ISO/IEC 27002 Information security controls implementation training course

With the growing number of internal and external information security threats, organizations are increasingly recognizing the importance of implementing best practice controls to safeguard their information assets. By implementing and maintaining suitable controls, organizations become less susceptible to information security breaches and the financial and reputational damage they cause.

ISO/IEC 27002:2013 provides guidelines to help organizations select, implement and manage information security controls, taking into account their risk environment. It contains 14 security control clauses, which cover 35 security categories and 114 controls. These controls are intended to be applicable to all organizations and represent a minimum ‘starting point’, i.e. additional controls and guidelines can be added as required.  The standard supports the concepts and framework specified in ISO/IEC 27001:2013.

Online training courses: Connected Learning Live
You can attend this training course classroom based and online. Do you prefer the convenience of an online training course? View here for the available dates or read more about Connected Learning Live.

Who should attend?

Anyone who wants to learn:

  • To identify and understand commonly accepted information security controls
  • How risks can be reduced to an acceptable level using controls
  • How to determine which controls are the most appropriate to implement
  • Practical implementation of ISO/IEC 27002:2013 controls
  • The benefits and pitfalls associated with the use of different controls

The course is applicable to representatives from any size or type of organization who is, or will be, involved in planning, implementing, maintaining, supervising or assessing information security, as part of an ISO/IEC 27001:2013 ISMS or a standalone system. 

We recommend that you have a basic understanding of information security principles and terminology. We also recommend that you have an understanding of the information risks faced by their organization.

A basic understanding of ISO/IEC 27001:2013, information technology and information risk management may be an advantage.

Some delegates on this course will have already attended our Information Security Management System (ISMS) Requirements of ISO 27001:2013, or Information Security Management System (ISMS) Implementing ISO/IEC 27001:2013 course.  

Delegates will be able to:

  • Explain the background and purpose of ISO/IEC 27002:2013
  • Explain the scope and structure of ISO/IEC 27002:2013
  • Explain the different best practice controls recommended by ISO/IEC 27002:2013
  • Explain the benefits of implementing controls from ISO/IEC 27002:2013
  • Evaluate how to use the controls in conjunction with an ISO/IEC 27001 based ISMS
  • Demonstrate how to choose the appropriate controls relevant to you
  • Demonstrate how to implement chosen controls from ISO/IEC 27002

In-house training course

We can deliver this training course to your team in-house. Training in-company allows you to save on each individual delegate and also cut out travel and accommodation expenses, which can be significant.With our in-company training, not only can you meet your business needs, but you can also:

  • Refresh your team’s skills and boost their confidence
  • Give your team an overview of your management system(s)
  • Train a group of auditors to the same level, using the same consistent techniques

For more information about the in-house training or to request a quote, please contact via +31 (0)20 346 07 80 or send an email to

Practical information

  • It's a 2-day course
  • The training and materials will be provided in English
  • The standard ISO 27002 isn’t into the training price included. However, during the training course, a loan copy of the standard will be available.
  • Lunch and drinks are included.

For further information regarding reduced rates at the hotel where the training is being conducted please contact or call +31 (0)20 346 0780.