Skip to main content
Image coming soon

Deeper command of the ISO 27001 control mapping

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Deeper command of the ISO 27001 control mapping

A 199 tailored course for Chad Holmes building total fluency in ISO 27001 control implementation at the practitioner level

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Spending too many cycles explaining control mappings or redoing audit outputs

The situation this course is for

Even strong practitioners lose time when control logic isn't internalized. Teams default to templates without understanding the 'why' behind controls, leading to inconsistent mappings, audit rework, and delays in sign-off. The gap isn't knowledge, it's mastery of the framework at a granular level.

Who this is for

Mid-level compliance and risk practitioner at a consulting firm, contributing to ISO 27001 implementations and audit support across federal and commercial clients

Who this is not for

Executives looking for board-level summaries or vendors selling ISO 27001 tooling

What you walk away with

  • Map ISO 27001 controls to technical and procedural controls with confidence
  • Produce audit-ready statements of applicability without senior review
  • Justify control exclusions with source-backed, defensible logic
  • Reduce time spent reconciling control evidence by 50%
  • Become the reference point for peers on nuanced control interpretation

The 12 modules (with all 144 chapters)

Module 1. Introduction to ISO 27001 control logic
Understand the structure and intent of ISO 27001 Annex A controls. Learn how control groupings relate to real-world risk domains and organizational boundaries.
12 chapters in this module
  1. Control purpose vs implementation
  2. Mapping scope to Annex A sections
  3. Understanding control hierarchies
  4. Common misinterpretations of control 5.1
  5. Control 5.2 documentation essentials
  6. Control 5.3 roles and responsibilities
  7. Control 5.4 alignment with business objectives
  8. Control 5.5 due diligence specifics
  9. Control 5.6 risk assessment criteria
  10. Control 5.7 risk treatment planning
  11. Control 5.8 statement of applicability
  12. Control 5.9 policy maintenance
Module 2. Control 6.1 to 6.3 in practice
Break down access control, asset management, and classification in complex environments. Apply control logic to hybrid cloud, federal systems, and third-party vendors.
12 chapters in this module
  1. Control 6.1 access control policy
  2. User access provisioning workflows
  3. Privileged account controls
  4. Control 6.2 asset ownership rules
  5. Asset inventory completeness
  6. Asset classification tiers
  7. Control 6.3 media handling procedures
  8. Classification labels in practice
  9. Cross-domain data flows
  10. Handling off-site media
  11. Media disposal compliance
  12. User equipment policies
Module 3. Control 7.1 to 7.4 implementation
Address cryptography, network security, and secure configuration with real client examples. Build repeatable artefacts for audit defense.
12 chapters in this module
  1. Control 7.1 cryptographic usage policy
  2. Key management lifecycle
  3. Encrypted data in transit
  4. Encrypted data at rest
  5. Control 7.2 network controls
  6. Segmentation design
  7. Firewall rule documentation
  8. Remote access controls
  9. Secure configuration baselines
  10. Control 7.3 vulnerability management
  11. Patch management frequency
  12. Configuration drift tracking
Module 4. Control 8.1 to 8.3 audit readiness
Prepare for third-party assessments by building evidence trails, control narratives, and exception justifications that stand up under scrutiny.
12 chapters in this module
  1. Control 8.1 event logging policy
  2. Log retention duration
  3. Log access controls
  4. Log review frequency
  5. Control 8.2 monitoring tools
  6. Incident detection thresholds
  7. Control 8.3 test procedures
  8. Penetration testing scope
  9. Vulnerability scanning cadence
  10. Audit trail completeness
  11. Log correlation examples
  12. Monitoring exception tracking
Module 5. Control 9.1 to 9.4 personnel practices
Apply controls to onboarding, offboarding, and role changes. Create defensible HR security processes.
12 chapters in this module
  1. Control 9.1 screening procedures
  2. Background checks scope
  3. Reference verification
  4. Control 9.2 confidentiality agreements
  5. NDAs and compliance
  6. Role-specific agreements
  7. Control 9.3 onboarding training
  8. Security awareness delivery
  9. Role-based training
  10. Control 9.4 offboarding steps
  11. Access revocation workflows
  12. Exit interview documentation
Module 6. Control 10.1 to 10.5 physical security
Map physical and environmental controls to data centers, office spaces, and remote work policies. Handle hybrid setups with precision.
12 chapters in this module
  1. Control 10.1 secure areas policy
  2. Access control to servers
  3. Visitor management
  4. Control 10.2 equipment protection
