Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo including content not in the forum - Search results with No ads.

How to Learn all aspects of ISO 27001:2013 | The best way to grab the knowledge on 27001:2013 (Step by Step)

Hi All,

Please guide me on the learning approach towards iso 27001:2013, how can I learn it step by step.
Need some answers which can help me in self-study.



Captain Nice
Staff member
The best way I found to learn a standard was to have a copy of it and type it into a Word document. A big help is to have any related standard(s) or reference documents such as, in the case of ISO 9001, to have a copy of ISO 9000 and ISO 9004.

As I wrote, I made a spreadsheet so that every sentence had an entry for comments. When I was doing this stuff the internet wasn't yet. Now days there are thousands of websites, such as here, where you can read peoples interpretations. The way I did it was probably "old school". It's how I learned to study in college years ago. At the time a professor told me that if I really wanted to learn difficult subjects that I had to read everything in the text book and be able to write a sentence or two, at the very least, about every sentence in the book. I was a slow learner with learning disabilities that went back to pre-kindergarten so while many people could pick things up easily, I wasn't that type of person.

So for me, courses like organic chemistry, physiology and physics, to name a few, were difficult. It was frustrating because many of my classmates made it all seem to be so simple. Then again, most of them had already taken preliminary courses in high school.

When I picked up ISO 9001 back around 1990 I did the same thing, though. I bought copies of the standard and associated documents, wrote them out, and bought a number of books on ISO9001 (pre-internet days so I got several books from the library, too). I got to the point where while I didn't know the standard by heart well enough to recite it, I did know every sentence to the point where I could discuss each and relate each to company systems.

I will say that by typing the standard into a Word document it was also a big help to me over time - Easy to search and copy of paste from.

I also did an audit compliance document taken from the parts of the standard. ISO 9001 has changed a bit, but at one time I could discuss every sentence, its intent and how to comply.

I am sure others here will give you their take on how to do that these days, with the internet available and all that.
Please guide me on the learning approach towards iso 27001:2013
For what purpose? What is the end game?

If to implement into an organization, I propose reading the IAQG Process Approach document. What are the processes of the organization?

Once identified, what are the inputs and outputs, how does the flow between processes work.

Once identified, what are the customer requirements for that process.

Once identified, go through ISO 27001, and find out what you have that already meets the requirements.

Also, in terms of any of the standards, watch out for 'threads' of information. Here is an example from ISO 9001:

Risks and Opportunities: 0.3.3 Risk-based Thinking, 0.1 General, 4.4.1 (f) QMS and its Processes, 5.1.2 (b) Customer Focus, 6.1.1, 6.1.2 Planning: Actions to Address Risks and Opportunities, 8.3.3 (e) Design and Development Inputs, 8.3.6 (d) Design and Development Changes, 8.4.2 Type and Extent of Control, 9.3.1 (e) Management Review: General, 10.2.1 Nonconformity and Corrective Action, A.4 Risk-based Thinking

Marcelo Antunes

Addicted to standards
Staff member
Using a standard as a way to understand the standard is not the best way to learn it.

Standards are created for experts in a subject, for experts in a subjects, and generally contain requirements based on good practice on the field. The best way to understand good practice is to read books on the subject. For example, when I begun working in quality, people told me - read the standard (for example, ISO 9001). What I did was to read 4 or 5 books from the old gurus (Deming, Juran, Crosby...) and then, nothing in the standard was new (sure, some specific terms and such may have been created specifically for the standard to standardize terminology, etc, but it's really 1 % of the text).

When I begun working with standards development, this was even more confirmed.
Hi Team,

I m confused to check the policy fall under which team.

ISMS...Does this fall under Information Security team
Health and Safety ,,Does this fall under Admin team
What is ISMS apex manual ?
Who prepare the SOA and why its been done.
Can we do the changes in SOA and if yes then which other document get affected or may have to do the changes

Kindly help on this Query. I am very much keen to work and learn more n more on ISO 27k and security level

Top Bottom