In 2018:  Zygma completed 25 years of continuous independent operations;   Drafted and edited Kantara's NIST SP 800-63 rev.3 IAL2/AAL2 Service Assessment Criteria; Managed on behalf of a client the first SP 800-63 rev.3 service assessment - the service was the first to receive Kantara's "NIST 800-63 rev.3" Approval;   Performed three Kantara Service Assessments, each resulting in a Grant of Approval;   Transitioned to operating as an S-Corporation.      
   Home      Site map      About Us      Legal       Contact



ISO/IEC 27001

ISO 27001/05 Training

Kantara Support

Standards & Regulations




Curricula Vitae

Course: Certified ISO 27001 Foundation (IS27001FNDN)
Become acquainted with the ISO 27001 requirements for implementing and operating an Information Security Management System (ISMS)


This course introduces participants to the requirements for implementing and operating an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005, as well as for selecting and implementing appropriate information security controls.  The course also explains the relationships between ISO 27001 and other key standards in the ISO/IEC 27000 family: ISO 27002 (Code of practice for information security management); ISO 27003 (Guidelines for the implementation of an ISMS); ISO 27004 (Measurement of information security) and; ISO 27005 (Risk Management in Information Security).  This course should be seen as a more in-depth 'primer' than the one-day Introductory course.

Back to Top»»

Who should participate?
  • IT Professionals wanting to gain a more developed understanding of the components of an Information Security Management System (ISMS)
  • Managers responsible for implementing and managing an ISO 27001 ISMS
  • Staff involved in the implementation and operation of an ISMS
  • IT Subject Matter Experts & Advisors
  • Auditors

Back to Top»»

Learning objectives

Participants will gain an understanding of:

  • the application of an Information Security Management System in the context of ISO 27001
  • the interrelationships between ISO 27001 and other 27000-family standards (ISO 27000, ISO 27002, ISO 27003, ISO 27004, and ISO 27005, …)
  • key components of an Information Security Management System (ISMS) in the context of ISO/IEC 27001:2005
  • the concepts, approaches, standards, methods and techniques which lead to effective management of an ISMS
  • the relationship between an Information Security Management System (including risk management, controls and compliance) and the interests of the various stakeholders associated with the ISMS
  • the necessary expertise to contribute to the implementation an Information Security Management System (ISMS) as specified in ISO 27001
  • stages of the ISO 27001 certification process

Back to Top»»


Day 1: Introduction to ISO 27001 and other standards in the ISO 27000 family

  • Introduction to management systems and the process approach
  • Fundamental principles in Information Security Management Systems
  • General requirements: presentation of the clauses 4 to 8 of the ISO 27001 standard
  • Implementation phases of the ISO27001 framework
  • Continuous improvement of the ISMS
  • Conducting an ISO 27001 Certification Audit

Day 2: Selecting and implementing information security controls from ISO 27001 Annex A, following the ISO27002 Code of practice

  • The 11 domains and 133 information security controls from ISO 27001 Annex A: relationship to ISO 27002

  • Principles and design of controls 
  • Documentation of a control environment
  • Monitoring and reviewing controls
  • Examples of the implementation of controls
  • Exam

Back to Top»»



Back to Top»»

Tutoring Approach

The course consists of presentation of the source material interspersed with practical exercises based on real cases.  The use of these exercises helps prepare participants for the examination, taken on the second day. 

Given the number of practical exercises, the number of training participants may be limited.

Back to Top»»

Examination and Certification

The “ISO 27001 Foundation” examination lasts 1 (one) hour and fully meets the requirements of the PECB Examination Certification Programme (ECP).  The exam covers the following competence domains:

Domain 1: Fundamental principles and concepts of  information security

Domain 2: Information Security Management System (ISMS)

ISO 27001 Foundation Certification will be granted to participants who successfully pass the examination and comply with all other requirements related to this credential.

Back to Top»»

Certification Experience Requirements

There are no requirements for prior professional experience for the granting of this Certification.  However, all applicants will be required to sign and to uphold PECB's Code of Ethics and should also make themselves aware of the applicable Rules & Policies.  Further details may be found here: PECB: Certification & Examination Process.

Back to Top»»

General Information

Each participant will receive:

  • a student manual containing over 200 pages of information and practical examples
  • a 14 CPE (Continuing Professional Education) participation certificate

All examination and certification charges are included in the course fees.

Back to Top»»

© 1993 - 2018   Zygma Incorporated     Telephone: +1 714 797 99 42      Email: Enquiries @    
All Zygma services are provided in accordance with its Ethics Policy.
Note - if you are submitting an enquiry or expect to receive email from us, please ensure that your spam filtering will accept mail from the domain ''