Take the ISO 27001 course exam and get the
EU GDPR course exam for free

ISO 27001 Lead Implementer Course

This free course will teach you how to become an independent consultant for the implementation of Information Security Management Systems using the ISO 27001 standard. This course was created to help novice users learn the standard and build their business. The course includes a certificate, approved by ASIC, which proves your expertise in the standard and enhances your consulting practice, as most organizations seek out certified consultants.

This course is divided into three sections:

  1. A video library: stores lectures and information on how to write procedures and documents required for the standard.
  2. An interactive workshop: helps you practice the concepts necessary for implementing the standard.
  3. Certification exam: upon successful completion of the exam, you will get a certificate and a badge for your LinkedIn profile to highlight your qualifications.

Course Curriculum

Introduction to the course 00:00:00
Module 1 - Introduction to ISO 27001
Introduction & suggested reading 00:00:00
What is ISO 27001? 01:30:00
The structure of ISO 27001 02:30:00
Information security principles 02:30:00
Introduction to the Information Security Management System 02:30:00
Implementing ISO 27001 requirements 03:00:00
Implementing ISO 27001 as a project 01:30:00
Documenting ISO 27001 requirements 03:30:00
ISO 27001 Benefits 02:30:00
ISO 27001 Benefits – Real-life exercise 00:00:00
Related documentation 00:00:00
Certification FAQs 00:00:00
Recap quiz 00:00:00
Module 2 - The planning phase
Introduction & suggested reading 00:00:00
Understanding your organization and its context [clause 4.1] 02:30:00
Understanding the needs and expectations of interested parties [clause 4.2] 02:00:00
Determining the scope of the ISMS [clause 4.3] 02:00:00
Leadership and commitment [clause 5.1] 02:00:00
Information Security Policy [clause 5.2] 01:00:00
Organizational roles, responsibilities and authorities [clause 5.3] 02:30:00
Information security objectives [clause 6.2] 02:30:00
Resources [clause 7.1] 02:00:00
Competence [clause 7.2] 01:30:00
Awareness [clause 7.3] 01:30:00
Communication [clause 7.4] 01:30:00
Documented information [clause 7.5] 03:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 3 - Risk management
Introduction & suggested reading 00:00:00
Addressing risks and opportunities [clause 6.1.1] 02:00:00
Risk management process [clause 6.1.2] 02:30:00
Information security risk assessment – Risk identification [clause 6.1.2] 03:00:00
Exercise: Information security risk assessment – Risk identification 00:00:00
Information security risk assessment – Risk analysis and evaluation [clause 6.1.2] 03:00:00
Information security risk treatment [clause 6.1.3] 03:00:00
Statement of Applicability [clause 6.1.3] 02:00:00
Risk treatment plan [clause 6.1.3] 00:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 4 - The Do phase
Introduction & suggested reading 00:00:00
Formulating the risk treatment plan [clause 6.1.3] 02:00:00
Implementing the risk treatment plan [clause 8.3] 01:30:00
Operational planning and control [clause 8.1] 02:30:00
Operating the ISMS [clause 8] 01:00:00
Managing outsourcing of operations [clause 8.1] 02:30:00
Controlling changes [clause 8.1] 02:30:00
Risk assessment review [clause 8.2] 02:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 5 - The Check and Act phases
Introduction & suggested reading 00:00:00
Monitoring, measurement, analysis, and evaluation [clause 9.1] 04:00:00
Internal audit [clause 9.2] 03:00:00
Management review [clause 9.3] 03:00:00
Nonconformities and corrective actions [clause 10.2] 04:30:00
Continual improvement [clause 10.1] 02:30:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 6 - Overview of Annex A
Introduction & suggested reading 00:00:00
Introduction to Annex A 00:00:00
People controls 00:00:00
Physical controls 00:00:00
Technological controls – overview and new controls 00:00:00
Technological controls – software development 00:00:00
Technological controls – operational security 00:00:00
Organizational controls – policies and responsibilities 00:00:00
Organizational controls – information and asset management 00:00:00
Organizational controls – operational security 00:00:00
Organizational controls – supplier security 00:00:00
Organizational controls – incidents and business continuity 00:00:00
Organizational controls – compliance, privacy, and legal aspects of security 00:00:00
Related documentation 00:00:00
Recap quiz 00:00:00
Module 7 - Getting the project approved
Introduction & suggested reading 00:00:00
What is your situation? 00:00:00
For consultants: Get more sales meetings with prospects 00:00:00
How to get the interest of top management in your project? 00:00:00
How to present the project 00:00:00
Other techniques for presenting the project 00:00:00
For consultants: Writing a great proposal 00:00:00
Recap quiz 00:00:00
Module 8 - Prepare for the implementation
Introduction & suggested reading 00:00:00
Define the scope of the project 00:00:00
Key stages of the project 00:00:00
Tips for project management 00:00:00
Estimating the project 00:00:00
Communication 00:00:00
Use of tools 00:00:00
Define roles and responsibilities 00:00:00
Project manager beware 00:00:00
Project documentation 00:00:00
Write a Project Plan 00:00:00
Kick-off meeting 00:00:00
Recap quiz 00:00:00
Module 9 - Implementation of a management system
Introduction & suggested reading 00:00:00
Executing the project work 00:00:00
Work assignment 00:00:00
Managing work assignments and resources 00:00:00
Enabling smooth project execution 00:00:00
Gathering information and recommending changes 00:00:00
Introducing documentation and changes in day-to-day use 00:00:00
Overcoming the resistance to change 00:00:00
Recap quiz 00:00:00
Module 10 - Monitor, control and completing the project
Introduction & suggested reading 00:00:00
Verifying and issuing a status report 00:00:00
Communication about the project status 00:00:00
Monitor and control meeting 00:00:00
Internal audit 00:00:00
Management review purpose 00:00:00
Management review preparation and execution 00:00:00
Acceptance and implementation closure 00:00:00
Recap quiz 00:00:00
Module 11 - Taking the organization for the certification
Introduction & suggested reading 00:00:00
Go for certification or not? 00:00:00
Choose a certification body 00:00:00
Certification process 00:00:00
Stage 1 and Stage 2 audits 00:00:00
Prepare the certification audit 00:00:00
Logistics of the certification audit 00:00:00
Preparing your people for the certification audit 00:00:00
What to expect from the certification auditors 00:00:00
After the certification audit 00:00:00
Recap quiz 00:00:00
Module 12 - Maintaining the certification
Introduction & suggested reading 00:00:00
Keeping the certification 00:00:00
Improving the management system 00:00:00
Top management leadership and example 00:00:00
Keep the management system updated 00:00:00
Until the next surveillance audit 00:00:00
What is the surveillance audit 00:00:00
Recap quiz 00:00:00
Instructions for taking the exam and obtaining the certificate 00:00:00
  • Access video lectures for free
  • 12 MODULES
  • COURSE DURATION: 20 hours
Price: US$ 1797
You will receive a temporary certificate valid until final payment is due. The final certificate will be delivered upon full payment.
    With the purchase you get:
  • 1-Day online workshop
  • Access to documentation tutorials
  • Certificate approved by ASIC
  • ISO 27001 EBOOK
  • Access to course script
  • Free exam retake
  • Access to practice exam
  • Price US$ 1797

