In the context of the ISO/IEC 27001 standard, the ISO 27001 Foundation Course deepens the practical application of the requirements of an Information Security Management System (ISMS), enabling participants to understand how principles and controls translate into operational decisions. The training supports the transition from understanding to the structured application of ISO/IEC 27001 in an organisational context.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • upcoming editions
Language: available in PT or ENG
Training: practical and case-study based
Exam: 1h
PROFESSIONAL LEVEL — practical application of methods in a professional context.
Why this course exists
To create a practical foundation and a common language in ISO/IEC 27001, ISMS and implementation/operationalisation through a case study.
Many organisations begin ISMS initiatives without a consistent basis of concepts, terminology and operational understanding of the structure, requirements and controls of ISO/IEC 27001.
This course establishes a fundamental and applicable level of knowledge, supported by theoretical and practical sessions and by a case study, enabling professionals from different areas to understand, apply and support the implementation and operation of an ISMS, as well as frame essential audit principles based on ISO 19011.
What this course enables you to do
Understand
Master fundamental information security concepts and interpret ISO/IEC 27001 in the context of an ISMS.
Apply
Apply concepts and requirements in a real scenario through a case study, with high-level guidance for implementation.
Correlate
Relate the standards of the ISO/IEC 27000 family, including ISO/IEC 27002, 27003, 27004 and 27005, and other relevant references.
Audit (fundamentals)
Understand concepts, principles and best practices for ISMS auditing based on ISO 19011, to support audits and continuous improvement.
Frameworks, standards and best practices addressed throughout the course
ISMS — fundamental concepts
Clause-by-clause overview
Annex A — overview and high-level guidance
ISO/IEC 27002 — controls
ISO/IEC 27003 — implementation
ISO/IEC 27004 — measurement and performance
ISO/IEC 27005 — risk
ISO 19011 — audit principles
Compliance, legislation and related regulation
Correlated best practices
Value for the organisation
- Creates a common, applicable basis for teams involved in ISMS implementation, operation and continual improvement.
- Accelerates internal alignment on ISO/IEC 27001 requirements, processes and controls, reducing noise and divergent interpretations.
- Supports preparation for ISO/IEC 27001 certification, strengthening understanding of Annex A controls and supporting standards such as ISO/IEC 27002, ISO/IEC 27003, ISO/IEC 27004 and ISO/IEC 27005.
- Introduces audit fundamentals based on ISO 19011 to improve coordination between internal teams and internal or external audits.
Introduction
The ISO 27001 Foundation course is based on the international standard ISO/IEC 27001 and follows a practical approach supported by a case study, in which participants are invited to apply information security concepts and requirements in a real scenario.
The course prepares participants to support the implementation and operation of an Information Security Management System (ISMS), and provides fundamental knowledge of audit concepts, principles and best practices based on ISO 19011.
As participants progress through the course topics, the main supporting standards of the ISO/IEC 27000 family are presented, including, among others, guidelines for control implementation (ISO/IEC 27002), requirements implementation (ISO/IEC 27003), performance evaluation (ISO/IEC 27004) and risk assessment (ISO/IEC 27005), as well as additional relevant references, including best practices, legislation and regulation.
This course prepares participants for the Certified Information Security 27001 Foundation personal certification.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Understand the fundamental concepts of information security and the main requirements and controls of ISO/IEC 27001.
- Know and understand the correlation between the standards of the ISO/IEC 27000 family, including ISO/IEC 27001, ISO/IEC 27002, other ISO standards, and other related best practices, legislation and regulation.
- Support an organisation in the implementation and operation of an ISMS based on ISO/IEC 27001, either as part of a team and/or during an implementation project.
- Understand the fundamental audit concepts and principles based on ISO 19011.
- Understand the various sources of requirements related to information security in order to discuss relevant matters with peers regarding the maintenance and improvement of information security.
- Support the organisation in achieving and maintaining ISO/IEC 27001 certification.
- Possess the knowledge required to successfully take the Certified Information Security 27001 Foundation certification exam and obtain a personal certification.
Target Audience
- Consultants, auditors, managers or information security and/or IT risk professionals.
- CISOs, CIOs, CSOs and senior executives/managers responsible for ensuring the alignment and delivery of value from Information Security to the organisation.
- Professionals responsible for Information Security and/or IT Governance in the organisation.
- IT, information security, business or other professionals involved in establishing, implementing, operating and/or continually improving an ISMS based on ISO/IEC 27001.
- Anyone who wishes to learn the fundamentals of ISO/IEC 27001.
Prerequisites
There are no mandatory formal prerequisites. However, other specific requirements may apply, where relevant, depending on the quotation or proposal presented. Please consult the applicable proposal.
