ISO/IEC 27002 Foundation
Learn to master the information security controls described in ISO/IEC 27002, the practical guide that details the 93 Annex A controls organised into 4 themes: organisational, people, physical and technological. In 2 days, understand how to choose and apply the right controls to protect your organisation.
Who is this course for?
- Consultants and professionals who need to apply security controls day to day
- Teams responsible for implementing the Annex A controls of ISO 27001
- Managers who want to understand which control to choose and why
- Anyone wanting a solid foundation before Lead Implementer or Lead Manager 27002
What you'll gain
- The PECB Certified ISO/IEC 27002 Foundation credential, recognised internationally
- A clear view of the 93 controls and how they are organised into 4 themes
- The ability to connect ISO 27002 with Annex A of ISO 27001
- The ideal foundation to progress towards Lead Implementer or Lead Manager
Course programme
Day 1 · Concepts and structure of the security controls
- Fundamental concepts and principles of information security
- Overview of ISO/IEC 27002 and its role as a guide to controls
- The structure of the standard and the 4 control themes: organisational, people, physical and technological
Day 2 · Detailed controls, attributes and certification exam
- Detailed study of the controls and their implementation objectives
- The control attributes and hashtags (type, properties, concepts, operational capabilities, security domains)
- Link with Annex A of ISO/IEC 27001 and practical application
- Official "PECB Certified ISO/IEC 27002 Foundation" exam (1 hour)
Exam, credits & certification
Once you pass the exam, you can apply for the "PECB Certified ISO/IEC 27002 Foundation" credential. The exam includes 2 attempts: the first plus a free retake, usable within the following 12 months. Passing first time is no longer a source of pressure. CPD credits correspond to the course level according to PECB. The exam duration is indicative; ask me for the exact details when you enrol.
Your trainer

Ricardo Coronel Lemus
More than 20 years in cybersecurity and compliance, today a vCISO and GRC consultant with real clients in France, Spain and Mexico. I don't approach these standards theoretically: I apply them day to day with real clients — that's what I bring to the coaching and exam preparation I offer.
Frequently asked questions
Do I need any prerequisites?
What language is the exam in?
What is the difference between Self-Study and Self-Study + Coaching?
What if I don't pass the exam?
How does it differ from ISO 27001?
Ready to get certified?
Choose your option above and enrol online. A question or need some advice? Write to me or book a call.