ISO/IEC 27001 Transition

The new version of ISO/IEC 27001 has been recently published and is now aligned with the new version of ISO/IEC 27002, which was published in February, 2022. The major changes between ISO/IEC 27001:2022 and ISO/IEC 27001:2013 are noticed in the information security controls of Annex A, whereas a few other minor changes are present in the clauses of the standard too. Furthermore, the title of ISO/IEC 27001:2022 differs from the title of ISO/IEC 27001:2013, as now the standard is titled Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

The “PECB ISO/IEC 27001 Transition” training course provides detailed information on the revised clauses, the new terminology, and the differences in the controls of Annex A. Additionally, this training course provides participants with the necessary knowledge to support organizations in planning and implementing the changes in their ISMS to ensure conformity with ISO/IEC 27001:2022. As such, you will be able to participate in projects to transition from an ISMS based on ISO/IEC 27001:2013 to an ISMS based on ISO/IEC 27001:2022.

Once you become acquainted with the new concepts and requirements of ISO/IEC 27001:2022 by attending the training course, you can sit for the exam, and if you successfully pass it, you can apply for the “PECB Certified ISO/IEC 27001 Transition” credential. This certificate will prove that you have up-to-date knowledge and professional capabilities to successfully update an ISMS based on the requirements of ISO/IEC 27001:2022.

Learning objectives: 

Upon successfully completing the training course, participants will be able to:

  • Explain the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022
  • Interpret the new concepts and requirements of ISO/IEC 27001:2022
  • Plan and implement the necessary changes to an existing ISMS in accordance with ISO/IEC 27001:2022

Audience:

  • Individuals seeking to remain up-to-date with ISO/IEC 27001 requirements for an ISMS
  • Individuals seeking to understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022 requirements
  • Individuals responsible for transitioning an ISMS from ISO/IEC 27001:2013 to ISO/IEC 27001:2022
  • Managers, trainers, and consultants involved in maintaining an ISMS
  • Professionals wishing to update their ISO/IEC 27001 certificates

Certification:

After successfully completing the exam, you can apply for the credential shown on the table below. For more information about ISO/IEC 27001 certifications and the PECB certification process, please refer to Certification Rules and Policies.

The requirements for PECB Foundation Certification are:

imagei0v3l.png

Prerequisites: 

There are no prerequisites required, but a certification in ISO 27001 is recommended

Course outline

Introduction to ISO/IEC 27001:2022 and comparison to ISO/IEC 27001:2013

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Overview of the changes between ISO/IEC 27001:2013 and ISO/IEC 27001:2022
  • Changes in clauses 4 to 10 of ISO/IEC 27001

Comparison between Annex A controls of ISO/IEC 27001:2013 and ISO/IEC 27001:2022

  • Annex A — Organizational controls
  • Annex A — People controls
  • Annex A — Physical controls
  • Annex A — Technological controls
  • Closing of the training course
  • Exam for those in physical course

The exam is will take place at the end of the course on onsite classroom courses

For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send from PECB.

 

  • Multiple choice “closed book” exam where the candidates are not authorized to use anything but the exam paper and a pen or,
  • Duration: 1 hour (+ 10 min extra time for non-native)
  • The use of electronic devices, such as laptops, cell phones, etc., is not allowed.

Examination rules and policies

RECEIVE YOUR EXAM RESULTS

Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.

Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.

In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.

Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.

EXAM RETAKE POLICY

There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:

  • Students, who have completed the full training but failed the written exam, are eligible to retake the exam once for free within a 12 month period from the initial date of the exam.
  • If a candidate does not pass the exam on the second attempt, he/she must wait 3 months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee applies.
  • If a candidate does not pass the exam on the third attempt, he/she must wait 6 months (from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.

After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.

For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.

To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.

Other relevant courses

6. January
5 days
Classroom Virtual
23. January
2 days
Classroom Virtual Guaranteed to run
27. January
5 days
Classroom Virtual