Programme
Introduction to the course
- Training and certification framework
- Objectives, structure and pedagogical approach
- Case study and working dynamics
Introduction to information security, the ISO/IEC 27001 standard and related best practices
- Information security standards and compliance requirements
- Progression towards ISO/IEC 27001 certification
- Information security fundamentals
- Presentation and overview of ISMS requirements — Part 1: Clauses 4 to 6.1
- Information security context
- Leadership and commitment
- Planning: actions to address risks and opportunities, objectives and changes to the ISMS
ISMS and audit concepts and principles
- Presentation and overview of ISMS requirements — Part 2: Clauses 6.2 to 10 and Annex A
- Planning: objectives and plans to achieve them
- Support
- Operation
- Performance evaluation
- Improvement
- Annex A controls: overview and high-level implementation guidance
- Introduction to audit concepts and principles based on ISO 19011
Exam(s) and Certification
Exam “Certified Information Security 27001 Foundation”
The exam covers the following competence domains:
- Domain 1: Information security fundamentals
- Domain 2: ISO/IEC 27001 Information Security Management System requirements
- Domain 3: Fundamental audit concepts and principles based on ISO 19011
Language(s): Portuguese and English.
Duration: 1 hour (60 minutes).
Format: Multiple choice.
Number of questions: 40 questions.
Pass mark: 260/400 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.
Certification
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves the credential Certified Information Security 27001 Foundation, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
A Behaviour® professional certification, as a proprietary certification scheme, with international market recognition. The scheme is designed and operated based on good practices for personal certification, principles of impartiality and exam quality, and applicable international references, including the principles of ISO/IEC 17024.
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.
Certification programmes are valid only for individuals, not companies, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.
If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Training materials available in Portuguese or English, with online access, in accordance with the awarded conditions.
- Behaviour digital Training Attendance Certificate with 16 CPD/CPE credits.
- Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
- If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
- Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process. This process has no associated cost.
Trainer(s)
The trainers are consultants and auditors with experience in implementation, auditing and training in the ISO/IEC 27000 family of standards, with particular focus on ISO/IEC 27001, ISO/IEC 27005 and related standards.
Benefits
View benefits
- ISO/IEC 27001 defines requirements for an auditable and internationally recognised ISMS.
- It supports organisational certification and international recognition, contributing to maturity, trust and the optimisation of practices and controls.
- The course is based on the BEHAVIOUR pedagogical model, with a personal certification programme in accordance with ISO/IEC 17024.
- It addresses the knowledge required to support the implementation and operation of an ISMS and provides an overview of ISO/IEC 27002, ISO/IEC 27003, ISO/IEC 27004 and ISO/IEC 27005, among other standards.
- The exam is supervised by an official BEHAVIOUR administrator.
- In case of failure, there is 1 free retake within a maximum period of 2 months after the initial exam result.
Logistics
Useful information
- Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- 14 hours of synchronous training, distributed across 2 consecutive days
- Estimated 2 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside the synchronous sessions
- Requirements: computer with stable internet, updated browser, PDF reader and audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.
Frequently Asked Questions
Objective answers to the most common questions about the ISO 27001 Foundation course.
Is it mandatory to have completed the Essentials course first?
No. The Essentials level focuses on the structured understanding of key concepts and fundamental principles. The Foundation level deepens the normative structure and its requirements, providing a more detailed understanding that enables the participant to understand, support and integrate implementation initiatives in an informed and consistent manner.
Does this course address practical application?
Yes, from the perspective of framing and structured understanding of the requirements, controls and domains of the standard or framework, enabling the participant to support implementation or audit teams based on solid normative knowledge.
Is the course more conceptual or technical?
The course has a conceptual and normative focus. It prioritises understanding of the architecture of the standard or framework, the logic of its requirements, controls and domains, establishing a structured basis for implementation, audit or technical specialisation training.
Does this course replace implementation or audit training?
No. The Foundation course does not replace Lead Implementer or Lead Auditor courses. It works as a structuring knowledge base, allowing those training programmes to be attended with greater conceptual clarity, normative rigour and pedagogical effectiveness.
In which professional contexts is this course most useful?
It is particularly useful for professionals who:
- need to understand the standard or framework in order to interact with technical teams;
- participate in or follow compliance, governance or audit projects;
- wish to frame themselves technically before taking on implementation, audit or decision-making responsibilities.
Does this course help understand the impact of ISO 27001 on the organisation?
Yes. The ISO 27001 Foundation course enables participants to understand the organisational impact of the standard, including responsibilities, processes and the ISMS framework, without assuming design, implementation or audit activities.
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
This course may be attended by individual professionals. It may also be integrated into capacity-building pathways for teams involved in the implementation, operation or reinforcement of an Information Security Management System (ISMS).