PECB ISO/IEC 27001 Lead Implementer: training, examination and certification

2023-04-19 11:29:00

This month, I've put some time into formalizing my experience with the ISO 27001 standard for "Information Security Management Systems". That is, the business processes and security controls which an organization needs to have in place to be accredited as "ISO27001 certified"... which translates into: this organization has put the right things into place to identify, address and manage risk and to provide personnel and management with policies, standards and guidelines on how to securely operate their IT environment. 

It's a cliché that people in IT have a distaste for "auditing" and "compliance". And sure, I've never had much fun with it either! But I felt I was doing myself a disservice by not formalizing what I've learned over the past decades. Or to put it the other way around: making sure I properly learn the fundamentals, means that I can assist my customers better in properly structuring their IT security. 

So off I went, to my favored vendor of InfoSec trainings: TSTC in Veenendaal. :) 

They provide the PECB version of the ISO27001 LI training and examination. The PECB materials aren't awesome, but they get the job done. And yes, if you're a hands-on techie, then the material can be rather dreary. But overall I had a fun four days at TSTC, with a great class and a solid trainer. 

The exam experience was a bit different from what I'm used to with other vendors.

• I was supposed to take the online/remote exam on the Friday of the course-week. This is no longer possible, as PECB has changed their sign-up process.
• Rescheduling the exam has some very strict deadlines: if you need to reschedule less than 7 days before the test, you pay 50% of the exam fee extra. Rescheduling within 2 days means paying the full exam fee. 
• Sign-in for the exam, for ID verification and desk checking, opens 30 minutes before the start of your exam window. Unlike with other vendors, you are then expected to wait until the start of the exam window. With PearsonVue and others, I can immediately start my exam after the checks are done. With PECB I had to sit and wait for 25 minutes.
• The examination software itself works well! It's user friendly and I really enjoyed the integration of the learning materials into the UI, for the open book exam. This is well executed!
• The system requirements indicate one needs 1Mbps up+down for network connectivity. I have 18Mbps down, 200Mbps up (yes, weirdly asymmetrical), but the software said my connection was too slow. This suggests that PECB doesn't have a global/international CDN.
• Downloading the 212MB for the exam software happened at 200kBps, which solidifies my assumption that PECB lacks a global CDN. 

TLDR, in short:

• TSTC is, as always, good.
• PECB's study materials are good, their exam software too.
• ISO27001 is dreary if you're a full-on techie, not too interested in risk management.

kilala.nl tags: work, studies,

View or add comments (curr. 0)