ISO 27000 Information Security Management Systems Foundation

Organisations should satisfy the quality, fiduciary and security requirements for their information, as for all assets. Management should also optimise the use of available IT resources, including applications, information, infrastructure and people.

Image description

For many enterprises, information and the technology that supports it represent their most valuable, but often least understood, assets. Successful enterprises recognise the benefits of information technology and use it to drive their stakeholders’ value. These enterprises also understand and manage the associated risks, such as increasing regulatory compliance and critical dependence of many business processes on IT.


The ISO/IEC 27000 series of standards has been specifically reserved by ISO for information security matters and is a globally-recognized set of standards that outlines best practices in information security for an organization. The 27000 series is populated with a range of individual standards and documents. The emergence of the ISO/IEC 27000 series of standards is an extremely important development and is re-shaping approaches to information security on a global basis. For the purpose of this certification, two standards of the ISO/IEC 27000 series of standards will be used, and namely ISO/IEC 27001: Information Security Techniques – Information Security Management Systems – Requirements (ISMS) which is the recognized International standard, that provides a model for establishing, implementing, operating,monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) and ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management.

Target Group/Audience

This qualification is the first level of the ISO/IEC 27000 certification scheme provided by PEOPLECERT, and is aimed at anyone working within an organization (internally or externally) who may require to have and demonstrate a solid knowledge and understanding of the ISO/IEC 27001 and ISO/IEC 27002 standards and their content. The certification can also cater for candidates seeking personal certification, also in regards to their knowledge and understanding of the requirements and the content of the standard. This qualification will provide the Foundation level of knowledge to its holders and will certify that they have a solid understanding of the standard and its content.

Learning Objectives

As this is the Foundation level course, candidates will be introduced to the principles and core elements of the ISO/IEC 27001 and ISO/IEC 27002 standards for Information Security Management, and more specifically:

  • ISO/IEC 27000: which provides an overview of information security management systems, which form the subject of the ISMS family of standards, and defines related terms.
  • ISO/IEC 27001: the formal specification which defines the requirements that must be achieved for an informed information security management system (ISMS).
  • ISO/IEC 27002: which describes a code of practice for information security management and details hundreds of specific controls which may be applied to secure information and related assets.


The ISO/IEC 27000 Foundation Certification Exam is designed to validate a candidate’s knowledge of the contents and requirements of the standard and will allow for further development along the ISO/IEC 27000 – Information Security Management certification path. The exam focuses on the following two categories in the cognitive domain of Bloom’s taxonomy 1:

 Knowledge
 Comprehension

Entry Criteria/Training Requirements

No specific entry criteria exist for candidates of the ISO/IEC 27000 Foundation level examination. However, it is strongly recommended that candidates have at least a basic knowledge of Information security management concepts and terminology and have undergone some formal training on the subject with a proposed duration of 24 hours. ITIL® Foundation training is also recommended.

Examination Format

Multiple choice examination questions
40 questions
26 marks required to pass (out of 40 available) - 65%
60 minutes’ duration
Closed book.