ISO 27001 The People Factor and Objective Setting

Module Information

Establishing meaningful, measurable information security objectives is a vital part of running an effective Information Security Management System (ISMS).  These objectives give your organisation direction, help you monitor progress, and ensure that information security activities directly support your wider business goals.  ISO 27001 requires organisations to define clear objectives, communicate them, and regularly evaluate performance against them.

However, even the strongest objectives will fall short without one crucial element: people. Technology alone cannot secure an organisation. Policies, controls, and processes are only as effective as the individuals who understand them, follow them, and take responsibility for protecting information every day.

This module brings these two elements together: the strategic process of objective setting and the practical, human‑centred People Factor. You’ll learn how to set objectives that support continual improvement, and how to build a culture where staff are informed, engaged, and equipped to play their part in safeguarding information.

By the end of this module, you’ll have a clear understanding of how to align objectives with your ISMS requirements and how to strengthen the human layer of your security framework.

Learning outcomes

By the end of the module, you will have:

• An understanding of how to develop SMART information security objectives and how these can be used to drive business improvement
• A process for developing, communicating and reviewing objectives
• An understanding of people-related information security risks and how to manage them
• An awareness of the ISM People Controls derived from ISO 27001:2022
• A communication plan for raising staff awareness
• Considered staff engagement strategies and planned how to maintain engagement
• Shared examples of good practice

You’ll also receive:

• Example information security objectives
• An example communication plan template

Is this module right for me?

This module is ideal if you:

• Want guidance on developing and reviewing information security objectives
• Need help creating an effective communication plan for staff engagement
• Prefer to learn at your own pace and in your own time
• Need a quick refresher, or are new to information security management

No prior knowledge is required.  This module is beginner-friendly and designed to help you build confidence from the ground up.

For a more in-depth look at ISO 27001, our auditor-led training may be a better fit.

What’s included?

• Access to the ISO 27001 The People Factor and Objective Setting online training module
• Example information security objectives
• An example communication plan template
• Reflective questions to review your processes, identify opportunities for improvement and help you implement what you’ve learned
• A knowledge check and personalised training certificate
• Six months of access to revisit content whenever you need

How does online ISO training work?

Once payment is received, we will email your login details to you.  If you don’t receive this email, please check your junk folder or contact us.

After completing the pre-training survey, training module, and knowledge check, you can download your personalised certificate for your records.

Looking to build a stronger understanding of ISO 27001?

For a deeper understanding of ISO 27001, our auditor-led ISO 27001 training provides a detailed, clause-by-clause explanation of the standard.  Delivered by one of our experienced lead auditors, this one-day course is designed to help you apply theory to real-life business scenarios.  You’ll also benefit from peer learning, sharing challenges and insights with other delegates.

Alternatively, you can enrol in our ISO 27001 online training bundle.  This package includes all six ISO 27001 training modules, while saving over 20% compared to purchasing modules individually.