  • Leading international authority in certification of training providers
STEP 1: Watch video lectures

The access to video lectures section of the course is free, so you can obtain all this knowledge at zero cost. The videos are organized into 12 separate modules, with each containing several videos and quizzes to aid your learning, plus a recap quiz that will give you an idea of the types of questions you may see on the certification exam. You may view a list of the module contents in the curriculum above. The video lectures have all been recorded, allowing you to watch them at your convenience, anywhere you like.

This course was created by Carlos Cruz, a veteran consultant of 30 years with experience in leading a variety of companies and organizations in their implementation efforts.

There are two instructors for this course. Garry Cornell has global experience as a senior manager, certification auditor, and consultant helping a wide range of businesses in their implementations of various ISO standards. Dejan Kosutic has extensive experience with information security management system according to ISO 27001 as a trainer, consultant, and ISO 27001 Lead Auditor. He has authored dozens of articles on leading ISO blogs, as well as the ISO 27001 Documentation Toolkit.

ISO 27001 Lead Implementer Course

Type: Online video lectures

Course language: English

STEP 2: Interactive workshop

We don’t expect you to learn all of the skills you need to implement ISO 27001 information security management system in a series of video lectures, so we developed a supplemental workshop to enhance your learning. You can attend this one-day interactive workshop remotely via webinar. The purpose of the workshop is to help you develop the real-life skills needed in an ISMS implementation, using case studies, role playing, etc. You’ll also have the opportunity to develop soft skills helpful in the certification exam and in your new role as consultant.

Check out the times of our live online workshops to find one that fits your schedule. You can attend from your home or workplace.

ISO 27001 Lead Implementer Course

Duration: 1-day workshop

Type: Online webinar

STEP 3: Online certification exam

Once you have watched all of the video lectures, completed the quizzes, and attended the interactive workshop, you may access the certification exam. This is the final step in your certification journey, and because it is online, you may take it at a time and place convenient to you.

Upon successful completion of the examination, you will be presented with a certificate that formally states your competence as an ISO 27001 consultant.

The ISO 27001 Lead Implementer exam fee is already included in the price of the workshop, so you’ll have instant access once your workshop is booked and paid for.

