ISO 27001 Training

Master ISO 27001:2022 — the international standard for information security management systems. CPD-certified training covering ISMS design, all 93 Annex A controls, risk assessment, and third-party certification audit readiness for UK organisations.

CPD-Certified · ISO 27001:2022 Updated · Online · 93 Annex A Controls · Certification Audit Ready

Start Your AssessmentSee How It Works

What Is ISO 27001 Training?

ISO 27001 training is professional development in ISO/IEC 27001:2022 — the international standard for information security management systems (ISMS). It equips professionals to design, implement, operate, and audit an ISMS including all 93 Annex A controls across four categories, risk assessment methodology, and third-party certification audit preparation.

ISO 27001 is the world's leading standard for information security management. In 2026, ISO 27001:2022 certification is increasingly required by enterprise clients, financial services regulators, and public sector organisations as evidence of systematic information security controls — making ISO 27001 training one of the most commercially valuable credentials in the UK compliance market.

This CPD-certified course covers the complete ISO 27001:2022 framework — from ISMS scope definition and risk assessment through all 93 Annex A controls, Statement of Applicability, and internal audit — preparing your team for a UKAS-accredited ISO 27001 certification audit with confidence.

ISO 27001 Course Curriculum — Updated for 2022

The ISO 27001:2022 curriculum takes you from standard interpretation through to full certification readiness:

ISO 27001:2022 Standard

  • Standard structure: clauses 4–10 and their requirements
  • Key changes from ISO 27001:2013 to ISO 27001:2022
  • ISO 27001 and related standards: 27002, 27005, 27701
  • Certification bodies: UKAS-accredited certification in the UK

ISMS Design

  • Defining ISMS scope: inclusions, exclusions, and interfaces
  • Understanding organisational context: stakeholders and requirements
  • Leadership and commitment: management responsibilities
  • Statement of Applicability (SoA): structure and preparation

Risk Assessment

  • Asset-based risk assessment methodology
  • Threat modelling and vulnerability identification
  • Risk treatment: accept, transfer, mitigate, or avoid
  • Risk owner accountability and treatment plan documentation

Annex A Controls

  • Organisational controls (A.5): policies, roles, threat intelligence, asset management
  • People controls (A.6): screening, training, disciplinary processes, remote working
  • Physical controls (A.7): physical security perimeters, equipment maintenance
  • Technological controls (A.8): endpoint security, identity management, encryption, logging

Audit & Certification

  • Internal audit programme design and scheduling
  • Conducting ISMS internal audits: evidence collection
  • Non-conformity management and corrective action
  • Stage 1 and Stage 2 external certification audit preparation
GRC Essentials Training
ISAE 3402 Training
SOC 1 Training
SOC 2 Training
ISAE 3000 Training
ISO 27001 Training
GRC Advanced / DORA & NIS2 Training
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

What You Will Learn: ISO 27001 Modules

The ISO 27001 training course covers the complete ISO 27001:2022 implementation lifecycle across six modules:

Module

What You Will Learn

Module 1: ISO 27001:2022 Fundamentals
Understand the ISO 27001:2022 standard structure, key changes from 2013, Plan-Do-Check-Act cycle, and relationship to ISO 27002, ISO 27005, and ISO 27701.
Module 2: ISMS Scope & Context
Define ISMS scope, identify interested parties, establish organisational context, and prepare the Statement of Applicability (SoA).
Module 3: Information Security Risk Assessment
Apply the ISO 27001:2022 risk assessment methodology — asset identification, threat and vulnerability analysis, risk treatment decisions, and risk register documentation.
Module 4: Annex A Controls Implementation
Master all 93 Annex A controls across four categories: Organisational (37), People (8), Physical (14), and Technological (34) controls.
Module 5: ISMS Operation & Monitoring
Design operational procedures — document management, awareness training, access management, incident management, and continuous monitoring programmes.
Module 6: Internal Audit & Certification Readiness
Conduct ISMS internal audits, manage non-conformities, and prepare for Stage 1 and Stage 2 third-party certification audits.

Why Choose GRC Index for ISO 27001 Training?

In a crowded ISO 27001 training market, GRC Index stands out by connecting ISO 27001 implementation directly to the GRC Index Data Security domain assessment — giving organisations a second, independent validation of their information security controls through the GRC benchmarking framework. Unlike generic ISO 27001 providers, GRC Index training also covers how ISO 27001 evidence supports NIS2, DORA, and GDPR compliance — critical for UK organisations navigating multiple regulatory requirements from one ISMS.

