Perry Johnson Registrars (PJR) has announced the release of its latest free online training programme: the ISO/IEC 27001:2022 Clause-by-Clause Course, delivered by Brandon Abbinante, ISMS/SMS/QMS Lead Auditor and member of the PJR Executive Committee.
The course has been developed to support professionals and organisations operating within information security management frameworks, including those aligned with UK and international expectations for structured cyber risk governance and data protection compliance.
Course Overview
The self-paced training provides a structured interpretation of the ISO/IEC 27001:2022 standard, offering clause-by-clause guidance across Clauses 4 to 10. It is designed to support understanding of Information Security Management Systems (ISMS) in accordance with internationally recognised best practice and audit expectations.
The course begins with foundational information security principles, including the Confidentiality, Integrity, and Availability (CIA) model, and progresses through organisational context, leadership requirements, planning, operational controls, performance evaluation, and continual improvement.
Practical explanations and applied examples are included to support interpretation of requirements in real organisational environments, particularly those operating within regulated or audited supply chains.
UK Regulatory and Procurement Alignment Context
For organisations operating in the United Kingdom, information security governance is increasingly assessed within the context of regulatory compliance, third-party risk management, and procurement due diligence requirements. Frameworks such as the UK GDPR and the Data Protection Act 2018 establish baseline legal obligations, while buyers across regulated sectors—particularly financial services, critical infrastructure, and technology supply chains—require demonstrable alignment with recognised security management frameworks.
ISO/IEC 27001:2022 is widely referenced within UK procurement and supplier assurance processes as a benchmark for structured information security governance, risk management, and control effectiveness. Certification or training aligned to this standard is often considered during vendor onboarding, security questionnaires, and ongoing supplier assurance reviews as evidence of a formalised and auditable Information Security Management System (ISMS).
Key Learning Topics Include:
- Structure and purpose of an Information Security Management System (ISMS)
- Interpretation of ISO/IEC 27001:2022 clauses and their interrelationships
- Organisational context and interested parties
- Risk assessment and risk treatment methodologies
- Statement of Applicability (SoA) development and application
- Implementation of Annex A controls and common nonconformities
Audit readiness and continual improvement principles
Who Should Attend?
The course is intended for professionals involved in the implementation, management, assurance, or auditing of Information Security Management Systems, as well as individuals seeking foundational knowledge of ISO/IEC 27001:2022.
It is particularly relevant for CISO teams, information security managers, risk and compliance professionals, and procurement or supplier assurance functions within UK and international organisations operating in regulated or high-risk sectors.
Course Details:
- Format: Online, self-paced
- Duration: Approximately 1–2 hours
- Access: Flexible, with ability to pause and resume
- Cost: Free of charge
“Understanding ISO/IEC 27001 at clause level is essential for effective implementation and audit preparedness,” said Brandon Abbinante. “This course is designed to translate the standard into practical application while supporting real-world information security management requirements.”
PJR continues to support organisations and professionals through accessible training resources that strengthen compliance capability, enhance audit readiness, and promote continual improvement across information security management systems.