Course duration: 8 Hours

ISO 28000:2022 Security Management Systems

Clause-by-Clause Learning Pathway for Organizational Resilience

Welcome to the ISO 28000:2022 training module — a comprehensive, clause-aligned journey into building and maintaining a robust Security Management System (SMS). This course is designed to equip professionals with the knowledge and tools to manage security risks, enhance resilience, and align with global standards across sectors, including mining, logistics, infrastructure, and governance.

📘 Module Structure

Each section below corresponds to a clause in ISO 28000:2022 and includes interactive lessons (SCORM) and assessments to reinforce learning. The course is CPD-ready and supports SAQA-aligned professional development.

🔹 Clause 1–3: Foundations

• Scope: Understand the broad applicability of ISO 28000 across industries.
• Normative References: Explore supporting standards like ISO 31000, ISO 22301, and ISO 19011.
• Terms and Definitions: Master key terminology including threat, vulnerability, asset, and incident.

🔹 Clause 4: Security Management System

• General Requirements: Learn how to establish, implement, and improve an SMS using the PDCA cycle.
• Security Management Policy: Draft and evaluate a strategic security policy aligned with organizational goals.

🔹 Clause 4.3: Risk Assessment and Planning

• Security Risk Assessment: Identify and evaluate risks, threats, and vulnerabilities.
• Legal and Regulatory Requirements: Understand compliance obligations across jurisdictions.
• Security Objectives: Set SMART goals that align with strategic priorities.
• Implementation and Operation: Deploy controls, assign roles, and ensure operational readiness.
• Competence and Awareness: Build training plans and track CPD progress.
• Communication: Establish internal and external protocols for security-related messaging.
• Documentation and Data Control: Manage secure records and ensure audit trail integrity.
• Operational Control: Apply procedures for physical, digital, and procedural security.

🔹 Clause 4.5: Performance Evaluation and Corrective Action

• Performance Monitoring: Measure security KPIs and analyse trends.
• System Evaluation: Conduct reviews and gap analyses.
• Incident Response and CAPA: Address failures, non-conformances, and implement corrective/preventive actions.
• Control of Records: Maintain secure, accessible, and compliant documentation.
• Audit: Prepare for internal audits using ISO 19011 principles.

🔹 Clause 4.6: Management Review and Continual Improvement

• Management Review: Engage leadership in evaluating SMS effectiveness.
• Continual Improvement: Drive strategic enhancements based on performance data, audits, and stakeholder feedback.

🎓 What You’ll Gain

• A clause-by-clause understanding of ISO 28000:2022
• Practical tools for building and auditing a Security Management System
• CPD-ready assessments and templates for professional development
• Strategic insights applicable to mining, logistics, infrastructure, and governance sectors

🧩 Integration Options

This module is compatible with Notion, Obsidian, and other research vaults. Tagging schemas, export routines, and SAQA alignment tools are available for advanced users.

• Downloadable DQS certificate, with a certificate number that can be verified on the portal.
• The course consists of the international standards and guidance regarding every clause.
• Content is supplied and reviewed by international DQS Technical Experts/ Lead Auditors.
• Registration on the eLearning Portal is valid for 1 year with access to live updates, subject matter experts/instructors.
• Assessment questions after every section with a 100% pass rate, ensuring internalization of content.
• Downloadable manuals and other resources.

To learn more about registration on the portal, watch this YouTube introduction video