Every ISO learning path on Do GRC, organised by standard family. Finish all paths in a family to earn its dedicated certificate on your Certificates page.
Information Security Management System fundamentals, ISO/IEC 27002 control families, and audit readiness.
40 paths • Complete all to earn the ISO/IEC 27001 & 27002 Implementation certificate
Companion practice
Optional applied scenarios and case studies aligned to this standard. Not required for the ISO/IEC 27001 & 27002 Implementation certificate.
Scenario paths
ISO 27001 Implementation Scenario Path
5 scenario prompts
ISO 27001 / Security Compliance Manager Job Path Scenarios
10 scenario prompts
Security & Resilience Scenario Path
5 scenario prompts
Security & Resilience Job Path Scenarios
10 scenario prompts
Incident Response Operations Scenario Path
5 scenario prompts
Vulnerability Management Operations Scenario Path
5 scenario prompts
Access Governance & IAM Assurance Scenario Path
5 scenario prompts
Control Testing & QA Scenario Path
5 scenario prompts
Audit & Assurance Scenario Path
5 scenario prompts
Business Continuity & Crisis Management Scenario Path
10 scenario prompts
Cloud Governance & Asset Lifecycle Job Path Scenarios
10 scenario prompts
Change Risk Assessment Scenario Path
5 scenario prompts
Compliance Operations Scenario Path
5 scenario prompts
Case studies
Control Library Governance
Interactive case study
Control Library Rationalization Framework Harmonization
Interactive case study
Security Control Baselines Configuration Governance
Interactive case study
Security Control Exception Compensating Controls Governance
Interactive case study
Control Deficiency Capa Governance
Interactive case study
Issue Management Corrective Action Governance
Interactive case study
Control Owner Accountability Evidence Stewardship Governance
Interactive case study
Policy Exception Risk Acceptance Governance
Interactive case study
Security Exception Risk Acceptance Lifecycle
Interactive case study
Regulatory Exam Findings Management Response Governance
Interactive case study
Third Party Fourth Party Risk Governance Subservice Dependency Oversight
Interactive case study
Third Party Fourth Party Concentration Governance
Interactive case study
Cloud Shared Responsibility Governance Control Ownership Operations
Interactive case study
Shadow It Unauthorized Saas Governance
Interactive case study
Data Classification Governance Handling Ops
Interactive case study
Data Retention Schedule Governance Disposition Ops
Interactive case study
Identity Access Review Governance
Interactive case study
Identity Access Review Governance Jml Pam
Interactive case study
Privileged Access Governance Jml Operations
Interactive case study
Cryptographic Key Management Governance Lifecycle Ops
Interactive case study
Threat Intelligence Governance Risk Ops
Interactive case study
Responsible Disclosure Vulnerability Intake Governance
Interactive case study
Vulnerability Disclosure Program Governance
Interactive case study
Secure Sdlc Devsecops Assurance
Interactive case study
Security Architecture Review Board Governance
Interactive case study
Ot Security Governance
Interactive case study
Data Breach Notification Governance Regulatory Coordination
Interactive case study
Business Continuity Plan Activation Invocation Governance
Interactive case study
Business Continuity Plan Maintenance Ownership Document Control Governance
Interactive case study
Business Impact Analysis Critical Process Mapping
Interactive case study
Rto Rpo Governance Recovery Objectives
Interactive case study
Crisis Management Team Governance Executive Decision Making
Interactive case study
Information Security Risk Management — establishing context, risk assessment, treatment, monitoring, and continual improvement.
25 paths • Complete all to earn the ISO/IEC 27005 Risk Management certificate
Companion practice
Optional applied scenarios and case studies aligned to this standard. Not required for the ISO/IEC 27005 Risk Management certificate.
Scenario paths
Quantitative Risk Scenario Path
5 scenario prompts
KRI & Metrics Design Scenario Path
5 scenario prompts
Risk Manager / Operational Risk Analyst Job Path Scenarios
10 scenario prompts
Operational Resilience Analyst Job Path Scenarios
10 scenario prompts
Regulatory Change Management Scenario Path
5 scenario prompts
Third-Party & Regulatory Job Path Scenarios
10 scenario prompts
Quantitative Risk & Insider Threat Job Path Scenarios
10 scenario prompts
Case studies
Enterprise Risk Taxonomy Assessment Methodology Governance
Interactive case study
Enterprise Risk Taxonomy Governance Standardization
Interactive case study
Enterprise Rcsa Challenge Aggregation Independent Review Governance
Interactive case study
Rcsa Program Operations
Interactive case study
Operational Risk Rcsa Program
Interactive case study
Enterprise Risk Appetite Cascade Limit Framework Governance
Interactive case study
Enterprise Risk Appetite Breach Management Escalation Governance
Interactive case study
Enterprise Risk Appetite Cascade Limit Breach Governance
Interactive case study
Enterprise Risk Appetite Limit Ops
Interactive case study
Enterprise Risk Appetite Tolerance Limit Framework Ops
Interactive case study
Third Party Risk Appetite Tolerance Calibration Governance
Interactive case study
Enterprise Risk Scenario Analysis Stress Testing Governance
Interactive case study
Enterprise Risk Interdependency Mapping Contagion Escalation Governance
Interactive case study
Enterprise Risk Culture Assessment Conduct Governance
Interactive case study
Operational Risk Event Capture Near Miss Governance
Interactive case study
Operational Risk Event Escalation Loss Capture Governance
Interactive case study
Materiality Assessment Governance Enterprise Disclosure
Interactive case study
Security Metrics Kri Governance
Interactive case study
Board Cyber Risk Governance Director Oversight
Interactive case study
Enterprise Issue Severity Triage Escalation Governance
Interactive case study
Operational Resilience Ibs Impact Tolerance Governance
Interactive case study
Operational Resilience Scenario Library Governance Severe Plausible Design
Interactive case study
Operational Resilience Scenario Testing Impact Tolerance Governance
Interactive case study
Cyber Insurance Readiness Renewal Governance
Interactive case study
Cyber Insurance Readiness Renewal Governance
Interactive case study
Cyber Insurance Readiness Claims Governance
Interactive case study
AI Management System foundations, clause-by-clause governance, and applied scenarios for organisations adopting ISO/IEC 42001.
22 paths • Complete all to earn the ISO/IEC 42001 AI Management certificate
Companion practice
Optional applied scenarios and case studies aligned to this standard. Not required for the ISO/IEC 42001 AI Management certificate.
Case studies
Ai Governance Policy Risk Oversight
Interactive case study
Ai Procurement Third Party Model Governance
Interactive case study
Model Risk Management Governance
Interactive case study
Model Risk Management Governance
Interactive case study
Responsible Ai Governance Generative Ai Use Cases
Interactive case study
Eu Ai Act Compliance Operations
Interactive case study
Data Ethics Governance Responsible Data Use Oversight
Interactive case study