Introducing ISO Prep — 87 Hands-on Paths for 27001, 27002, 27005 & 42001

ISO content has been one of the most-asked-for areas on Do GRC, and over the past few weeks it's grown a lot. To make it easier to find and work through, we've added a dedicated /iso-prep page that bundles every ISO learning path on the platform into three structured families.

Three families, 87 paths

ISO/IEC 27001 & 27002 — 41 paths covering ISMS context and scope, risk assessment and treatment, the Statement of Applicability, the full Annex A control catalogue (organizational, people, physical, technological), and audit readiness.

ISO/IEC 27005 — 25 paths walking through the information security risk management process end-to-end: context establishment, risk identification and analysis, evaluation against criteria, treatment options, monitoring and review, and continual improvement.

ISO/IEC 42001 — 22 paths on the AI Management System, including clause-by-clause governance (leadership, planning, support, operations, performance evaluation, improvement) and applied scenarios for organisations adopting 42001 alongside their existing ISMS.

Companion scenarios and case studies

Each family also surfaces a curated set of companion practice under the path grid: 21 scenario paths (everything from incident response and access governance to quantitative risk and AI model oversight) and 65 interactive case studies mapped to specific clauses and controls — Annex A.5 supplier oversight, A.8 cryptography and SDLC, ISO 27005 risk appetite and KRIs, AI procurement and model risk, and so on.

Companion items are optional. They're there when you want to apply what you've learned to a realistic scenario, but they don't gate certificate progress.

One certificate per family

Finish every path inside a family and you earn its dedicated certificate — ISO/IEC 27001 & 27002 Implementation, ISO/IEC 27005 Risk Management, or ISO/IEC 42001 AI Management — visible on your Certificates page. The requirement stays paths-only, so you can pace the scenarios and case studies however you like.

Where to start

The page has a Jump tonav at the top so you can skip straight to the family you're working toward. From there, your existing room and lab progress fills in automatically — so if you've already done some 27001 work, it's already counted.