What is it?
This certification applies to all security professionals.
The Risk Manager ISO/IEC 27005:2022 certification attests that the certified person :
- possesses or has acquired the skills to manage risks in information systems security, and more specifically to implementISO/IEC 27005, identify, analyze, assess, treat and manage security risks, and identify and assess risk treatment options.
- Possesses or has acquired the skills to select security measures, approve residual risks, identify threats, vulnerabilities and impacts.
The Risk Manager ISO/IEC 27005:2022 certification certifies that a person has acquired the necessary skills to carry out risk assessments in the field of information security.
Who can take the exam?
- Information systems security managers (ISSM)
- Information security team members
- Anyone responsible for information security, compliance and risk in an organization
- Anyone implementing ISO/IEC 27001, wishing to comply with ISO/IEC 27001, or involved in a risk assessment program.
- IS consultants
How does the exam work?
The exam, in the form of MCQs and a case study, is designed to assess :
- mastery of ISO/IEC 27005 and knowledge of ISO/IEC 27001
- Knowledge of the ISO/IEC 27005 risk management process - stages - cycle
- Ability to identify and value assets
- Ability to identify incident scenarios
- Ability to estimate risk levels and manipulate appendix tables
- Ability to draw up a risk treatment plan.
This exam is available on our online exam platform. To register, visit our Registration page.
If you have any questions, please fill in our form by selecting the subject "information certification personal skills", and we'll get back to you within a few days.
Why Choose LSTI?

Recognized expertise
With over twenty years of experience, LSTI supports more than 300 organisations in France and Europe as a benchmark certification body and evaluation centre, operating in the fields of cybersecurity, digital trust, and information security.

Specialized Auditors
Our auditing teams consist of seasoned professionals with deep expertise in ANSSI cybersecurity frameworks, information security management practices, and European digital trust frameworks. Their approach ensures rigorous, balanced evaluations adapted to each organisation's operational context.

Independent Third Party and Dedicated Support
Accredited by ANSSI, LSTI guarantees impartiality, transparency, and consistency throughout the entire cycle: preparation, audits, surveillance, and renewals. A dedicated point of contact ensures continuity and clarity throughout the certification journey.
Discover ou other
news


Risk Manager ISO/IEC 27005 Certification Rules