EXIN Information Security Management Professional based on ISO/IEC 27001

Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational, physical and technical aspects of information security.

Get certified

Certification information

This module is intended for everyone who is involved in the implementation, evaluation, and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification.

Information security perspectives: the perspectives of the business, the customer, and the service provider
Risk Management: Analysis of the risks, choosing controls, dealing with remaining risks
Information security controls: Organizational, technical and physical controls

EXIN Information Security Management Professional based on ISO/IEC 27001 Body of Knowledge

EXIN (2020)
Free download:

The exam is, besides ISO/IEC 27001, based on the 2013 version of ISO/IEC 27002:2022, while the latest version of ISO/IEC 27002 is published in 2022. The exam will be updated in the second half of 2022. Your certificate will have the same value, whether you earn it now or later this year. There are no contradictions between ISO/IEC 27002:2022 and the current exam. This is because the EXIN exam tests a candidate’s understanding of how to protect information, not purely their knowledge of the ISO standard. ISO/IEC 27002 just provides us with a globally accepted structure.
In addition, the main changes in the ISO/IEC 27002:2022 concern the order of the subjects. The structure has been simplified and actually aligns better with the structure of the EXIN exam Information Security Management Professional (ISMP).
There are some additional subjects in ISO/IEC 27002, in line with developments since 2013, e.g. threat intelligence, security in cloud services and data masking. When the exam is updated, some of these topics might be covered. No subjects will be removed.

Details & downloads

01 hour 30 minutes
Number of Questions:
30 (Multiple Choice)
Pass mark:
Open book:
Training mandatory:
Electronic equipment allowed:
ECTS Credits:
English, Chinese, Portuguese
Requirements for certification:
  • The Information Security Management Professional training course with an EXIN accredited training provider (ATP), including having successfully fulfilled the two (2) practical assignments as part of the course.