🔒 Information Security Management

ISO/IEC 27001:2022 Lead Implementer

After this course, your team can stand up an ISMS that survives a Stage 2 audit: scope it, run the risk engine, build a Statement of Applicability tied to real decisions, and produce the evidence a registrar accepts. QMS Workbench stays with you through every risk assessment, policy, and management review. Built by a practitioner who has lived the audits, not read about them.

ISO/IEC 27001:2022ISO/IEC 27002:2022ISO/IEC 27005ISO/IEC 27000

7 modules•37 lessons•2 enrolled•QMS Workbench included

Team license

For organizations

5+ seats • demo-gated pricing

Request Course Access

✓ Audit-ready skills you use immediately

✓ QMS Workbench, your permanent compliance partner

✓ LinkedIn certificate that proves your expertise

✓ Real scenarios that prepare you before it matters

✓ Updated forever as regulations change

30-Day Money-Back Guarantee

Not the right fit? Full refund, no questions asked.

Walk Into Any Audit With Confidence

Other courses give you a certificate. We give you the judgment to use it.

🎯

The Auditor Who Finds What Others Miss

You will not just check boxes. You will follow the work, ask the questions that reveal how things really operate, and write findings that drive actual change. Your audits will be the ones people talk about because they made things better.

🎓

The Credential That Opens Doors

Your ISO 9001 Internal Auditor certificate is not a participation trophy. It proves you can plan, conduct, report, and follow up on audits using real methodology. Employers and registrars recognize this.

🤖

An AI Mentor That Never Leaves

After the course, QMS Workbench stays with you. Ask it about clause interpretation, finding statements, audit planning, or corrective action evaluation. It knows your completed coursework and gives answers that build on what you learned.

QMS Workbench Stays With You

After the course, your AI compliance mentor is available 24/7. Here is what a real conversation looks like.

QMS Workbench

You

Does this supplier evaluation meet clause 8.4.1 requirements?

To fully meet 8.4.1, your supplier evaluation needs three things: defined criteria for selection, defined criteria for evaluation, and defined criteria for re-evaluation. Check that your procedure specifies how you initially qualify suppliers, how you monitor ongoing performance (delivery, quality, responsiveness), and how often you formally re-evaluate. If any of those three are missing or just boilerplate without real metrics, that is a finding.

You

Help me write a finding statement for this calibration gap.

✨

Ask anything, anytime. "What should I look for when auditing design controls?" "How do I audit management review effectively?" "Help me build a process-based audit checklist"

What You'll Be Able to Do

✓Scope an ISMS correctly so the audit covers what it should and nothing it should not

✓Run the risk engine the 2022 standard requires: identify by confidentiality, integrity, and availability, then treat and own each risk

✓Build a Statement of Applicability that ties every control to a real risk decision and passes in minutes

✓Apply all 93 Annex A controls as a cross-check, not a checklist to implement blindly

✓Run internal audits and management reviews that find problems before the registrar does

✓Use QMS Workbench to generate the policies, methodology, and Audit-Evidence Package your auditor expects

Course Curriculum

Module 1: The ISMS Foundation

Clauses 4 and 5: context, scope, leadership, policy, roles, and the 2013-to-2022 transition.

5 lessons

1.Why ISO 27001 Exists and What It Actually Protects14 min

2.Context, Interested Parties, and Scope: Drawing the Boundary13 min

3.Leadership and the Information Security Policy13 min

4.Roles, Responsibilities, and Authorities: Who Owns What12 min

5.The 2013 to 2022 Transition: What Actually Changed12 min

Module 2: Risk, the Engine of the Standard

Clause 6.1: risk assessment methodology, identifying risk by C-I-A, analysis and evaluation, treatment and control selection, and the Statement of Applicability.

5 lessons

1.Risk Assessment Methodology: Building a Repeatable Process15 min

2.Identifying Risks to Confidentiality, Integrity, and Availability, and Their Owners15 min

3.Analyzing and Evaluating Risk: Likelihood, Consequence, Risk Level15 min

4.Risk Treatment and Selecting Controls16 min

5.The Statement of Applicability: The Document That Makes or Breaks Your Audit18 min

Module 3: Planning, Support, and Operation

Clauses 6.2, 6.3, 7, and 8: objectives, planning change, resources, competence, awareness, communication, documented information, and operational control.

