ISO/IEC 27001:2022 -
INFORMATION SECURITY
MANAGEMENT SYSTEM

Overview

ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
Information being a valuable asset and a building block is the key to the growth of any organization. Information needs to be suitably protected like any other important business asset.
In the modern world this asset becomes crucial for success and maintaining credibility of the organization. If this asset is compromised then the organization may have to face various threats and risks like brand image erosion, business disruption, financial and productivity loss etc. On the other side, information security also maximize return on investments, minimize business risks and increase business opportunities.

Benefits of ISO 27001 Certification

 Obtained the necessary expertise to support an organization to implement an Information Security Management System that complies with ISO/IEC 27001.

 Provide continual prevention and assessments of threats within your organization.

 Higher chances of being distinguished or hired in an Information Security career.

 Understood the risk management process, controls, and compliance obligations

 Acquired the necessary expertise to manage a team to implement an ISMS

 The ability to support organizations in the continual improvement process of their Information Security Management System.

ISO 27001 Foundation (FD):

ISO 27001 Foundation: ISO/IEC 27001 Foundation training allows you to learn the basic elements to implement and manage an Information Security Management System as specified in ISO/IEC 27001. During this training course, you will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.

After completing this course, participants can sit for the exam. Once participants meet the pass mark, he/she will be given a “SandBP Certified ISO 27001 Foundation” credential. A SandBP Foundation Certificate shows that the participants have understood the fundamental methodologies, requirements, framework and management approach.

ISO 27001 Champion (CH):

Overview

This course is designed to provide ISO champions with the knowledge and skills required to support the effective implementation and maintenance of ISO 27001:2022 within their department and organization. Participants will learn about information security management systems (ISMS), key ISO 27001 concepts, and their role in ensuring compliance.
After completing this course, participants can sit for the exam. Once participants meet the pass mark, he/she will be given an “SandBP Certified ISO/IEC 27001:2022 (ISMS) Champion” credential. An SandBP Champion Certificate shows that the participants have understood the fundamental methodologies, practical knowledge and professional capabilities to assist in the implementation of ISO 27001 in an organization.

Learning Objectives

  • Develop an in-depth comprehension of ISO 27001:2022, including its structure, components, and the significance of adherence to international standards.
  • Acquire the skills to develop a robust ISO 27001 project plan tailored to the organization's needs, ensuring a smooth and efficient implementation process.
  • Master the fundamentals of information security, risk identification, assessment, and treatment. Understand how to navigate legal and regulatory requirements with confidence and ensure ongoing compliance.
  • Gain practical experience in implementing the ISMS framework, from formulating an information security policy to conducting risk assessments, implementing security controls, and fostering organizational awareness.
  • Learn effective strategies for handling incidents and non-conformities within the ISO 27001 framework. Engage in management reviews and continual improvement processes to enhance the organization's information security posture over time
ISO 27001 champion

ISO 27001 Lead Implementer (LI):

ISO/IEC 27001 Lead Implementer training course enables participants to acquire the knowledge necessary to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an information security management system (ISMS).

This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.

After mastering all the necessary concepts of Information Security Management Systems, participants can sit for the exam. Once participants meet the pass mark, he/she will be given “SandBP Certified ISO 27001 Lead Implementer” credential. By holding a SandBP Lead Implementer Certificate, the participant can be able to demonstrate that he/she has the practical knowledge and professional capabilities to implement ISO 27001 in an organization.

ISO 27001 Lead Auditor (LA):

ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.

During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

After acquiring the necessary expertise to perform this audit, participants can sit for the exam. Once participants meet the pass mark, he/she will be given a “SandBP Certified ISO 27001 Lead Audit” credential. By holding a SandBP Lead Auditor Certificate, the participant can be able to demonstrate that he/she has the practical knowledge and professional capabilities to audit ISO 27001 in an organization.

Terms of Certification

 Candidates who score 70% and above in the examination will be issued an SANDBP certificate.

 In case you do not meet the pass mark, you can retake the exam for FREE after the first attempt while subsequent retakes would come at a cost.

Criteria for Suspending and Withdrawing the Scope of Certification

SANDBP reserves the right to suspend or revoke certifications for reasons including fraud, deceit, or submission of inaccurate data.

Process:

 Certificate holders will be notified by certified mail if evidence of charges is found.

