In the context of the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 updates, the ISO 27001 and ISO 27002 Transition Course clarifies the main changes to requirements and controls and their impact on the implementation, operation and auditing of an ISMS. The training supports the 2013 → 2022 mapping and guides a practical transition in an organisational context.
—– Discontinued course: transition completed —–
This course has been discontinued, as the transition process to the current version of ISO/IEC 27001 has already ended.
To understand the differences between editions and work with the updated framework, please consult the course ISO/IEC 27001 Foundation.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • upcoming editions
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 1h
PROFESSIONAL LEVEL — practical application of methods in a professional context.
Why this course exists
This course exists to support the ISO/IEC 27001/27002 transition from 2013 to 2022, clarifying differences and their impact on ISMS implementation, operation, continual improvement and auditing.
It reduces ambiguity and accelerates execution by reviewing the 2013 editions, providing the mapping to 2022 and offering practical guidance to define and apply a transition plan, including new and modified controls, supported by a case study.
What this course enables you to do
Identify changes
Recognise differences between the 2013 and 2022 editions of ISO/IEC 27001 and ISO/IEC 27002, understanding their impact on ISMS requirements, controls and evidence.
Map and transition
Apply a practical, step-by-step approach to support the organisational transition from the 2013 edition to the 2022 edition, based on mapping between requirements and controls.
Implement 2022 controls
Understand the new ISO/IEC 27002:2022 control model, including themes/categories and attributes, new controls and modified controls, with practical implementation suggestions.
Prepare certification
Understand the certification transition process for organisations and professionals between editions and support the maintenance of ISO/IEC 27001 certification during migration.
Frameworks, standards and best practices addressed throughout the course
ISO/IEC 27002:2022 — new control model
2013 → 2022 mapping — requirements and controls
Certification transition — organisations and individuals
New controls and modified controls
Themes/categories and attributes — ISO/IEC 27002:2022
ISO/IEC 27005:2022 — risk guidance, where applicable
ISO/IEC 2700x family — overview and interconnections
Related legislation and regulation, where relevant
Correlated best practices
Value for the organisation
- Clarifies 2013 → 2022 differences and reduces the risk of inconsistent interpretations during the ISO/IEC 27001/27002 transition.
- Supports a feasible transition plan, based on requirement-by-requirement and control-by-control mapping.
- Accelerates the preparation of evidence and the adaptation of processes and controls to the ISO/IEC 27002:2022 model, including themes and attributes.
- Strengthens the capacity of internal teams and partners to maintain ISO/IEC 27001 certification during the migration and prepare related audits.
Introduction
The ISO 27001 and ISO 27002 Transition course is based on ISO/IEC 27001:2022 and supported by ISO/IEC 27002:2022, following a practical approach supported by a case study, in which participants are invited to apply concepts, requirements and controls in a real scenario.
The course prepares participants to support an organisation in the transition process from the 2013 editions to the 2022 editions, including the mapping between requirements and controls and the understanding of the new control model of ISO/IEC 27002:2022, including themes/categories and attributes.
As participants progress through the course topics, the main supporting standards of the ISO/IEC 27000 family and related references are framed, including, where applicable, relevant updated guidance, such as ISO/IEC 27005:2022.
The ISO 27001 and ISO 27002 Transition course prepares participants for the Certified Information Security 27001 and 27002 Transition personal certification.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Identify the new editions of the ISO/IEC 2700x family and related references, including legislation and regulation, where applicable.
- Recall ISO/IEC 27001 requirements and ISO/IEC 27002 controls from the 2013 editions.
- Identify new requirements, new controls and differences between the 2013 and 2022 editions of ISO/IEC 27001 and ISO/IEC 27002.
- Know and apply a practical step-by-step approach to support the organisational transition from 2013 to 2022.
- Understand the new ISO/IEC 27002:2022 control model, including themes/categories and attributes, and its practical application.
- Know the new and modified controls of ISO/IEC 27002:2022 and the associated implementation good practices.
- Understand the certification transition process for organisations and professionals between editions.
- Support the organisation in the transition, ensuring the maintenance of ISO/IEC 27001 certification during the update.
Target Audience
- Information Security, Cybersecurity, Audit, Risk, Management and IT Governance professionals.
- DPOs/privacy and data protection professionals who use ISO/IEC 27001 to support security and privacy requirements.
- CISOs, CIOs, CSOs and decision-makers who need to understand the impact of the 2022 changes.
- Teams involved in the implementation, operation, continual improvement and/or transition of an ISMS to the new edition.
- Any professional who wishes to gain a structured view of the changes in ISO/IEC 27001 and ISO/IEC 27002, and related standards.
Prerequisites
There are no mandatory formal prerequisites. However, it is recommended that participants have knowledge of ISO/IEC 27001:2013. Other specific requirements may apply, where relevant, depending on the quotation or proposal presented. Please consult the applicable proposal.
