BCS Foundation Certificate in Information Security Management Principles
Gain a clear understanding of IS management issues including risk management, security standards, legislation and business continuity.
Who is it for?
Anyone with an interest in information security, whether as a career or for general business knowledge.
Entry requirements
There are no formal entry requirements however, the candidate should have basic working IT knowledge and an awareness of the issues involved with the security control activities.
It's recommended that candidates read the BCS course approved reference book Information Security Management Principles, as well as attend training with a BCS accredited training course.
What will I learn?
Candidates should be able to demonstrate:
- Knowledge of the concepts relating to information security management.
- Understanding of current national legislation and regulations which impact upon information security management.
- Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security.
- Understanding of the current business and common technical environments in which information security management must operate.
- Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.
The syllabus includes training objectives, details of modules and learning hours, plus a recommended reading list:
Download the v9.1 syllabus (PDF)
Download the v9.1 specimen paper and answer key (PDF)
Note: This version will be retired in April 2025.
Download our new v10 syllabus (PDF)
Download our new v10 specimen paper (PDF)
What format is the exam?
- One hour ‘closed book’ with 40 multiple choice questions
- Pass mark is 65% (26/40)
What's next?
Practitioner level certifications
- BCS Practitioner Certificate in Freedom of Information
- BCS Practitioner Certificate in Information Assurance Architecture
- BCS Practitioner Certificate in Information Risk Management
If you work or are considering working in a cyber security / information assurance role, we also run a Certified Cyber Professional (CCP) Scheme.
This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualifications Wales, CCEA Regulation or SQA.