ISO 27001 Practitioner

Accredited Training Course and exam APMG) in only 2.5 days

The purpose of the Practitioner – Information Security Officer qualification is to confirm whether the candidate has achieved sufficient understanding of ISO/IEC 27001 and its application in a given situation. A successful Practitioner – Information Security Officer candidate should, with suitable direction be able to start applying the International Standard to enable the management of information security but may not be sufficiently skilled to do this appropriately for all situations. Their individual information security expertise, complexity of the information security management system and the support given for the use of ISO/IEC 27001 in their work environment will all be factors that impact what the Practitioner – Information Security Officer can achieve.

This two-day and a half, APMG ISO/IEC 27001 Practitioner course, prepares the participants to achieve a sufficient understanding of ISO/IEC 27001 and its application in a given situation. At the end of the course, participants will take the exam to obtain the international qualification APMG ISO / IEC 27001 Practitioner Certificate.


The qualification ISO 27001 Practitioner (2.5 Days) (APMG) is mainly aimed at those who are:

  • Internal managers and personnel working to implement, maintain and operate an ISMS within an organization,
  • External consultants supporting an organization’s implementation, maintenance and operation of an ISMS,
  • Internal auditors who are required to have an applied knowledge of the standard.


An ISO/IEC 27001 Foundation certificate (or equivalent if accepted by APMG) is a pre-requisite for the Practitioner – Information Security Officer qualification.


Candidates must exhibit the competences required for the foundation qualification and show that they can apply ISMS concepts to achieve the objectives and requirements of ISO/IEC 27001 and supporting standards within an organizational context.

Specifically, the candidate should be able to:

  • Apply the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context,
  • Apply the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security,
  • Analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement,
  • Analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS,
  • Understand, create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001,
  • Identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001.

Course syllabus

Welcome & Introduction

Objectives, exam & questions format

Module 1: Introduction and background

Module 2: Preparing for the ISMS

Module 3: Planing and operating the ISMS

Module 4: The controls (part 1)

Module 5: The controls (part 2)

Exam preparation

  • FAQ about the exam
  • Practice exam and group review

Official APM ISO/IEC 27001 Practitioner Exam

Closing & Questions


The official APMG ISO/IEC 27001 Practitioner exam is included in the package.

  • This objective scenario-based exam contains four questions, each with 20 question-lines which cover all 5 areas of the ISO/IEC 27001 Practitioner syllabus. Each question-line is worth 1 point
  • Styles of question: There are four different types of questions: Classic Multiple Choice; Multiple Response; Matching; and, Assertion/Reason
  • Exam duration: 2.5 hours (additional time of 40 minutes for non native english speakers
  • Pass mark: 50% (40/50)
  • Exam type: Open Book


Alain Bonneaud
CISA® - CISM® - CGEIT® - COBIT® - ISO 27001 - ITIL® - PRINCE2® - RESILIA® - VeriSM™ - ISO 20000 - DevOps

Terms & Conditions

The following terms and conditions apply for bookings:

  • the session is led by a trainer accredited by APMG on ISO/IEC 27001,
  • personalized welcome in the classroom with mineral water and breaks ,
  • accredited training material,
  • exam preparation,
  • exam : APMG ISO/IEC 27001 Practitioner exam
  • 2AB & Associates Participation Certificate
  • 2AB & Associates, accredited APMG ATO, official certificate will be issued to participants
  • a group of 10 participants max. in order to ensure the quality of the training delivery.


Document sans titre

Course fees must be paid at least 10 working days prior to the commencement of the course in order to guarantee your place. We accept payment by Direct Debit, credit cards, paypal or bank transfers. Payment made by credit card will incur the following charges – MasterCard (1.5%), Visa (1.5%) American Express (3.0%).


Go Green : tout le mat&eacriel de formation est fourni au format électronique