How does ISO 27001:2022 differ from ISO 27001:2013?

The 2022 revision restructured Annex A from 114 controls in 14 clauses into 93 controls in 4 themes (organisational, people, physical, technological), introduced 11 new controls (e.g. threat intelligence, cloud services, ICT readiness for business continuity), and aligned with ISO/IEC 27002:2022. Existing certifications must transition by October 2025. Our curriculum reflects the 2022 revision.

Do you cover the new 2022 controls?

Yes — A.5.7 (threat intelligence), A.5.23 (cloud services security), A.5.30 (ICT readiness for business continuity), A.7.4 (physical security monitoring), A.8.9 (configuration management), A.8.10 (information deletion), A.8.11 (data masking), A.8.12 (data leakage prevention), A.8.16 (monitoring activities), A.8.23 (web filtering), and A.8.28 (secure coding) are all covered as part of the 2022 curriculum.

How does this compare to professional certification exam prep?

This is workforce awareness training mapped to Annex A 6.3 — for all staff at certified or certifying organisations to satisfy the standard's training control. It is not professional exam-prep for individual ISO 27001 Lead Implementer or Lead Auditor accreditation schemes. The evidence we generate is what certification bodies want from your ISMS, not what an individual learner needs for an accreditation cert.

Does this satisfy SOC 2 CC1.4?

Yes — SOC 2 CC1.4 (Demonstrates Commitment to Competence) and the Trust Services Criteria around training overlap substantially with ISO 27001 Annex A 6.3. The same evidence package typically satisfies both. We tailor the curriculum to call out SOC 2 specifics where relevant.

How long does a typical enterprise rollout take?

Most rollouts are live for the workforce within 5 business days of contract signature. Multi-entity rollouts (groups with multiple ISMS scopes) typically take 7–10 business days due to per-scope setup.

How does pricing work for a team of 500 employees?

Enterprise pricing is volume-based with discount tiers at 25, 50, 100, 250, and 500+ seats. A 500-seat rollout typically lands 35–40% below list price. Multi-year terms unlock further discounts and include the annual refresher cycle plus content updates as ISO/IEC 27002 controls and certification body interpretations evolve.

Can we add custom modules — e.g. our information security policy?

Yes. We routinely add policy attestations and custom modules: information security policies, acceptable use, incident response procedures, secure coding standards, vendor onboarding briefings. Your CSM scopes the additions during onboarding.

Do you offer single sign-on and SCIM?

Yes — SAML 2.0, OIDC, and SCIM provisioning are included on enterprise plans. New joiners are auto-enrolled into the right modules based on department; leavers are de-provisioned automatically.

Can we white-label certificates and learner emails?

Yes — your logo is added to certificates and learner-facing emails on every enterprise plan. Single-tenant white-label and custom domain are available on request.

ISO/IEC 27001 Awareness Training

Done-for-you ISO 27001 awareness training for your whole workforce

We deliver Annex A 6.3 awareness, education, and training across your workforce — covering the ISMS, information security policies, acceptable use, incident reporting, and role-specific modules. Managed rollout, audit-ready evidence accepted by certification bodies and customers. Live for your team in under a week.

Get a Team Quote Browse the Course Catalog

100,000+ professionals trained
Annex A 6.3 audit-ready
Live for your team in 5 business days

admin.compliquest.com / iso-27001 / training

ISO 27001 Programme · Q2 2026

Training completion overview

● LIVE

847

Enrolled

92%

Completed

4.8★

Rating

Overdue

All Workforce Members

100%

IT & Security

96%

Developers & Engineers

88%

Senior Management

74%

Audit-ready

Article 39 met

Records signed & timestamped

Certificate Issued

847 employees

4-WEEK ROLLOUT

Programmes running at

RocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidasRocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidas

// why teams choose us

Why ISO 27001 awareness training is mandatory — not optional

ISO/IEC 27001:2022 makes information security awareness, education, and training a Statement-of-Applicability control at Annex A 6.3, with corresponding management-system requirements at Clauses 7.2 (Competence), 7.3 (Awareness), and 7.5 (Documented information). Certification bodies will not issue, maintain, or renew a certificate without evidence that all workforce members understand the ISMS, the information security policy, and their individual contribution. Customer audits, SOC 2 reviews, and procurement tenders typically require the same evidence.

Annex A 6.3 — information security awareness, education and training is a mandatory SoA control

Clause 7.2 (Competence) — staff must be competent for the work they perform within the ISMS

Clause 7.3 (Awareness) — all staff must be aware of the ISMS, the information security policy, and their contribution

Clause 7.5 — documented information must be available; training records are the primary evidence

02 — Curriculum

Role-based
by default.

