Information Security Management System

Risk Management Professional Training

Based on ISO 31000, ISO 27001 and ISO 22301

Based on ISO 31000, ISO 27001 and ISO 22301

about the course

Organisations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives. These objectives may relate to range of organisation’s activities from strategic initiatives to its operations, processes and projects. This may reflect in terms of societal, environmental, technological, safety and security outcomes, commercial, financial and economic measures as well as social, cultural, political and reputation impacts.

Managing risk considers the external and internal context of the organisation, including human behavior and cultural factors. This course is structured to provide knowledge and skill required to assess and conduct risk assessment for organisations with respect to the requirements of ISO 31000:2018.

This comprehensive three-day course comprising of case studies, training, group discussions to ensure that the participants thoroughly understands the principles, framework and process of risk assessment.


On completion of this course, person can work as a risk professional. Person can conduct risk assessment with respect to ISO 31000 guidelines considering the requirements of ISO 27001 and ISO 22301 standard.


  • Terminology and definitions related to Risk Management.
  • ISO 31000 - Relationship between principles, framework and process of risk management.
  • Context of the organisation - Internal and External issues.
  • Risk Assessment process - Risk Identification, Risk Analysis, Risk Evaluation, Risk Treatment.
  • Importance of planning and implementing identified risk management actions.
  • Conduct risk assessment with respect to ISO 31000 followed by understanding the mapping of three standards (ISO 31000; ISO 27001 and ISO 22301).

WHO SHOULD attend?

  • Information security practitioners
  • Business continuity practitioners
  • Chief information security officer
  • Management representative of Management Systems (ISMS, BCMS)
  • Management consultants (ISMS, BCMS)
  • Core group members responsible for establishing, implementing, maintaining, auditing and improving Management Systems (ISMS, BCMS)
  • Professionals who play role in implementation of Management Systems (ISMS, BCMS)

The participants those who are interested to attend the course must have prior knowledge of:

  • Management Systems (ISMS and BCMS)
  • Understand Plan-Do-Check-Act (PDCA) Cycle
  • Process of Risk assessment
  • Incorporating management commitment and interest of stakeholders
  • Business Impact Analysis and Risk Assessment
  • Security objectives and Business continuity Objectives
  • Using results of risk assessment to build the controls
  • Ensuring a comprehensive approach to ISMS and BCMS
  • Continual improvement of ISMS, BCMS and making of modifications as appropriate
  • Knowledge on Information security management system based on ISO/IEC 27001 standard
  • Knowledge on Business continuity management system based on ISO 22301 standard


  • Candidates will be assessed through 40 marks multiple choice questions based online examination at the end of the course.
  • Exam duration is for 60 minutes.
  • Minimum passing criteria is 70% or above.


“Certified Risk Management Professional based on ISO 31000:2018, ISO/IEC 27001:2013 and ISO 22301:2019” successfully attended certificate is awarded to delegates who successfully completes the course, others will get the attendance certificate.


  • What are the benefits of enrolling in this course?
    • World-class training – by learning from TÜV SÜD’s industry experts and training specialists
    • Interactive learning style – with interactive formats such as lectures, illustrations and simulations are used
    • Networking opportunity – where you can meet and build network with like-minded individuals at our instructor-led training
    • Gain a competitive edge – by getting trained by experts known in the fields of safety, security and sustainability



Next Steps

Site Selector