Training Catalogue
|
|
- Barbra Chambers
- 8 years ago
- Views:
Transcription
1 Training Catalogue
2 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation ISO Compliance Management Implementation Corporate Compliance Workshop Optimizing Your Program.. Certified ISO Risk Manager PECB/ANSI Mastering Risk Management Workshop Toward Risk Convergence.. Certified ISO Governance of IT Manager PECB Certifies ISO Risk Manager of IT PECB/ANSI Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified ISO Disaster Recovery Manager PECB... Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified ISO Lead Manager PECB... Certified ISO/IEC Application Lead Security Implementer PECB. Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified Outsourcing Manager PECB. Certified Lead Privacy Implementer PECB. Certified Lead Forensic Examiner PECB/ANSI Certified Lead Security Incident Professional PECB. Certified Lead SCADA Security Professional PECB/ANSI Certified Lead Penetration Tester PECB.. Certified ISO Lead Implementer PECB. Certified ISO Lead Auditor PECB... Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Implementer PECB
3 Company Profile What We Do GRC Tech is a training and consultancy firm that assists organisations to understand, implement and comply with Governance, Risk and Compliance (GRC) related best practice standards and frameworks that lead to sustained process and business improvement. We meet the training, awareness and consulting needs of organisations in the following categories: Corporate Governance, Risk and Compliance Strategy and Performance Management IT Governance and IT Service Management Business Continuity and Information Security Management International Experience Since our inception in 2010, GRC Tech has successfully provided training, and has delivered GRC related consultancy projects to leading African and international organisations. We have delivered services in among other, South Africa, Botswana, Tanzania, Namibia, Mauritius, Uganda, Swaziland, Oman, Egypt, Kenya and Nigeria. Our Partners 3
4 Training Overview Our training courses are underpinned by internationally accepted Governance, Risk and Compliance (GRC) best practices based on a range of GRC related frameworks and standards including OCEG Red Book 2.1 & 3.0, ISO 19600, BS 10500, COBIT, ISO 38500, ISO 27005, ISO 27001, ISO and ISO Approach to GRC Management Training Our approach to training provides delegates with valuable practical experience of how to overcome the typical challenges they are likely to experience when undertaking GRC related projects within their own organisations. Delegates enjoy the following benefits: A choice of brief management overview, foundation or intensive practitioner-level courses Course development and presentation by subject-matter experts with in-depth knowledge and experience in their field of expertise Practical course content, hand-outs and interactive group discussions International certification exams for selected courses In-house Training On Demand In-house training provides a cost-effective and timesaving training opportunity, especially where an organisation has more than six staff members to train and / or requires training in remote locations. In-house courses can be facilitated at your organisation's own premises or conducted as a private course at a training venue of your choice Self-Study When you choose to study through GRC Tech training you have the option to select your course(s) from our range of certification programs. We offer you an unrivalled selection of quality distance education courses accredited by PECB the most respected awarding bodies Internationally. All of our students have access to an experienced professional in their field of study. He/she is totally committed to helping you succeed and is always on hand to answer any query you may have, no matter how big or small. Training Courses Available Governance, Risk Management & Compliance (GRC) Anti-Bribery Compliance Risk Management IT Governance, Risk Management & Compliance (IT GRC) IT Security Management Business Continuity & Disaster Recovery Management Professional Courses: CMO, CLPI, CLFE, CLSI, CL-SCADASP, CLPT Project Management Supply Chain Security Management Six Sigma 4
5 5
6 Governance, Risk Management & Compliance (GRC) GRC Fundamentals, Strategy and Implementation 3 Days Who Should Attend! CEO s, COO s, Chief Risk Officer, Chief Compliance Officer, Chief Information Officer, Chief Audit Executives and other Senior Managers. The objective is to give you an insight and practical strategies for your Governance, Risk and Compliance integration by: Defining progressive governance, risk, and compliance roles and responsibilities to move forward from silo management Fulfilling regulatory requirements while achieving a real ROI Increasing productivity and capital by putting an end to silo management Leveraging your current IT systems to integrate GRC Gaining an in-depth view into key risk metrics and policy compliance to improve your risk control and self-assessments About the Workshop The workshop provides an introductory overview of this new global groundswell of GRC, including discussion of the challenges organizations will face and business case that will drive this new movement. Topics covered include: An introduction to GRC: the new corporate must have Explanation of an integrated GRC system How is GRC different from current governance, risk, and compliance assurance methods? Building your business case What current laws require: a global perspective on bare minimum compliance, how the corporate governance bar continues to move upwards Integrated GRC: what parts must be assembled, bought, wired up, or rented to build one? What cultural changes are required to make it work? Setting up and staffing an integrated GRC system Overcoming barriers and avoiding pitfalls Maintaining and sustaining your GRC and measuring its benefits Agenda: GRC Overview: Where Are We Going and How Do We Get There? GRC: What s the Business Case for Change? Achieving GRC Buy-in at the Top and Establishing Clear Roles & Responsibilities Practical Strategies for Implementing GRC Establishing the Desired Enterprise-Wide Culture 6
