ISO/IEC 27035 - Foundation


This course enables participants to learn about the best practices for implementing and managing an incident management process throughout their organization using the ISO/IEC 27035 standard as a reference framework. This training is fully compatible with ISO/ IEC 27035, which supports ISO/IEC 27001 by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP 800-61.

Who should attend?

  • Members of an Information Security Risk Management team
  • Professionals wanting to gain a comprehensive knowledge of the main processes of Incident Management
  • Staff involved in the implementation of the ISO/IEC 27035 standard
  • Persons responsible for information security or conformity within an organization
  • Business Continuity Managers


Learning objectives

  • To understand the implementation of an Incident Management process
  • To understand the relationship between an Incident Management process with the requirements of different stakeholders of the organization
  • To know the concepts, approaches, standards, methods and techniques allowing an effective Information Security Incident Management based on ISO/IEC 27035
  • To acquire the necessary knowledge to contribute in implementing an ongoing information security incident management program according to ISO/IEC 27035


Course Agenda

Day 1: Introduction to the incident management framework, according to ISO/IEC 27035 

  • Information security incident management
  • The ISO/IEC 27035 core processes
  • Fundamental principles of information security
  • Linkage to business continuity
  • Legal and ethical issues

Day 2: Organizational Incident Management Process based on ISO/IEC 27035

  • Initiating a Security Incident Management Process
  • Understanding the organization and clarifying the objectives
  • Plan and prepare
  • Roles and functions
  • Policies and procedures
  • Analysis of lessons learned
  • Corrective actions
  • Competence and evaluation of incident managers •

Day 3: Certification Exam





Basic knowledge of Incident Management is preferred.

Educational approach

  • This training is based on both theory and practice:
    • Sessions of lectures illustrated with examples based on real cases
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited

Examination and Certification

  • The “PECB Certified ISO/IEC 27035 Foundation” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of Incident Management
    • Domain 2: Information Security Incident Management
  • The “PECB Certified Security Incident Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 1 hour
  • For more information about exam, refer to PECB section on PECB Certified Security Incident Foundation
  • A certificate of "PECB Certified ISO/IEC 27035 Foundation" will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

General Information

  • Certification fees are included in the exam price
  • A student manual containing over 200 pages of information and practical examples will be distributed to participants
  • A participation certificate of 14 CPD (Continuing Professional Development) credits certificate will be issued to participants
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions