PECB Partner · HRDC Claimable

PECB ISO/IEC 27001 Foundation Course Malaysia

3-day entry-level introduction to the world's most-adopted information security management standard. Built for compliance officers, IT managers and project teams about to participate in their first ISO 27001 programme.

Reserve a Seat Talk to an Expert

Why ISO 27001 Foundation

ISO/IEC 27001:2022 is the international standard for an Information Security Management System (ISMS). For Malaysian organisations preparing for an enterprise tender, a Bank Negara RMiT outsourcing review, a multinational supplier audit, or a PDPA accountability uplift, ISO 27001 has become the reference framework. The Foundation course is the most efficient way to bring an entire team — not just the security lead — onto the same vocabulary and the same model.

Foundation is deliberately broader than it is deep. Over three days we cover the full ISMS lifecycle (Plan-Do-Check-Act), the structure of the standard's 10 clauses, the Annex A control families introduced in the 2022 revision, and the role each function in the business plays — IT, HR, procurement, legal, internal audit and the executive sponsor. Participants leave able to read an ISMS document set, attend a certification audit kick-off without needing translation, and meaningfully contribute to scoping discussions.

For implementers who will design and deploy the ISMS itself, the natural next step is the 5-day PECB ISO 27001 Lead Implementer course. Many organisations send their wider compliance and IT cohort through Foundation first, then upskill 2-3 designated implementers through Lead Implementer.

Course structure — 3 days

Day 1

Foundations of an ISMS

Information security principles (CIA triad), ISMS concept, the ISO 27000-series family map, structure of ISO/IEC 27001:2022, the Plan-Do-Check-Act cycle.

Day 2

Clauses 4-10 and Annex A

Walk-through of Clauses 4 (Context), 5 (Leadership), 6 (Planning), 7 (Support), 8 (Operation), 9 (Performance evaluation) and 10 (Improvement). Overview of the 93 Annex A controls grouped into Organisational, People, Physical and Technological themes.

Day 3

Audit cycle, exam prep, certification exam

Stage 1 vs Stage 2 audit, the surveillance and re-certification cycle, common documentation patterns, exam technique. PECB Foundation exam (1 hour, 40 questions, 70% pass mark) on the afternoon.

Who should attend

• Compliance officers and GRC analysts new to ISO 27001
• IT managers who will operate ISMS controls but will not design the system
• Project managers preparing to scope or sponsor a 27001 programme
• Internal auditors expanding their scope into information security
• Procurement and vendor-risk teams evaluating supplier ISMS posture
• Executive sponsors who want to read the audit report intelligently
• HR business partners involved in onboarding, screening and acceptable-use policy

Next intake

Date: Next public intake — July 2026 (3 consecutive working days)

Venue: Kuala Lumpur city centre (also available virtual instructor-led)

Class size: capped at 20 participants

Trainer: ISO 27001 Lead Implementer + Lead Auditor credentialed practitioner

Includes: Official PECB courseware, PECB exam fee, certification, lunch & refreshments

HRDC: SBL-Khas claimable on submission of approved JD14

Frequently asked questions

What's the difference between ISO 27001 Foundation and Lead Implementer?

Foundation is a 3-day awareness-and-terminology course that introduces the ISMS concept, the ISO 27000 family, and the structure of ISO/IEC 27001:2022. It does not teach you how to deploy an ISMS — it teaches you to participate in one intelligently. Lead Implementer is the 5-day practitioner course that covers full implementation, risk management, Annex A controls and the certification audit cycle. Foundation is the right starting point if you are new to ISMS; Lead Implementer is the right course if you will own deployment.

Are there prerequisites?

No formal prerequisite. The course is deliberately accessible to compliance officers, IT managers, internal audit, HR business partners, procurement leads, and anyone in an organisation preparing for ISO 27001 certification. Prior exposure to information security is helpful but not required.

What's the exam format?

The PECB Certified ISO/IEC 27001 Foundation exam is a 1-hour, multiple-choice exam taken on the final afternoon of the 3-day course. Pass mark is 70%. PECB issues the digital certificate within 6-8 weeks of a successful result.

Is this course HRDC claimable?

Yes. Registered with HRD Corp under SBL-Khas. We provide the HRDC course code, official PECB course outline, T3 trainer credentials, and the SBL-Khas claim-ready documentation pack on enrolment.

Who typically attends Foundation?

Compliance officers tasked with coordinating the audit, IT managers new to ISMS, project managers about to scope a 27001 programme, internal auditors expanding into infosec, procurement and vendor-risk teams who need to evaluate supplier ISMS posture, and any executive sponsor who wants to be conversant with the standard before signing off the budget.

Reserve your July 2026 seat

Foundation is the most efficient way to bring an entire team onto the ISMS vocabulary. Group rates apply for cohorts of 5+. Need the practitioner course instead? See Lead Implementer →

Reserve a Seat