5 lessons

1.Information Security Objectives and Planning to Achieve Them14 min

2.Planning of Changes to the ISMS14 min

3.Resources, Competence, and Awareness15 min

4.Communication and Documented Information15 min

5.Operational Planning and Control15 min

Module 4: Organizational Controls (Annex A.5)

All 37 organizational controls in Annex A.5: policies, roles, threat intelligence, asset management, classification, access control, supplier security, incident management, continuity, and legal and privacy compliance.

8 lessons

1.Policies, Roles, Segregation, and Management Responsibilities15 min

2.Authorities, Interest Groups, Threat Intelligence, and Project Security15 min

3.Asset Management, Acceptable Use, and Return of Assets15 min

4.Classification, Labelling, and Information Transfer15 min

5.Access Control and Identity15 min

6.Supplier and Cloud Security, ICT Supply Chain15 min

7.Incident Management and Evidence16 min

8.Continuity, Legal, Compliance, and Operating Procedures16 min

Module 5: People and Physical Controls (Annex A.6 and A.7)

The 8 people controls (A.6) and 14 physical controls (A.7): screening, awareness, disciplinary process, reporting events, physical entry, environmental protection, equipment security, and secure disposal.

4 lessons

1.People Controls: Screening to Termination, Remote Work, and Event Reporting15 min

2.Awareness, Training, and the Human Layer15 min

3.Physical Perimeters, Entry, and Secure Areas15 min

4.Equipment, Media, and Off-Premises Security15 min

Module 6: Technological Controls (Annex A.8)

All 34 technological controls in Annex A.8: endpoints, privileged access, authentication, vulnerability and configuration management, backup and deletion, logging and monitoring, cryptography, and secure development.

5 lessons

1.Endpoints, Privileged Access, and Authentication16 min

2.Malware, Vulnerabilities, and Configuration16 min

3.Data Protection: Deletion, Masking, DLP, and Backup15 min

4.Logging, Monitoring, and Network Security16 min

5.Cryptography and Secure Development16 min

Module 7: Performance, Audit, and Certification

Clauses 9 and 10 plus the certification journey: monitoring and measurement, internal audit, management review, nonconformity and corrective action, and the Stage 1 and Stage 2 audits.

5 lessons

1.Monitoring, Measurement, and Metrics That Matter15 min

2.Running an Internal Audit Programme, With Auditor Impartiality15 min

3.Management Review: Where Leadership Owns the ISMS, or Loses It16 min

4.Nonconformity and Corrective Action15 min

5.The Road to Certification: Internal Audit, the Certification Audit, and the Cycle That Follows16 min

Who Is This Course For?

→Security and quality managers tasked with getting the company certified and unsure where to start

→IT and compliance leads who own the ISMS but have never built one from scratch

→Teams facing a customer or contract that now demands ISO 27001, with a clock running

→Organizations that want certification to mean something, not a template that collapses under questioning

Audit-Ready

In Weeks

Lifetime

Workbench Access

30+

Years Experience

30+

Years Experience

60-80%

Less Than Classroom

Training Has Evolved

Don't Just Take Training. Keep the Expert.

Most training is broken. You sit through a course, pass a quiz, get a certificate... then the real-world problem shows up and you're on your own. Not here.

Traditional Training

xWatch content once, forget 80% in 30 days

xNo support when real problems hit

xGeneric content, not your industry

x,200-,500 per seat + travel costs

xCertificate is the finish line

QMS Learning Academy

+Learn + implement + ask + adapt continuously

+Lifetime AI tutor for guidance during implementation

+Built by practitioners with 30+ years of real audits

+60-80% less than instructor-led alternatives

+Execution is the finish line

Lifetime AI Tutor

Ask questions while you implement. Not generic AI. Trained on your standard, your industry, real audit scenarios.

30+

Expert-Trained Context

Generic AI gives generic answers. Our AI is trained on real audits, real findings, real consequences. 30+ years of practitioner experience.

Outcome Over Content

We don't optimize for course completion. We optimize for audit readiness, compliance confidence, and career growth.

Start ISO/IEC 27001:2022 Lead Implementer Today

Build your foundation with the course. Keep QMS Workbench as your permanent compliance partner.

Request Course Access

Get your team trained

Request Course Access

We license this course to teams. Tell us about yours and we'll send pricing, a free 2-seat 14-day pilot offer, and provisioning instructions within 4 business hours.