Launch offeryour first badge for €5 with code
Plume
← All skills
ISO 27001
Cybersecurity & GDPR

ISO 27001

ISMS, scope, Annex A, risk analysis, audits, certification, continuous improvement.

15 minutes€19.99

Before starting, we run a 1-minute tech check — microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.

How does it work? →

About the ISO 27001 badge

Show recruiters and clients you actually know ISO 27001 — ISMS scoping, Annex A 2022, risk treatment, two-stage audit — with a 15-minute AI-powered oral exam and a score they can verify.

The Plume ISO 27001 badge tests your real ability to design, implement, and sustain an Information Security Management System (ISMS) compliant with ISO/IEC 27001:2022. The AI examiner digs into concrete situations: defining the ISMS scope and organisational context (clauses 4 and 5), drafting and maintaining a Statement of Applicability (SoA), building a risk assessment aligned with ISO 27005 using EBIOS RM, MEHARI, or a scenario-based approach, and managing the two-stage certification audit. The examiner also probes your command of the restructured Annex A in the 2022 version — 93 controls across 4 themes (organisational, people, physical, technological) and 5 attributes — including the harder-to-implement controls like threat intelligence (5.7), cloud security (5.23), and information security for cloud services.

Unlike a LinkedIn self-endorsement or a training certificate, this badge is grounded in a spoken performance: Claude Opus reads the full transcript of your 15-minute session and scores each response on technical depth, quality of real examples, rigour of your risk methodology, ability to navigate multi-framework environments (NIS 2, GDPR, HIPAA, SOC 2, HDS), and your advisory posture. The result is a reproducible 0-to-100 score with a level — Novice, Proficient, Advanced, or Expert — that tells hiring managers, clients, and colleagues exactly what you can do with ISO 27001.

This badge is built for CISOs, GRC consultants, ISO auditors, and anyone who has led or supported an ISO 27001 certification project. It is equally valuable if you are preparing an accredited Lead Implementer or Lead Auditor exam and want to surface blind spots before committing to the official programme, or if you need a credible proof of competence for a bid, a proposal, or a new client relationship.

What this badge evaluates

Here are the concrete dimensions the AI examines during the 15-minute oral.

How this badge is scored

Final scoring is performed by Claude (Anthropic), which reads back the full transcript and applies this weighted criteria grid.

How the oral exam unfolds

A Plume session takes about 20 minutes, from tech check to badge delivery.

  1. Step 1

    Tech check (1 min)

    The AI confirms your microphone is working and that you are in a quiet environment. A short welcome message explains the format of the ISO 27001 oral exam and what to expect from the examiner.

  2. Step 2

    Warm-up — background and experience (2 min)

    The AI examiner invites you to introduce yourself and frame your ISO 27001 experience: your most recent role, the type of organisation, and which version of the standard you have worked with (2013 or 2022).

  3. Step 3

    Deep dive — real situations (10 min)

    The core of the exam. The AI explores three to five calibrated themes: ISMS scope definition, risk assessment methodology, SoA drafting and maintenance, two-stage certification audit management, Annex A 2022 controls, and multi-framework alignment. Questions adapt to your answers in real time.

  4. Step 4

    Edge cases and advisory judgment (2 min)

    The examiner presents one or two nuanced scenarios — when would you advise against ISO 27001 certification, how would you handle a control like threat intelligence or cloud security that is genuinely hard to evidence for a mid-size company.

  5. Step 5

    Wrap-up and badge delivery (immediate)

    The session closes, Claude Opus analyses the full transcript and generates your 0-to-100 score, your level (Novice / Proficient / Advanced / Expert), a detailed per-criterion report, and a shareable verified URL for your ISO 27001 badge.

The 4 proficiency levels

Your score out of 100 translates into a level a recruiter can grasp at a glance.

Novice

Score 0-39

You know the big picture of ISO 27001 — ISMS, Annex A, certification audit — but have not yet led or supported a project end to end. You can define the key concepts but struggle to justify scope boundaries or SoA exclusions when pressed by an auditor.

Proficient

Score 40-59

You have contributed to at least one ISO 27001 project, either in a support role or on a limited scope. You can build a basic risk assessment, draft a first version of the SoA, and help teams prepare for a Stage 1 audit. You are solid on the main clauses but some Annex A 2022 controls are still unfamiliar territory.

Advanced

Score 60-79

You have led several end-to-end ISO 27001 certification projects, managed two-stage audits, maintained the SoA over time through organisational changes, and mapped the standard against other frameworks like GDPR, NIS 2, or HDS. You know all 93 Annex A 2022 controls and their attributes and can pinpoint the hardest ones to implement in practice.

Expert

Score 80-100

You are a recognised authority on ISO 27001: you operate as a senior consultant, CISO, or qualified auditor; you master the nuances between the 2022 and 2013 versions; you handle complex multi-framework programmes; and you advise boards on certification strategy, including when to pursue alternatives to ISO 27001.

Who this badge is for

No degree or years of experience required to take the badge. Here are the profiles it makes the most sense for.

Concrete use cases

Where and how your ISO 27001 badge will help you day to day.

Prerequisites

A few minutes to check you have everything you need.

What you take away

At the end of your session you don't just get a score — here's everything that awaits you.

Frequently asked questions about the ISO 27001 badge

The exam is primarily calibrated on ISO/IEC 27001:2022 — including the restructured Annex A with 93 controls across four themes and five attributes, and the 11 new controls such as threat intelligence (5.7), cloud security (5.23), ICT supply-chain security (5.21), and physical security monitoring (7.4). If your experience is based on the 2013 version, you are welcome to reference it, but the examiner will ask whether you are aware of the 2022 changes and how they have affected your work.

Other Cybersecurity & GDPR badges

Discover related skills you can validate with Plume.

Ready to take the ISO 27001 badge?

A 15-min oral exam with an AI, a shareable badge for your recruiters.

Choose this badge · €19.99