 They may present their defense in writing to the certification board.

 The board will review the case and decide to uphold or deny the suspension/revocation.

Causes for Suspension/Withdrawal:

 Improper use of certificates/logos

 Malpractices

 Providing false information

 Ineligibility for applied examinations

 Voluntary suspension requests

Recertification Process

Recertification ensures that certified individuals maintain their knowledge and skills in line with the latest standards and practices. It is a critical process that reaffirms the competency of certified professionals, allowing them to stay current with evolving industry standards.

Criteria for Recertification:

 Transition Exam:

  • Individuals must take and pass a transition exam when there is a change in the current version of the certification standard.
  • The transition exam focuses on the updates and changes in the new version of the standard,     ensuring that certified individuals are knowledgeable about the latest requirements and practices.

 Adherence to Code of Ethics:

Certified individuals must adhere to a code of ethics, demonstrating professionalism and integrity in their practice. Any violations of the code of ethics may result in the suspension or revocation of certification

 Payment of Recertification Fees:

Payment of the required recertification fees is necessary to process and validate the renewal of certification.

Introduction

To maintain the integrity and fairness of our examinations, specific guidelines have been established for proctoring. These rules apply to all candidates and must be adhered to strictly. Failure to comply may result in disqualification or other disciplinary actions.

General Requirements

Technology Setup

  •  Device: Use a desktop or laptop with a working webcam and microphone. Mobile phones or tablets are not permitted unless explicitly allowed.
  •  Internet: Ensure a stable internet connection with sufficient bandwidth to stream video and audio continuously.
  •  Browser: Use the designated browser as specified by the exam platform.
  •  Power Backup: Ensure your device is fully charged and/or connected to a reliable power source.

Environmental Setup

  •  Location: Choose a quiet, well-lit room with minimal distractions.
  •  Background: Ensure the background is plain and free of any clutter or distractions.
  •  Privacy: No other person is allowed in the room during the examination.

Pre-Exam Procedures

Present a valid government-issued photo ID or institution-approved identification document. Ensure that no unauthorized materials (e.g., books, notes, or electronic devices) are present.

During the Exam
Behavior Guideline
  •  Focus on the Screen: Avoid looking away from the screen for extended periods.
  •  No Assistance: You are prohibited from receiving help from anyone or any external resource.
Prohibited Items
  •  Electronic devices such as mobile phones, tablets, smartwatches, and earphones.
  •  Books, notes, or any other study material unless explicitly permitted.
Proctor Interaction
  •  Follow all instructions given by the proctor.
  •  If contacted for clarification or rule enforcement, respond promptly and cooperatively.
  •  Inform the proctor immediately in case of technical issues.

Post-Exam Procedures

Submission
  •  Ensure your exam responses are submitted within the designated time.
  •  Do not close the exam window or disconnect until you receive confirmation that your submission is successful.
Feedback
  •  Report any technical issues or concerns to the designated support team immediately aƜer the exam.

Violations and Consequences

Examples of Violations

  •  Using unauthorized materials or devices.
  •  Attempting to impersonate another candidate.
  •  Engaging in suspicious behavior (e.g., frequent movement, talking).
  •  Disconnecting intentionally without justification.

Consequences

  •  Warnings for minor infractions.
  •  Disqualification of the exam attempt for major violations.

Support and Troubleshooting

Contact the technical support team in case of any issues with logging in, connectivity, or proctoring tools. (support@sandbp.net)

FREE

  • Level : Foundation
  • Duration: 1 Day
  • Exam Duration : 1 hour
  • Retake Exam: Yes
  • Passing Score: 70%
Enroll Course

$60

  • Level : Champion
  • Duration: 2 Days
  • Exam Duration : 1hr 30min
  • Retake Exam: Yes
  • Passing Score: 70%
Enroll Course

$115

  • Level : Lead Implementer
  • Duration: 4-6 Days
  • Exam Duration : 2 hours
  • Retake Exam: Yes
  • Passing Score: 70%
    Exam Is Proctored
Enroll Course

$115

  • Level : Lead Auditor
  • Duration: 4-6 Days
  • Exam Duration : 2 hours
  • Retake Exam: Yes
  • Passing Score: 70%
    Exam Is Proctored
Enroll Course