  5. Environmental controls
  6. UPS and power redundancy
  7. Fire suppression systems
  8. Control 10.3 maintenance procedures
  9. Equipment disposal
  10. Leased equipment handling
  11. Control 10.4 downgrading procedures
  12. Secure sanitization
Module 7. Control 11.1 to 11.3 operations security
Implement change management, backup, and logging at scale. Avoid common drift and reversion issues.
12 chapters in this module
  1. Control 11.1 change management
  2. Change approval workflows
  3. Rollback procedures
  4. Control 11.2 backup policies
  5. Backup frequency
  6. Test restoration
  7. Data retention alignment
  8. Control 11.3 event logs
  9. Log integrity checks
  10. Time synchronization
  11. Clock source accuracy
  12. Log correlation across systems
Module 8. Control 12.1 to 12.4 system acquisition
Apply security throughout the system lifecycle. Influence vendor selection and development practices with confidence.
12 chapters in this module
  1. Control 12.1 security requirements
  2. Procurement specifications
  3. Vendor questionnaires
  4. Control 12.2 development lifecycle
  5. Security by design
  6. Code review practices
  7. Control 12.3 test data protection
  8. Masking production data
  9. Test environment isolation
  10. Control 12.4 secure deployment
  11. Deployment window controls
  12. Post-deployment validation
Module 9. Control 13.1 to 13.3 supplier relationships
Manage third-party risk with structured agreements and monitoring. Drive accountability without overstepping.
12 chapters in this module
  1. Control 13.1 supplier policies
  2. Third-party risk categories
  3. Due diligence depth
  4. Control 13.2 agreements with security
  5. SLA security clauses
  6. Audit rights inclusion
  7. Control 13.3 monitoring performance
  8. KPIs for security
  9. Supplier review meetings
  10. Incident reporting expectations
  11. Contract termination clauses
  12. Onsite audit rights
Module 10. Control 14.1 to 14.3 incident management
Build playbooks that accelerate response and reduce reporting fatigue. Become the anchor in high-pressure situations.
12 chapters in this module
  1. Control 14.1 incident reporting
  2. Reporting channels
  3. Mandatory events
  4. Control 14.2 response procedures
  5. Incident triage
  6. Containment steps
  7. Eradication workflows
  8. Recovery validation
  9. Control 14.3 forensic readiness
  10. Evidence preservation
  11. Chain of custody
  12. Legal hold procedures
Module 11. Control 15.1 to 15.2 business continuity
Align ISO 27001 with BC/DR planning. Ensure controls support resilience without duplication.
12 chapters in this module
  1. Control 15.1 business continuity
  2. BCP integration
  3. Impact analysis
  4. Recovery time objectives
  5. Control 15.2 testing frequency
  6. DR test scheduling
  7. Tabletop exercise design
  8. Failover validation
  9. Recovery point objectives
  10. Test result documentation
  11. Improvement tracking
  12. Stakeholder communication
Module 12. Control 16.1 to 16.2 compliance assurance
Own the compliance narrative end to end. Deliver clean, defensible reports that close loops quickly.
12 chapters in this module
  1. Control 16.1 legal compliance
  2. Applicable regulations
  3. License tracking
  4. Control 16.2 intellectual property
  5. Software audits
  6. Compliance checks
  7. Control 16.3 personal data
  8. GDPR alignment
  9. PII handling
  10. Control 16.4 proof of compliance
  11. Audit evidence packaging
  12. Compliance dashboards

How this maps to your situation

  • When onboarding to a new client engagement
  • Before audit fieldwork begins
  • During control gap assessment
  • When building a new statement of applicability

Before vs. after

Before
Relying on team leads for control interpretation and spending cycles reconciling evidence requests
After
Producing audit-ready outputs independently with confidence in every control mapping

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, designed to fit around client work. Most complete the course in under 6 weeks.

If nothing changes
Continuing to depend on senior reviewers for control justification slows your impact and keeps you out of high-visibility engagements where deep framework mastery is expected

How this compares to the alternatives

Generic ISO 27001 training covers broad policy. This course focuses on the 23% of controls that drive 80% of audit friction and gives you concrete, reusable implementation patterns.

Frequently asked

Is this course only for auditors?
No. It's designed for practitioners implementing controls, writing policies, and preparing for audits, especially in consulting or client-facing roles.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Will I receive a certification?
No. This is a mastery-building course focused on practical implementation, not exam prep.
$199 one-time. Approximately 3 hours per module, designed to fit around client work. Most complete the course in under 6 weeks..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours