A tailored course, built for your situation
Influence across more business units with ISO 27001
Expand your impact by mastering the framework that connects security, compliance, and operations across functions.
Who this is for
Mid-level compliance, risk, or governance practitioner at a global services firm contributing to control frameworks, audits, or client assurance deliverables.
Who this is not for
Executives seeking board-level summaries, consultants selling ISO 27001 certification services, or teams focused exclusively on non-overlapping standards like SOC 2 or HIPAA.
What you walk away with
- Lead ISO 27001 control discussions with confidence across teams
- Anticipate audit requirements before they're escalated
- Shape consistent control implementation across multiple client accounts
- Serve as a reference point for peers in security, risk, and delivery
- Build reusable templates that reduce rework across engagements
The 12 modules (with all 144 chapters)
- Scope of ISO 27001
- Core principles overview
- Role in client assurance
- Integration with delivery lifecycles
- Mapping to service offerings
- Common misconceptions clarified
- How it differs from SOC 2
- Link to risk assessment
- Use in pre-sales alignment
- Client audit expectations
- Internal vs external audits
- Key documentation outputs
- Policy purpose and audience
- Information classification levels
- Access control principles
- Physical security clauses
- Change management integration
- Incident reporting structure
- Acceptable use statement
- Compliance obligations
- Review and update cycle
- Stakeholder alignment steps
- Version control approach
- Approval workflow design
- Risk methodology selection
- Asset identification process
- Threat and vulnerability mapping
- Inherent vs residual risk
- Risk acceptance criteria
- Scoring calibration
- Risk treatment options
- Documenting rationale
- Linking to control objectives
- Third-party risk inclusion
- Frequency of reassessment
- Reporting to oversight forums
- Purpose of the SoA
- Control inventory setup
- Justifying exclusions
- Referencing Annex A controls
- Tailoring for client needs
- Version tracking method
- Peer review process
- Integration with client requests
- Common audit findings
- Maintaining consistency
- Stakeholder sign-off
- Updating across cycles
- Audit planning timeline
- Checklist development
- Sampling approach
- Evidence collection
- Interview preparation
- Finding classification
- Remediation tracking
- Reporting structure
- Management review input
- Follow-up cadence
- Lessons learned log
- Audit communication plan
- Agenda design
- Attendance criteria
- Input documentation
- Risk register update
- Audit finding summary
- Control performance metrics
- Resource requests
- Strategic alignment points
- Minutes format
- Action item tracking
- Escalation pathways
- Meeting frequency
- Identifying improvement areas
- Root cause analysis
- Corrective action planning
- Effectiveness validation
- Trend analysis
- Client feedback integration
- Internal lessons sharing
- Benchmarking progress
- Update documentation
- Stakeholder communication
- Tooling for tracking
- Performance indicators
- Standardizing control language
- Central vs local ownership
- Regional adaptation rules
- Training for consistency
- Audit process harmonization
- Shared templates strategy
- Conflict resolution
- Change propagation
- Governance forums
- Metrics for alignment
- Vendor management
- Client-specific tailoring
- Vendor classification
- Due diligence requirements
- Contractual clauses
- Audit rights negotiation
- Subcontractor oversight
- Information security agreements
- Onboarding checks
- Ongoing monitoring
- Incident response planning
- Exit procedures
- Performance metrics
- Compliance verification
- Incident definition
- Classification levels
- Detection mechanisms
- Escalation paths
- Containment procedures
- Forensic readiness
- Client notification process
- Regulatory reporting
- Post-incident review
- Lessons documented
- Update controls
- Team training
- Choosing a certification body
- Stage 1 audit prep
- Stage 2 audit prep
- Document readiness
- Evidence trail setup
- Interview readiness
- Common findings to avoid
- Corrective action response
- Audit report review
- Surveillance audits
- Recertification cycle
- Maintaining certification
- Template libraries
- Playbook development
- Internal training modules
- Peer mentoring model
- Knowledge base setup
- Version control system
- Contribution guidelines
- Feedback integration
- Adoption tracking
- Recognition systems
- Leadership visibility
- Cross-line collaboration
How this maps to your situation
- When starting a new client engagement
- Before an internal audit cycle
- During management review planning
- After a vendor incident
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3 hours per module, designed to fit around project deadlines.
How this compares to the alternatives
Unlike generic ISO 27001 overviews, this course is tailored to practitioners in global delivery environments who need to apply the standard across multiple clients and regions. It emphasizes reusable artefacts and influence beyond a single project.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.