Advantage

Detail

GRC Index Data Security Connection
ISO 27001 controls map directly to GRC Index Data Security domain — training outcome measurable through GRC Score
ISO 27001:2022 Updated
93 Annex A controls across four new categories — current to the 2022 revision
NIS2 & DORA Crossover
How ISO 27001 evidence satisfies NIS2 and DORA operational resilience requirements — unique UK angle
CPD-Certified — 16 Hours
Highest CPD credit count — recognised by ISACA, ISC2, IIA, and IISP
Certification Audit Ready
Stage 1 and Stage 2 readiness — practical focus for UKAS-accredited certification pursuit

Who Should Take ISO 27001 Training?

ISO 27001 training is designed for information security and IT governance professionals responsible for implementing and maintaining ISMS:

Professional Role

Why This Course Matters

Information Security Managers
Lead ISMS implementation, manage Annex A control selection, and coordinate third-party certification audit preparation
CISOs & IT Directors
Develop strategic information security governance aligned to ISO 27001:2022 — board reporting and executive accountability
IT Governance Teams
Understand ISO 27001 requirements for IT systems, access management, and technology controls within an ISMS scope
Internal Auditors
Conduct ISO 27001 internal audits, manage non-conformity reporting, and assess ISMS effectiveness
Compliance Officers
Integrate ISO 27001 compliance into broader GRC programmes — understand GDPR, NIS2, and DORA alignment
Technical Staff & Developers
Understand ISO 27001 Technological controls and secure development requirements within ISMS scope

Frequently Asked Questions: ISO 27001 Training

What is ISO 27001 training?

+

ISO 27001 training is professional development in ISO/IEC 27001:2022 — the international standard for information security management systems (ISMS). It covers ISMS design, risk assessment, all 93 Annex A controls, internal audit, and third-party certification preparation. Essential for information security managers, CISOs, and IT governance teams pursuing ISO 27001 certification.

What changed in ISO 27001:2022?

+

ISO 27001:2022 updated Annex A from 114 controls in 14 categories (2013) to 93 controls in 4 categories: Organisational, People, Physical, and Technological. Eleven new controls were added covering threat intelligence, cloud security, data masking, and monitoring. Organisations certified to ISO 27001:2013 had until October 2025 to transition. GRC Index training covers the 2022 standard in full.

How long does ISO 27001 certification take?

+

ISO 27001 certification typically takes 3–12 months depending on organisation size and ISMS maturity. Stage 1 (documentation review) can be completed once your ISMS is documented. Stage 2 (onsite audit) follows. GRC Index training prepares your team to begin implementation immediately and reach Stage 1 readiness within 3–6 months for most UK SMEs.

What is the ISO 27001 Annex A?

+

Annex A of ISO 27001:2022 lists 93 reference information security controls across four categories: Organisational (37), People (8), Physical (14), and Technological (34). Not all controls apply to every organisation — the Statement of Applicability documents which controls apply and why others are excluded. GRC Index training covers all 93 Annex A controls.

How does ISO 27001 relate to NIS2 and DORA?

+

ISO 27001 implementation provides substantial evidence for NIS2 Directive cybersecurity risk management measures. DORA additionally recognises ISO 27001 as a reference framework for ICT risk management. GDPR Article 32 technical measures are also well-evidenced by ISO 27001. GRC Index training covers all three regulatory crossovers specifically.

Is ISO 27001 training CPD-certified?

+

Yes. GRC Index ISO 27001 training awards 16 CPD hours — the highest in our portfolio. Recognised by ISACA (CISA/CISM), ISC2 (CISSP/CCSP), IIA, and IISP. A CPD Certificate of Completion is issued on successful completion.

GRC Essentials Training
ISAE 3402 Training
SOC 1 Training
SOC 2 Training
ISAE 3000 Training
ISO 27001 Training
GRC Advanced / DORA & NIS2 Training
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Quick Links

HomeAbout UsHow It WorksStart AssessmentContact

Contact Us

info@grci.net

(+44) 203 1264430

63-66 Hatton Garden, EC1N 8LE London, UK.

Start Your Assessment

© 2025 GRC Index. All rights reserved.