Course Overview

ISO/IEC 27001:2022 is the most widely adopted information security standard globally. The 2022 revision restructured Annex A into 93 controls across four themes – organizational, people, physical, and technological. This Foundation course gives participants a clear grasp of the ISMS framework, the new Annex A structure, and the way the standard protects information assets, customer trust, and competitive advantage.

Who Should Attend

• IT and information security staff
• GRC, compliance, and risk team members
• Business managers responsible for data protection
• Anyone new to ISMS or transitioning from ISO/IEC 27001:2013

What You Will Learn

• Explain the structure, scope, and intent of ISO/IEC 27001:2022
• Navigate Annex A controls across the four themes
• Recognize key ISMS roles, scope-setting, and the Statement of Applicability
• Apply risk-based thinking to information security
• Identify the key changes from ISO/IEC 27001:2013 to 2022

Course Content

• Information security fundamentals and ISMS overview
• ISO/IEC 27001:2022 clause-by-clause walkthrough
• Annex A restructure – 93 controls across four themes
• Risk assessment, risk treatment, and Statement of Applicability
• Key changes from ISO 27001:2013 to 27001:2022
• Documented information and operational controls at a foundational level

Methodology

Trainer-led delivery supported by group discussion, real-world examples drawn from technology, financial services, and regulated sectors.

Assessment

Participation is monitored throughout the day. No formal examination is conducted at the foundation level.

Certificate

Prerequisites