ISO/IEC 27001

ISO/IEC 27001 is a standard belonging to the ISO 27000 family of standards propounded by the International Organization for Standardization (ISO) – Geneva. The ISO/IEC 27001 specifically deals with Information Security Management Systems (ISMS) and lays down requirements for establishing, implementing, maintaining, and continuous improvement of an ISMS and treatment of information security risks in an organization. Due to its generic nature, it can be applied to any kind of organization that depends on information technology for the storage of its data, irrespective of its size and form.

Information Security professionals today are indispensable to any organization. The importance of their role is gaining ground and will reach newer heights in the decades to come as more and more organizations adopt IT for their business affairs.

The ISO/IEC 27001 courses are the cornerstones of the range of ISMS courses provided at ZOC. We provide training for two levels of ISO/IEC 27001 certifications: Implementer and Auditor.


ISO/IEC 27001:2013 Lead Implementer

The ISO/IEC 27001:2013 Lead Implementer course is designed to equip a candidate with the expertise in establishing, implementing, managing, and maintaining an information security management system in an organization.

Who should attend?

This course and certification are ideal for Managers, Consultants, and Advisers concerned with the implementation and maintenance of ISMS in their organizations and all others who wish to master the ISMS implementation.

Course duration:

40 hours spread over 4 days of classroom-based lectures by certified instructors with an e-learning facility, including practical training.

Prerequisites for the course

Candidates should ideally possess a minimum of 2 years’ work experience in Information Security Management doing project and implementation activities.

However, this is not mandatory. Freshers interested in learning ISMS implementation may also join the course.

Course path

The course includes an in-depth study of the following domains:

  1. Fundamental principles and concepts of ISMS,
  2. ISMS controls and best practices based on ISO/IEC 27002,
  3. Planning an ISMS implementation based on ISO/IEC 27001,
  4. Implementation of an ISMS based on ISO/IEC 27001,
  5. Performance evaluation, monitoring, and measurement of an ISMS based on ISO/IEC 27001,
  6. Continuous improvement of an ISMS based on ISO/IEC 27001, and
  7. Preparation for an ISMS certification audit.

Exam details

Exam type: open book

Duration: 3 hours

Format: 12 essay type questions

Passing score: 70%


ISO/IEC 27001:2013 Information Security Management System Auditor

The Information Security Management System Auditor course is designed to equip a candidate with the expertise to perform audit of an information security management system in an organization with the application of recognized audit principles, procedures and techniques in consonance with ISO/IEC 27001:2013.

Certification & Exam

This course will prepare candidates to acquire the globally renowned Information Security Management System Auditor certification from Exemplar Global (formerly RABQSA). Assistance in applying for the certification shall also be provided to the candidates.

Who should attend?

This course and certification are ideal for Auditors, Managers, Consultants, Advisers, CSOs, CISOs, CIOs, and technical personnel concerned with the compliance aspect of ISMS and responsible to perform ISMS audit in their organizations.

Course duration

40 hours spread over 4 days of classroom-based lectures by certified instructors with an e-learning facility, including practical training.

Prerequisites for the course and certification eligibility

  • Candidates should ideally possess 5 years of work experience out of which a minimum of 2 years’ work experience should solely be in Information Security Management doing audit activities.
  • Having an ISO/IEC 27001:2013 Lead Implementer certification is highly recommended.

Course path

The course includes an in-depth study of the following exam Domains:

  1. ISMS and its fundamental principles and concepts,
  2. Fundamental audit concepts and principles,
  3. Preparing an ISO/IEC 27001 audit,
  4. Conducting an ISO/IEC 27001 audit,
  5. Closing an ISO/IEC 27001 audit, and
  6. Managing an ISO/IEC 27001 audit program.