ISO 27001 is the gold standard for information security management. From ISMS fundamentals to internal audit readiness — we prepare your team for certification and continuous improvement.
ISO 27001 structure, scope definition, context of the organization, leadership commitment, interested parties, and the Plan-Do-Check-Act cycle for information security.
Asset identification, threat modeling, vulnerability analysis, risk evaluation, risk treatment options, Statement of Applicability (SoA), and risk treatment plans.
The 93 controls organized in 4 themes: organizational (37), people (8), physical (14), and technological (34). New controls in the 2022 edition and control selection rationale.
Mandatory documented information: ISMS scope, policy, risk assessment process, SoA, risk treatment plan, objectives, competence evidence, operational planning, and performance evaluation.
Audit planning, conducting audits, evidence collection, findings classification, non-conformity reporting, corrective actions, and audit program management.
Input requirements, review agenda, performance metrics, risk status updates, improvement opportunities, output decisions, and linking management review to continual improvement.
Non-conformity management, corrective action process, preventive measures, KPIs for information security, maturity models, and transitioning from compliance to culture.
For IT and security teams, internal auditors, and management involved in information security governance and ISO 27001 certification.
IT managers, security engineers, and system administrators responsible for implementing and maintaining information security controls.
Staff designated as ISO 27001 internal auditors who need to plan, conduct, and report on ISMS audits.
Compliance officers, risk managers, and senior management involved in ISMS governance and certification decisions.
ISO 27001 training addresses the primary international standard for information security and its alignment with EU regulatory requirements.
Free 30-minute consultation — assess your ISMS maturity, plan training levels, get a proposal
Awareness training gives all employees a basic understanding of information security and their responsibilities. Certification training (internal auditor, lead auditor, lead implementer) provides in-depth knowledge for specific ISMS roles. We offer both levels.
The 2022 edition reorganized controls from 14 domains to 4 themes (organizational, people, physical, technological), reduced from 114 to 93 controls through merging, and added 11 new controls including threat intelligence, cloud security, data masking, and secure coding.
Awareness training: 1 day. Internal auditor training: 2-3 days. Lead implementer: 5 days. Lead auditor: 5 days. We tailor the duration based on your team's existing knowledge and the depth required for their roles.
Internal auditors conduct planned audits of the ISMS to verify conformity with ISO 27001 requirements and organizational policies. They identify non-conformities, evaluate control effectiveness, and recommend improvements. Internal audits are mandatory for certification.
NIS2 Art. 21 cites international standards like ISO 27001 as appropriate measures for cybersecurity risk management. An ISO 27001-certified ISMS addresses most NIS2 requirements for risk management, incident handling, and supply chain security, though additional NIS2-specific measures may be needed.
Certification costs depend on organization size, scope, and complexity. Typical costs include implementation (consulting, training, tools), certification audit fees, and annual surveillance audits. Our training helps organizations implement efficiently, reducing overall certification costs.
ISO 27001 certification demonstrates your commitment to information security to clients, regulators, and partners. Our training covers every level — from employee awareness to lead auditor certification.