ISO 27001 Understanding Information Security Risks

Module Information

Information security risks affect every organisation, regardless of size, sector or maturity.  ISO 27001 Information Security Management System (ISMS) provides a clear and internationally recognised framework for identifying, assessing, and managing those risks through an effective ISMS.

This module gives you a practical introduction to the core concepts of information security risk and guides you through the development of the Statement of Applicability (SOA), a key requirement within the ISO 27001 framework.  You’ll learn how risks arise, how they are assessed, and how the SOA supports informed decision‑making and ongoing compliance.

By the end of this module, you’ll have the confidence to approach risk management in a structured, consistent way that strengthens your organisation’s security posture.

Learning outcomes

By the end of the module, you will have:

• An understanding of information security risk
• An overview of the ISO 27001 broad requirements related to risk
• Practical guidance on how to develop and maintain a Statement of Applicability (SOA)
• Shared examples of good practice

Is this module right for me?

This module is ideal if you:

• Want a clear, practical introduction to information security risk within the ISO 27001 framework
• Need to understand how risks are identified, assessed and managed as part of an ISMS
• Are looking for guidance on developing and maintaining a SOA
• Prefer to learn at your own pace and in your own time
• Need a quick refresher, or are new to information security management

No prior knowledge is required.  This module is beginner-friendly and designed to help you build confidence from the ground up.

For a more in-depth look at ISO 27001, our auditor-led training may be a better fit.

What’s included?

• Access to the ISO 27001 Understanding Information Security Risks and Developing the Statement of Applicability (SOA) online training module
• Reflective questions to review your processes, identify opportunities for improvement and help you implement what you’ve learned
• A knowledge check and personalised training certificate
• Six months of access to revisit content whenever you need

How does online ISO training work?

Once payment is received, we will email your login details to you.  If you don’t receive this email, please check your junk folder or contact us.

After completing the pre-training survey, training module, and knowledge check, you can download your personalised certificate for your records.

Looking to build a stronger understanding of ISO 27001?

For a deeper understanding of ISO 27001, our auditor-led ISO 27001 training provides a detailed, clause-by-clause explanation of the standard.  Delivered by one of our experienced lead auditors, this one-day course is designed to help you apply theory to real-life business scenarios.  You’ll also benefit from peer learning, sharing challenges and insights with other delegates.

Alternatively, you can enrol in our ISO 27001 online training bundle.  This package includes all six ISO 27001 training modules, while saving over 20% compared to purchasing modules individually.