015, Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems
  • ISO/IEC 27013:2015, Information technology -- Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1.

Practitioner Information Security Officer

The primary references for the Practitioner – Information Security Officer course are the International Standards:

  • ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems – Requirements
  • ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems - Overview and vocabulary
  • ISO/IEC 27002:2022, Information technology -- Security techniques -- Code of practice for information security controls
  • ISO/IEC 27005:2022, Information technology -- Security techniques -- Information security risk management

Reference is made to ISO/IEC 27003:2017, Information technology -- Security techniques Information security management system implementation guidance. Candidates do not need their own copy of this standard as the relevant information is available in the Supplementary reference paper for ISO/IEC 27001 Qualification, Sections 5 and 6.

Candidates are allowed to have a printed or digital copy of the standards listed above during the exam. 

Syllabus topics at levels 3 and 4 provide the primary references but may also include any other topic from the syllabus area. It is essential that all delegates have access to a personal copy of ISO/IEC 27001:2022 and the Supplementary Reference Paper during any training course. Delegates should have access to a personal copy of ISO/IEC 27002:2013 and ISO/IEC 27005:2022. Please note that the examination is open book.

Auditor

The primary references for the ISO/IEC 27001 Auditor course are the International Standards:

  • ISO/IEC 27001:2022 Information technology -- Security techniques -- Information security management systems – Requirements
  • ISO/IEC 27000:2018 Information technology -- Security techniques -- Information security management systems - Overview and vocabulary
  • ISO/IEC 27002:2022, Information technology -- Security techniques -- Code of practice for information security management
  • ISO 19011:2018 Guidelines for auditing management systems
  • APMG ISO/IEC 27001 Supplementary Paper

Other references are made to the Supplementary reference paper for ISO/IEC 27001 Qualification.

It is mandatory that all delegates have access to a personal copy of these documents during their training and at the Examination.

Please note that Auditor examinations are open book. No content related individual notes in the used standards are permitted.

Syllabus topics at levels 3 and 4 provide the primary references but may also include any other topic from the syllabus area.

The references provided should be considered to be indicative rather than comprehensive, i.e. there may be other valid references within the guidance.

For the primary reference, the relevant part of the standard is used as the major part of the reference and this is followed by the section number used e.g. ISO/IEC 27001, 4.2 relates to ISO/IEC 27001:2013 Clause 4.2.

For individuals self-studying it is almost impossible to say. As all candidates have different experience and amount of time available for study, it varies from person to person. We suggest you buy the manual and have a look through for yourself before deciding how long you need to spend learning.

For those studying with an accredited training organization, Foundation courses are generally delivered over 3 days, while combined Foundation and Practitioner courses are generally delivered over 5 days. It is well worth investigating with individual providers, as some will offer tailored, online or blended learning solutions.

Summaries of the structure of the ISO/IEC 27001 Foundation, Practitioner Information Security Officer and Auditor examinations are below:

Foundation

  • Multiple choice format
  • 50 questions per paper
  • 25 marks or more required to pass (out of 50 available) – 50%
  • 40 minute duration
  • Closed book.

Practitioner Information Security Officer

  • Objective Testing
  • 4 questions per paper with 20 marks available per question
  • 40 marks or more required to pass (out of 80 available) – 50%
  • 2 ½ hour duration
  • Open book.
  • The exam is to be taken with the support of only the following British Standards,
    ISO/IEC 27000:2018
    ISO/IEC 27001:2022
    ISO/IEC 27002:2022
    ISO/IEC 27003:2017
    ISO/IEC 27005:2022

Auditor

  • Multiple choice exam, using mini scenario-based questions
  • 40 question paper
    • APMG ISO/IEC 27001 Supplementary Paper
  • The pass mark for candidates is 50% (20/40)
  • 120 minute duration
  • Restricted open book.
  • The following documents are allowed during the exam:

            ISO/IEC 27001:2013  

            ISO/IEC 27002:2013      

            ISO 19011:2018

  • Provisional results: After completing the Foundation examination, candidates may receive provisional results either orally from the invigilator or on-screen at the end of an online exam.
  • Official results: Once processed, official results, including a PDF breakdown of marks by syllabus area, are available in the APMG Candidate Portal. Results are issued as the total number of marks achieved.
  • Processing time: Exam papers are usually marked immediately after the exam. APMG formally processes and confirms results via the Candidate Portal within 2 working days of receiving completed papers.
  • Outstanding payments: In exceptional cases, results may be withheld until full payment has been received.

Once you’ve been notified that you’ve passed your exam, you will have the option to create a digital badge in APMG's Candidate Portal.

Visit APMG's Candidate Portal, view your exam results and select 'Create Badge'.

This takes you to the Credly website where the digital badges are hosted. You will be guided through the Credly account creation process.

Once you have created an account with Credly, log into the account and accept your pending badge.

Candidates will be able to claim their digital badge and electronic certificate from the APMG Candidate Portal within two business days of their exam result being issued.

If you are sitting the examination through an Accredited Training Organization, the cost of the exam is generally included in the course fee. Please ensure you confirm with your training provider that the exam is included in these costs. 

If you have selected a self-study option, please note that APMG-International uses a global pricing model for all exams. The examination fees for candidates attending a public exam centre are determined by the location where the exams are administered.

To find out the costs in your region, please refer to our examination portal or contact the APMG-International Service Desk (servicedesk@apmg-international.com).

Most, if not all, of our certifications come with at least one Sample Exam to help participants prepare for their exam. Access to the Sample Exams can be located on our website.

Some certifications do not require training in order to take the exam however, for most certifications, training is advised. 

For some certifications individuals also have the option to self-study in preparation for the exam and, when they are ready, can even take the exam from the comfort of their home or office.

You can find details of our self-study exams, available to purchase, via our public exams portal.

Get in touch

If you have a query about this certification or want to know more about training send us a message via this contact form. We would love to hear from you!

Get in touch

Have you found what you need on this page?