Information Security Foundation based on ISO IEC 27001

EXIN Information Security Foundation is a relevant certification for all professionals who work with confidential information. It tests the understanding of concepts and value of information security as well as the threats and risks.

Get certified

Certification information

Please note – From 31/21/2022 – this certification will no longer be available in French. If you wish to obtain this certification in French, please book your exam before this date. This certification will remain available in all other languages.

This foundation-level certification is suitable for all professionals who deal with information, especially confidential information. Moreover, it creates a solid basis to pursue a higher level certification on the subject of Information Security. Entrepreneurs or small business owners who need a basic understanding of the subject also benefit from Information Security Foundation.

Information and security
Threats and risks
Approach and organization
Legislation and regulation

The EXIN Information Security Foundation based on ISO/IEC 27001 (ISFS) exam is based on this book:
Hintzbergen, J., Hintzbergen, K., Smulders, A. and Baars, H.
Foundations of Information Security – Based on ISO 27001 and ISO 27002
Van Haren Publishing, 3rd revised edition, 2017.
The book is from 2017, while the latest version of ISO/IEC 27002 is published in 2022. The book Foundations of Information Security is in the process of being updated right now. The exam will be updated in the second half of 2022. Your certificate will have the same value, whether you earn it now or later this year. There are no contradictions between ISO/IEC 27002:2022 and the current exam. This is because the EXIN ISFS exam tests a candidate’s understanding of how to protect information, not purely their knowledge of the ISO standard. In the same way, the book Foundations of Information Security is quite practical. It describes information security instead of only explaining the ISO/IEC standard. ISO/IEC 27002 just provides us with a globally accepted structure. In addition, the main changes in the ISO/IEC 27002:2022 concern the order of the subjects. The structure has been simplified and actually aligns better with the structure of the ISFS exam, and even with the advanced EXIN exam Information Security Management Professional (ISMP). There are some additional subjects in ISO/IEC 27002, in line with developments since 2013, e.g. threat intelligence, security in cloud services and data masking. When the exam is updated, some of these topics might be covered. No subjects will be removed.

Basiskennis informatiebeveiliging op basis van ISO 27001 en ISO 27002
Van Haren Publishing, 2e herziene druk, 2015

Fundamentos de Segurança da Informação: com base na ISO 27001 e ISO 27002
Brasport, 1ª edição, 2018