Welcome, Guest

ISO 27001: The Inheritance

Overview

A 4-module decision-based scenario course on ISO/IEC 27001:2022 surveillance audits and Annex A 2022 controls. The learner plays Iris Hartnell, the new ISMS Manager at an Amsterdam-headquartered managed-cloud firm, eight weeks into a role inherited without a handover. The first surveillance audit lands in week 8. Approximately 100 minutes total. Course delivered in English.

Target Audience:

ISMS managers, security managers, CISOs, and compliance officers at mid-size B2B SaaS, fintech, healthtech, and managed-cloud firms holding live ISO 27001:2022 certification with a surveillance audit booked.

Features and USPs:

Document redline activity. Inherited-control classifier (real vs documented). Evidence-board investigation. Privileged-sample review. Hot-seat with Stage 1+2 auditor. Disclosure-dial activity (customer notification calibration). Customer hot-seat. References to ISO/IEC 17021-1 closure mechanics and EA mutual recognition. Legally reviewed by qualified EU information-security counsel.

Learning Objectives:

  • Distinguish documented controls from operating controls (ISO 17021-1)
  • Triage Annex A 2022 control exceptions and minor / major NCs
  • Manage evidence collection under audit-window time pressure
  • Calibrate customer disclosure under cert-lapse contractual penalties
  • Hold the audit position without conceding substance to the auditor