Programme
Introduction to the course
- Training and certification framework
- Objectives, structure and pedagogical approach
- Case study and working dynamics
Review of the 2013 editions and transition to ISO/IEC 27001:2022 and ISO/IEC 27002:2022
- Framework of the ISO/IEC 2700x family and related references, including legislation and regulation, where applicable.
- Review of ISO/IEC 27001 requirements and ISO/IEC 27002 controls from the 2013 editions.
- Presentation of ISO/IEC 27001:2022 requirements and controls.
- Mapping between ISO/IEC 27001/27002 requirements and controls from 2013 to 2022.
- Practical step-by-step approach to support organisational transition from 2013 to 2022.
ISO/IEC 27002:2022 — new control model and implementation
- Introduction to the new ISO/IEC 27002:2022 control model, including themes/categories and attributes.
- New controls and modified controls according to ISO/IEC 27002:2022.
- Guidance for the practical implementation of new and modified controls.
- Certification transition from 2013 to 2022: guidance for organisations and professionals.
- Training closure and preparation for personal certification.
Exam(s) and Certification
Exam “Certified Information Security 27001 and 27002 Transition”
The exam covers the following competence domains:
- Domain 1: ISO/IEC 27001:2022 requirements and ISO/IEC 27002:2022 controls
- Domain 2: Differences between editions and transition process to ISO/IEC 27001:2022
- Domain 3: New and modified controls of ISO/IEC 27002:2022
Language(s): Portuguese. Please contact Behaviour for availability in other languages.
Duration: 1 hour (60 minutes).
Format: Multiple choice.
Number of questions: As defined for the exam edition.
Pass mark: 260/400 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.
Certification
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves the credential Certified Information Security 27001 and 27002 Transition, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
A Behaviour® professional certification, as a proprietary certification scheme, with international market recognition. The scheme is designed and operated based on good practices for personal certification, principles of impartiality and exam quality, and applicable international references, including the principles of ISO/IEC 17024.
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.
Certification programmes are valid only for individuals, not companies, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.
If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Training materials available in Portuguese or English, with online access, in accordance with the awarded conditions.
- Behaviour digital Training Attendance Certificate with 16 CPD/CPE credits.
- Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
- If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
- Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process. This process has no associated cost.
Trainer(s)
The trainers are recognised consultants and auditors, with several years of experience in implementation, auditing and training in the ISO/IEC 27000 family of standards, with particular focus on ISO/IEC 27001, ISO/IEC 27005 and related standards.
Benefits
View benefits
- Structured update for certified professionals, either by Behaviour or other entities, regarding the 2022 editions.
- Complements existing competences and is not oriented to a specific role, therefore it does not imply maintenance requirements within the personal certification scheme.
- The exam is mandatory to maintain Behaviour ISO 27001 certifications in the 2022 version, and is also recommended as evidence of competence in the new edition.
- May be used as evidence of maintenance in other professional certification programmes in the field of Information Security.
- Strengthens individual technical credibility by demonstrating a formal and verifiable update regarding the 2022 editions, in audit, application and progression contexts.
- Increases effectiveness in projects and audits by giving professionals a consistent reading of the changes, what changed and how to interpret them, reducing learning time in the field.
Logistics
Useful information
- Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- 14 hours of synchronous training, distributed across 2 consecutive days
- Estimated 2 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside the synchronous sessions
- Requirements: computer with stable internet, updated browser, PDF reader and audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.
Frequently Asked Questions
Objective answers to the most common questions about the ISO/IEC 27001 and ISO/IEC 27002 Transition course from 2013 to 2022.
Is this course for professionals already working with ISO/IEC 27001:2013?
Yes. The course assumes familiarity with the 2013 edition and focuses on the transition to the 2022 editions, clarifying differences, mapping and practical impact on requirements, controls and evidence.
Does the course address ISO/IEC 27001 and ISO/IEC 27002 together?
Yes. The approach integrates ISO/IEC 27001:2022 requirements and the new ISO/IEC 27002:2022 control model, including new controls, modified controls, themes/categories and attributes, and implications for implementation and auditing.
Is this course intended to implement an ISMS from scratch?
No. That is not the main objective. The course is oriented towards supporting the transition between editions, from 2013 to 2022, clarifying differences, mapping and impact on requirements and controls. For the full implementation of an ISMS from scratch, the recommended option is the practical ISO 27001 Lead Implementer course by Behaviour.
Does the course include practical guidance for a transition plan?
Yes. The course presents a practical step-by-step approach, with a case study and exercises, to support mapping, gap analysis and the definition of actions required for the transition to the 2022 editions.
In which professional contexts is this course most useful?
It is particularly useful for professionals who:
- support the maintenance of ISO/IEC 27001 certification during the edition update;
- need to translate normative differences into ISMS actions and evidence;
- work in information security implementation, operation, risk, compliance, audit or governance.
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
This course may be attended by individual professionals. It may also be integrated into team update plans for those who need to follow the evolution of the requirements and controls of ISO/IEC 27001 and ISO/IEC 27002.