Different roles face different risks. Training tailored to job responsibilities.

01
All Workforce Members
All Workforce Members
02
IT & Security
IT & Security
03
Developers & Engineers
Developers & Engineers
04
Senior Management
Senior Management
05
Internal Auditors
Internal Auditors
06
Vendor & Procurement
Vendor & Procurement

03 — Process

From kickoff to fully trained in under four weeks.

weeks avg.

92%

completion

01Step
Week 1 · Discovery
Scope your risk
A 60-min working session with a specialist. We map your obligations, current training gaps, and regulator priorities in your jurisdiction.
- Compliance scan
- Regulator review
- Role-based gap analysis
02Step
Week 2–3 · Build
Tailor & integrate
Your processes, contacts, and policies go into the modules. We brand the LMS, wire SSO, and connect HRIS so enrolment is automatic.
- Custom scenarios
- White-label LMS
- HRIS / SSO sync
03Step
Week 4+ · Operate
Deploy & evidence
Roll out to all staff. Automated nudges hit non-completers. Manager dashboards in real time. Audit-ready records when regulators ask.
- Automated nudges
- Real-time dashboards
- Evidence pack

Ready to scope your programme?

Book a 30-min discovery call — no slides, no pitch, just specifics.

// platform & delivery

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Annex A 6.3 audit-ready evidence

Dated certificates per workforce member, exportable completion logs, and role-mapped curriculum records that satisfy stage 1 / stage 2 / surveillance audit checks under Clauses 7.2, 7.3, and 7.5.

Manager dashboard & reporting

Track completion across teams, business units, and ISMS scope boundaries. Export evidence packages for certification bodies, customer audits, and SOC 2 reviewers.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls workforce members forward each year. Refresher content tracks ISO/IEC 27002:2022 control updates and ISMS Forum guidance.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your information security policy, acceptable use, or incident response procedure to any module.

// from a customer

We pursued ISO 27001:2022 certification across our entire technology organisation. The certification body explicitly reviewed Annex A 6.3 evidence at stage 2. Role-mapped curriculum records and dated certificates passed without findings.

ISMS Manager, Microsoft

Technology — 1,200+ workforce members trained

★★★★★

// by the numbers

Mandatory

for ISO 27001 certification

Lost

certification or qualified opinion

Procurement

increasingly requires ISO 27001

// frequently asked

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

ISO 27001 is voluntary, but if you pursue certification then Annex A 6.3 (Information security awareness, education and training) is a Statement-of-Applicability checkpoint and Clauses 7.2/7.3 are management-system requirements. Certification bodies will not issue or maintain a certificate without evidence of staff training. The same evidence typically satisfies SOC 2 CC1.4 and customer audits.

Related guides

Cybersecurity

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Education

Compliance Glossary: Key Terms and Definitions 2026

Cybersecurity

CISO Roles and Responsibilities: The Complete Guide for 2026

Ready when you are

Ready to brief us on your team rollout?

Tell us your ISMS scope, your certification stage (pursuing, certified, surveillance), and your headcount. We'll come back with a curriculum proposal, pricing, and a rollout plan within 1 business day.

Get a Team Quote Browse the Course Catalog

// programme summary

Time to deploy

4 weeks

Audience

All staff + role tiers

Languages

12 included

Updates

Quarterly, automatic

Pricing

Done-for-you ISO 27001 awareness training for your whole workforce

100,000+ professionals trained

Annex A 6.3 audit-ready

Live for your team in 5 business days

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Annex A 6.3 audit-ready evidence

Dated certificates per workforce member, exportable completion logs, and role-mapped curriculum records that satisfy stage 1 / stage 2 / surveillance audit checks under Clauses 7.2, 7.3, and 7.5.

Manager dashboard & reporting

Track completion across teams, business units, and ISMS scope boundaries. Export evidence packages for certification bodies, customer audits, and SOC 2 reviewers.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls workforce members forward each year. Refresher content tracks ISO/IEC 27002:2022 control updates and ISMS Forum guidance.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your information security policy, acceptable use, or incident response procedure to any module.

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Done-for-you ISO 27001 awareness training for your whole workforce

Why ISO 27001 awareness training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Annex A 6.3 audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

CISO Roles and Responsibilities: The Complete Guide for 2026

Ready to brief us on your team rollout?

Done-for-you ISO 27001 awareness training for your whole workforce

Why ISO 27001 awareness training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Annex A 6.3 audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

CISO Roles and Responsibilities: The Complete Guide for 2026

Ready to brief us on your team rollout?

Role-based
by default.

Role-based
by default.