ISO 27001 Lead Implementer Course

Number of question: 40

Type: Online proctored exam

BONUS: ISO 27001 documentation tutorials

After registering for the workshop and examination, we will send you a link to a bonus series of video tutorials designed to help you with ISO 27001 documentation for information security management system. These tutorials will provide guidance on how to complete the core documents required by ISO 27001, making them invaluable to a new ISO 27001 consultant.

You’ll have comprehensive, step-by-step guidance for completing the Information Security Policy, Information Security Manual, Information Security Objectives, Scope of the Information Security Management System, and the other required documentation for your ISO 27001 implementation project.

ISO 27001 Lead Implementer Course

Number of tutorials: 17

Tutorials language: English

Benefits of getting the certificate

A certificate of competence proves that you attended the eTraining course and that you passed the exam certified by ASIC. This ensures that you understand and can apply the implementation knowledge you gained in each of the course's modules.

How to get certified?

It's simple:
1) Watch complete videos of all lectures, and answer all practice exams.
2) Attend the workshop.
3) Pass the online exam.

Bonuses with the certificate

Once you purchase the certificate, you will receive the following bonuses:

Discount badge

SECURE & SIMPLE: A Small-Business Guide to Implementing ISO 27001 On Your Own (eBook)

The plain English, step-by-step handbook for information security practitioners.

In this book, Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. No matter if you’re new or experienced in the field, this book gives you everything you will ever need to implement ISO 27001 on your own.

Course Script (PDF)

If you decide to purchase the exam you will get the PDF script from the course completely free. The script includes everything said in the videos and all quizzes.

This way, you can access course materials any time you like, making it much easier to practice and prepare for the exam.

Free exam retake

Once you purchase the exam, you will be able to retake it.

This means, if you do not pass the exam on your first attempt, you can retake it one time, free of charge.

There is no mandatory waiting period between the two attempts.

Practice Exam

With the purchase of the exam, you get access to practice exams. You can use these exams to test your knowledge and familiarize yourself with the exam environment.

The results from the practice exam do not have any effect on the results of the final exam.

US$ 1797
You will receive a temporary certificate valid until final payment is due. The final certificate will be delivered upon full payment.
Credit cards
100% secure online billing AES-128bit SSL safe
Norton Seal

Course Reviews

Frequently Asked Questions

There is no time limit, so you can take as long as you need to watch the video lectures. We do, however, recommend that you watch them all within 3–4 weeks so that you get the most benefit from them.

You may access the video lectures at any time. Because the lectures section is a made up of pre-recorded video lectures and freely available practice quizzes, reading, and other resources, you my access them whenever it is convenient.

You don’t need any prior knowledge or experience in the implementation – this course was designed so that a beginner to these topics will understand it.

We have to pay for all of our great resources somehow :). Our video lectures are freely available, but there is a fee required to attend the workshop, take the certification exam, and receive the certificate – but, this fee is highly discounted compared to what you would pay to attend a comparable course in a classroom. In addition, when you pay for the workshop, we will send you a download link to a PDF containing scripts from all of the video lectures, plus practice quizzes, practice tests, and links to extra reading materials. Having access to all of the content from the video lectures will make it much easier to prepare for your workshop and certification exam. You will also be able to access the video tutorials to learn how to write the information security management system documents required by ISO 27001.

To participate in the online workshop, we will send you a special link to connect to the Zoom. All you need is a computer with microphone and speakers.

Completion of all of the video lectures is the only prerequisite.

The certification exam may be taken online, from anywhere. To make this possible, we employ an online proctoring service. Click here to learn more.

After watching all of the video lectures and completing the workshop, you may take the certification exam. If you earn a passing score, you will be issued the certificate. Please note that during the exam, an online proctoring service will verify your identity and ensure that you take the exam without assistance. Click here to learn more about our online proctoring service.

All you need to access the course is your PC, Mac, or mobile device, any major browser (Chrome, Firefox, Internet Explorer, Safari, etc.), and a broadband Internet connection. And, of course, plenty of available time to devote to the course.

The course materials (video lectures, quizzes, reading materials, practice exams, and other resources), along with the skills you learn from the workshop, are all you need to successfully pass the certification exam and receive your certificate.

With your purchase of the certification exam, in addition to having access to the workshop, you will also gain access to a bonus PDF of all the scripts from the video lectures, all of the course questions, readings, access to the practice exams, and a library of video tutorials to guide you through implementation of the mandatory information security management system documentation for ISO 27001.

To learn what ISO 27001 Lead Implementer training looks like, see this article.



  • ASIC is recognised by UKVI in UK, is a member of the CHEA International Quality Group in USA, is a member of the British Quality Foundation, and is an institutional member of European Distance and E-Learning Network.

  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.