ISO/IEC 27001 Foundation is an introductory course designed to give participants a solid understanding of the internationally recognised information security standard ISO/IEC 27001. This course focuses on the key principles, terminology and requirements of the standard, helping delegates to understand how an Information Security Management System (ISMS) should be structured to support risk-based security governance.
This course provides a clear overview of the structure and requirements of ISO/IEC 27001, and explains how these elements support the establishment, implementation and continual improvement of an ISMS. Participants will explore core concepts such as confidentiality, integrity and availability, risk assessment fundamentals, and how the standard’s clauses relate to business processes. The course is suitable for those who need to understand ISO/IEC 27001 for compliance, professional development or preparation for more advanced certification levels.
«Veldig flink [instruktør]! Godt forbredt og flink til å svare på spørsmål. Har god oversikt over kursmaterialet. Gode eksempler slik at det er enklere å forstå og henge med på hva han forklarer. »
Course objectivesUpon completion of this course, participants will be able to:
PrerequisitesThere are no formal prerequisites to attend this course. A general interest in information security or governance is helpful, but not required.
Target audienceThis course is aimed at anyone who wants to understand the fundamentals of information security, governance and an ISO/IEC 27001 Information Security Management System. Typical participants include IT staff, security professionals, compliance officers, consultants and managers involved in information risk and security activities.
The course begins with an overview of information security fundamentals and key drivers for establishing an Information Security Management System (ISMS). Participants explore the basic principles of confidentiality, integrity and availability, and learn why structured governance and risk-based approaches are critical to protecting organisational information assets.
This section breaks down the structure of the ISO/IEC 27001 standard. Participants are introduced to the clauses of the standard and how each contributes to a structured ISMS. Emphasis is placed on understanding requirements rather than memorising text, enabling participants to interpret and apply the standard in practical settings.
Participants learn the fundamentals of risk assessment and risk treatment as required by ISO/IEC 27001. This includes how risk identification, analysis and evaluation activities contribute to the design of an effective set of controls. Delegates gain insight into how risk drives decision-making in the context of information security.
This part of the course covers control objectives and the use of documented information to support implementation, measurement and continual improvement. Participants discuss the role of policies, procedures and records in building a robust ISMS that can withstand audit and certification processes.
The course concludes with a review of key topics and structured preparation for the ISO/IEC 27001 Foundation exam. Participants will gain insight into what to expect in the exam and how best to apply their learning in order to succeed.
After successfully completing the exam, you can apply for the credential shown on the table below. For more information about ISO/IEC 27001 certifications and the PECB certification process, please refer to Certification Rules and Policies.
The requirements for PECB Foundation Certification are:
The exam is will take place at the end of the course on onsite classroom courses
For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send from PECB.
Examination rules and policies
Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.
Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.
In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.
Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.
There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:
After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.
For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.
To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.
Duration: 1 day
Price: 14 500 NOK
Language: English
Format: Open course and corporate training
Hva lærer jeg på dette kurset?
Du lærer grunnleggende begreper, struktur og krav i ISO/IEC 27001, inkludert hvordan et ISMS er bygget opp og hvorfor det er viktig for informasjonssikkerhet i organisasjoner.
Hva kreves for å delta?
Det kreves ingen formelle forkunnskaper, men generell interesse for informasjonssikkerhet eller governance er en fordel.
Hvordan gjennomføres eksamen?
Eksamen gjennomføres enten fysisk på kursstedet eller online med voucher og online eksamensvakt.
Hva skjer hvis jeg ikke består første eksamen?
Du får som regel tilbud om ett nytt eksamensforsøk online.
Får jeg ekstra tid på eksamen?
Du får ekstra tid dersom engelsk ikke er ditt morsmål, i henhold til sertifiseringsregler.
Hvilken sertifisering får jeg?
Etter bestått eksamen oppnår du ISO/IEC 27001 Foundation-sertifisering.
Får jeg ISO-standarden?
Nei, du får ikke standarden, men tilgang til en lånestandard som kan brukes under kurset og eksamen.
Hva er forskjellen på Foundation, Implementer og Auditor?
Foundation gir deg grunnleggende forståelse av standardens krav. Implementer er rettet mot deg som skal etablere og forvalte et ISMS. Auditor er for de som skal revidere etter standarden.
Er dette kurset relevant for ledere?
Ja, kurset er relevant for ledere, IT-ansatte, sikkerhetsansvarlige og alle som ønsker innsikt i informasjonssikkerhet og ISMS.
Kan jeg ta dette kurset som e-læring eller selvstudium?
Ja, dette kurset tilbys også som e-læring. Du kan registrere deg på høre side.
