Text size: A A A

Frequently Asked Questions

Frequently Asked Questions
Please select from the categories below to read FAQs relating to each of our qualification schemes.

ISO/IEC 27001 FAQs - Frequently Asked Questions

  • What is ISO/IEC 27001?

    ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.

    It enables organizations to demonstrate excellence and prove best practice in Information Security management. Conformance with the standard requires commitment to continually improve control of confidential and sensitive information, providing reassurance to sponsors, shareholders and customers alike.

    Re-released in 2013, ISO/IEC 27001 builds upon established foundations as the most widely recognized international standard specifically aimed at information security management. The adoption of an Information Security Management System (ISMS) is a strategic decision driving the coordination of operational security controls across all of the organization’s electronic and physical information resources.

    The standard can be integrated with other management system framework standards, such as the quality standard ISO 9001 and ISO/IEC 20000 for IT service management.

    ISO/IEC 27001 provides a model to establish, implement, maintain and continually improve a risk-managed ISMS. The design and implementation of the management system is tailored to the organization’s objectives, information assets, operational processes and governing legal and regulatory security requirements.

    ISO/IEC 27001 is the formal specification and defines the requirements for an ISMS. It includes:

    • ISMS planning, support and operational requirements
    • Leadership responsibilities
    • Performance evaluation of the ISMS
    • Internal ISMS audits
    • ISMS improvement
    • Control objectives and controls

    Back to Top

  • How can I train for the ISO/IEC 27001 examination?

    Training for ISO/IEC 27001 is available from the network of Accredited Training Organizations (ATOs) assessed and certified by APMG-International. The full list of our ISO/IEC 27001 ATOs can be found at:

    Only these organizations and registered partners/affiliates are authorized to deliver APMG-International ISO/IEC 27001 training.

    Back to Top

  • Do I have to receive training to sit the exam?

    No, however this is recommended. In addition to receiving accredited training, individuals also have the option of self-study to prepare for the examination. APMG-International administers public exam sessions around the world to accommodate those who self-study.

    Back to Top

  • How do I sit the exam?

    Most, if not all ISO/IEC 27001 accredited training organizations include the examination as part of the associated training course.

    Back to Top

  • How much does it cost to sit the ISO/IEC 27001 examination?

    If you are sitting the examination through an accredited training organization, the cost of the exam is generally included in the course fee.

    Back to Top

  • Are there any pre-requisites for the ISO/IEC 27001 examination?

    There are no pre-requisites for the foundation qualification but a background in information security or service management would be an advantage.Candidates must achieve a pass at foundation level before completing the practitioner examination.

    Back to Top

  • What are the main publications for ISO/IEC 27001 and where can I purchase them?

    The ISO/IEC 27000 series of standards form the basis for the exams and can be purchased from BSI.

    Back to Top

  • Which languages is the ISO/IEC 27001 examination available in?

    The exam is currently available in English only.

    Back to Top

  • How long will it take to learn the ISO/IEC 27001 material?

    For those studying with an accredited training organization, foundation courses are generally delivered over 3 days, and practitioner over 2 days.

    Back to Top

  • What is the structure of the ISO/IEC 27001 examination?

    A summary of the structure of the ISO/IEC 27001 foundation and practitioner examinations can be seen at:

    Back to Top

  • How long is the ISO/IEC 27001 qualification valid for?

    The qualifications are not valid for a defined period and will not expire.

    Back to Top

  • When can I expect the results of my ISO/IEC 27001 examinations?

    Foundation examinations can be marked on location after the exam, but this is down to the discretion of the invigilator at the time. Practitioner answer sheets are marked at APMG-International offices and results released soon after.

    Your result will be sent to your ATO approximately 7-10 days after your exam date. Your ATO should notify you of your results so please contact them for further details.

    Back to Top

  • When will I receive my certificate?

    Candidates will automatically be sent an electronic certificate within two business days of their exam results being released. If you have not received your certificate within this timeframe please contact our Customer Interaction Team - servicedesk@apmg-international.com

    Electronic certificates are environmentally friendly, but can be printed if required. It is also very easy to share them with employers and other third parties. APMG will send you a link to your registered email address. This link will take you to your Candidate Portal where you will find your electronic certificate(s). You can always access all your electronic certificates using the APMG candidate portal.

    Sometimes, if you have taken your examination(s) via a Training Organisation, certificates will be issued based on the preferences that the Training Organisation selected when booking the exam. The Training Organisation can select either an electronic certificate or both paper and electronic certificates are provided to the candidate. The Training Organisation can also choose if certificates are sent to the candidates directly or via the Training Organisation. If you have been awarded an electronic certificate but also require a hard copy certificate, you can always order a hard copy certificate for GBP 12.00. This is also the case if you re-order your hard copy certificate.

    If you would like to purchase a hard copy certificate in addition to your electronic certificate please contact our Customer Interaction Team - servicedesk@apmg-international.com

    Back to Top

  • What is the pass mark for the ISO/IEC 27001 examination?

    Foundation: You will need to score 25/50 to pass the foundation exam.

    Practitioner: You will need to score 40/80 to pass the practitioner exam.

    Back to Top

  • What pass mark is required to be eligible to become an ISO/IEC 270001 trainer?

    To be eligible to apply to become an ISO/IEC 27001 approved trainer, individuals must achieve a score of 66% (53/80) in the practitioner exam.

    Back to Top

  • Can I use the ISO/IEC 27001 logo?

    Only organizations licensed to do so are permitted to use the ISO/IEC 27001 logo. Such organizations include ISO/IEC 27001 ATOs (ACPs) and Registered Certification Bodies (RCBs) certified by itSMF-UK / APMG-International.

    Back to Top

  • How do I become an ISO/IEC 27001 approved trainer?

    All ISO/IEC 27001 trainers must be "sponsored" by an ISO/IEC 27001 accredited training organization (ATO). Details of all ISO/IEC 27001 ATOs can be found at:

    A trainer application must be submitted by the sponsoring ATO to their relevant APMG-International office.

    Back to Top

  • How does my organization become an ISO/IEC 27001 Accredited Training Organization (ATO)?

    An organization wishing to become an ISO/IEC 27001 ATO must first submit an application form to either the APMG-International service desk or a regional APMG-International office. The organization will then be subject to APMG-International's ATO assessment process.

    Back to Top