ISO/IEC 27001:2022 - INFORMATION SECURITY MANAGEMENT SYSTEM
- Home
- Certifications
- ISO 27001:2022 - Information Security Management Systems
Description
ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually
improving an information security management system within the context of the organization. It also includes requirements for
the assessment and treatment of information security risks tailored to the needs of the organization.
Information being a valuable asset and a building block is the key to the growth of any organization. Information needs to be
suitably protected like any other important business asset.
In the modern world this asset becomes crucial for success and maintaining credibility of the organization. If this asset is
compromised then the organization may have to face various threats and risks like brand image erosion, business disruption,
financial and productivity loss etc. On the other side, information security also maximize return on investments, minimize
business risks and increase business opportunities.
Benefits of ISO 27001 Certification
- Obtained the necessary expertise to support an organization to implement an Information Security Management System that complies with ISO/IEC 27001.
- Provide continual prevention and assessments of threats within your organization.
- Higher chances of being distinguished or hired in an Information Security career.
- Understood the risk management process, controls, and compliance obligations
- Acquired the necessary expertise to manage a team to implement an ISMS
- The ability to support organizations in the continual improvement process of their Information Security Management System.
-
ISO 27001 Foundation (FD):
ISO 27001 Foundation: ISO/IEC 27001 Foundation training allows you to learn the basic elements to implement and manage an Information Security Management System as specified in ISO/IEC 27001. During this training course, you will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.
After completing this course, participants can sit for the exam. Once participants meet the pass mark, he/she will be given a “SandBP Certified ISO 27001 Foundation” credential. A SandBP Foundation Certificate shows that the participants have understood the fundamental methodologies, requirements, framework and management approach.
-
ISO 27001 Lead Implementer (LI):
ISO/IEC 27001 Lead Implementer training course enables participants to acquire the knowledge necessary to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an information security management system (ISMS).
This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After mastering all the necessary concepts of Information Security Management Systems, participants can sit for the exam. Once participants meet the pass mark, he/she will be given “SandBP Certified ISO 27001 Lead Implementer” credential. By holding a SandBP Lead Implementer Certificate, the participant can be able to demonstrate that he/she has the practical knowledge and professional capabilities to implement ISO 27001 in an organization.
- Introduction to ISO 27001:2022
- Requirements of ISO 27001:2022
- ISO 27001:2022 Implementation Methodology
- Implementing ISO 27001 Control
- Certification Process and External Audits
- Maintaining and Sustaining ISO 27001:2022 Compliance
- Certification Exam
- PREREQUISITE: A fundamental understanding of ISO 27001 and comprehensive knowledge of implementation principles.
-
ISO 27001 Lead Auditor (LA):
ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.
During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.
After acquiring the necessary expertise to perform this audit, participants can sit for the exam. Once participants meet the pass mark, he/she will be given a “SandBP Certified ISO 27001 Lead Audit” credential. By holding a SandBP Lead Auditor Certificate, the participant can be able to demonstrate that he/she has the practical knowledge and professional capabilities to audit ISO 27001 in an organization.
- Introduction to ISO 27001:2022
- ISMS Requirements
- Audit Principles and Practices
- Audit Preparation and Planning
- Conducting the Audit
- Audit Reporting and Follow-Up
- Continual Improvement and Best Practices
- Certification Exam
- PREREQUISITE: A fundamental understanding of ISO 27001 and comprehensive knowledge of audit principles.
Certification
- Candidates who score 70% and above in the examination will be issued an SANDBP certificate.
- In case you do not meet the pass mark, you can retake the exam for FREE after the first attempt while subsequent retakes would come at a cost.
Criteria for Suspending and Withdrawing the Scope of Certification
SANDBP reserves the right to suspend or revoke certifications for reasons including fraud, deceit, or submission of inaccurate data.
Process:
- Certificate holders will be notified by certified mail if evidence of charges is found.
- They may present their defense in writing to the certification board.
- The board will review the case and decide to uphold or deny the suspension/revocation.
Causes for Suspension/Withdrawal:
- Improper use of certificates/logos
- Malpractices
- Providing false information
- Ineligibility for applied examinations
- Voluntary suspension requests
Recertification Process
Recertification ensures that certified individuals maintain their knowledge and skills in line with the latest standards and practices. It is a critical process that reaffirms the competency of certified professionals, allowing them to stay current with evolving industry standards.
Criteria for Recertification:
-
Transition Exam:
* Individuals must take and pass a transition exam when there is a change in the current version of the certification standard.
* The transition exam focuses on the updates and changes in the new version of the standard, ensuring that certified individuals are knowledgeable about the latest requirements and practices. -
Adherence to Code of Ethics:
Certified individuals must adhere to a code of ethics, demonstrating professionalism and integrity in their practice. Any violations of the code of ethics may result in the suspension or revocation of certification
-
Payment of Recertification Fees:
Payment of the required recertification fees is necessary to process and validate the renewal of certification.
Introduction
To maintain the integrity and fairness of our examinations, specific guidelines have been established for proctoring. These rules apply to all candidates and must be adhered to strictly. Failure to comply may result in disqualification or other disciplinary actions.
General Requirements
Technology Setup
- Device: Use a desktop or laptop with a working webcam and microphone. Mobile phones or tablets are not permitted unless explicitly allowed.
- Internet: Ensure a stable internet connection with sufficient bandwidth to stream video and audio continuously.
- Browser: Use the designated browser as specified by the exam platform.
- Power Backup: Ensure your device is fully charged and/or connected to a reliable power source.
Environmental Setup
- Location: Choose a quiet, well-lit room with minimal distractions.
- Background: Ensure the background is plain and free of any clutter or distractions.
- Privacy: No other person is allowed in the room during the examination.
Pre-Exam Procedures
Present a valid government-issued photo ID or institution-approved identification document. Ensure that no unauthorized materials (e.g., books, notes, or electronic devices) are present.
During the Exam
Behavior Guideline
- Focus on the Screen: Avoid looking away from the screen for extended periods.
- No Assistance: You are prohibited from receiving help from anyone or any external resource.
Prohibited Items
- Electronic devices such as mobile phones, tablets, smartwatches, and earphones.
- Books, notes, or any other study material unless explicitly permitted.
Proctor Interaction
- Follow all instructions given by the proctor.
- If contacted for clarification or rule enforcement, respond promptly and cooperatively.
- Inform the proctor immediately in case of technical issues.
Post-Exam Procedures
Submission
- Ensure your exam responses are submitted within the designated time.
- Do not close the exam window or disconnect until you receive confirmation that your submission is successful.
Feedback
- Report any technical issues or concerns to the designated support team immediately aƜer the exam.
Violations and Consequences
Examples of Violations
- Using unauthorized materials or devices.
- Attempting to impersonate another candidate.
- Engaging in suspicious behavior (e.g., frequent movement, talking).
- Disconnecting intentionally without justification.
Consequences
- Warnings for minor infractions.
- Disqualification of the exam attempt for major violations.
