Information Security Management Foundation (ISO/IEC 27001)

Earners of the Information Security Management Foundation (ISO/IEC 27001) certification have demonstrated foundational knowledge of the ISO/IEC 27001 standard. This certification confirms that the professional has the knowledge required to establish, implement, maintain, and continually improve an information security management system within the context of the organization in accordance with the ISO/IEC 27001 standard. The exam covers topics such as terms and definitions, normative references, Context of the organization (understanding the organization and its context, understanding the needs and expectations of interested parties, determining the scope of the ISMS), Leadership (leadership, commitment, policy, organizational roles, responsibilities and authorities), Planning, Support (Resources, Competence, Awareness, Communication, and Documented information), Operation (Operational planning and control, information security risk assessment, information security risk treatment), Planning (Actions to address risks and opportunities, information security objectives), Performance evaluation (Monitoring, Measurement, analysis, evaluation, internal audit, management review), and Improvement (Nonconformity and corrective action, continual improvement). Earning criteria: To earn the Information Security Management Foundation (ISO/IEC 27001) certification candidates must successfully pass the ITC-006: Information Security Management Foundation (ISO/IEC 27001) exam - Foundational level. A score of 70% or higher is required to pass the exam. The ITC-006: Information Security Management Foundation (ISO/IEC 27001) exam is a closed-book and remotely proctored exam. ITCERTS recommends that candidates have at least 6 months of work experience in Information Security before sitting for the exam. This certification is considered good-for-life and does not expire.