7 Governance, Risk Management & Compliance (GRC) Business Objectives & Drivers Risk & Opportunities Plan & Design Integrated Approach Programs: The three core principles Oversight Personnel Leaders and Champions Strategic & Operating Personnel Plan & Organize the GRC Implementation The GRC Technology Roadmap 7
8 Anti Bribery Anti Bribery Management System Implementation 2 Days Successful implementation of BS Specification for an anti-bribery management system (ABMS) shows an organisation commitment to ethical behaviour and a vital part of Corporate Governance in a well-managed organisation which can help protect your corporate reputation and avoiding potentially corrupt transactions. Led by an experienced tutor, this two-day course will guide you through an implementation of an effective ABMS, using a combination of practical exercises, group activities and class discussions. Learning Objectives On completion of the course, delegates will be able to know: How to determine the threat of bribery within an organization How to recognize the key management system concepts of BS What are the benefits specific to my organization in relation to implementing an effective ABMS How to identify a typical framework for implementing BS following the Plan-Do- Check-Act (PDCA) cycle How to interpret the requirements of BS from an implementation perspective in the context of your organization How to conduct a base line review of your organizations current position with regard to BS Who Should Attend? Those responsible for anti-bribery management, ethical behaviour, corporate governance, risk and compliance, management systems, anti-bribery measures, human resources, procurement and those managing/selecting business associates especially if operating in high-risk bribery environments. Recommended job roles include: Human resource professionals and managers Company secretaries Internal legal teams Governance, risk and compliance managers Internal affairs and investigation teams Internal and external management systems auditors who are new to ABMS Procurement managers Private data and records administration teams Agenda Introduction to Anti-Bribery Management System (ABMS) concepts as required by BS Introduction to management systems and the process approach Fundamental principles in anti-bribery management General requirements Planning the Anti-Bribery Management System (ABMS) Allocating responsibility 8
9 Writing the anti-bribery policy Reviewing the requirements of the ABMS Designing or modifying the necessary policies, procedures and controls for the ABMS Preparing an implementation plan for the ABMS Monitoring and reviewing the ABMS Continual improvement of the ABMS Pre-Requisites There are no formal prerequisites to attend, however it is recommended that you have some knowledge of ABMS, in particular the BS standard, as well as an understanding of how your organization operates and the likely risks it faces. 9
10 Compliance ISO Compliance Management Implementation 3 Days ISO defines requirements to continually improve a compliance management system s effectiveness. It requires an organisation to establish, develop, document, implement, evaluate, maintain and improve an effective and responsive Compliance Management System (CMS). The policy, objectives and processes needed for compliance management must be determined, including the sequence and interaction, and be applied throughout. Learning Objectives This 3-day course provides delegates with an understanding of the International Organisation for Standardisation s (ISO) standard for compliance management systems ISO Upon successful completion of this course, participants should be able to: Identify compliance requirements and an appropriate system for recording them Plan, document and establish a compliance management system Review a compliance system & its processes Determine the purpose and the scope of compliance research that needs to be undertaken to meet legal and client obligations Define a compliance research plan and gather the required data Analyse the collected data in a manner that is meaningful to the organisation Document and communicate the compliance research outcomes Understand the components of a Continual improvement framework Use a Continual improvement Framework to ensure new ideas and improvements are managed in a consistent and systematic manner Who Should Attend? Compliance managers and officers Internal legal teams Governance, risk and compliance managers IT GRC officers Internal and external management systems auditors who are new to CMS Agenda Introduction to Compliance Management concepts as required by ISO Introduction to management systems and the process approach Fundamental principles in compliance management General requirements: presentation of the clauses of ISO Planning the Compliance Management System (CMS) Allocating responsibility Writing the compliance management policy and framework Reviewing the requirements of the CMS Designing or modifying the necessary policies, procedures and controls for the CMS 10
11 Preparing an implementation plan for the CMS Monitoring and reviewing the CMS Continual improvement of the CMS Pre-Requisites None 11
12 Compliance Corporate Compliance Workshop (Optimizing Your Program) 2 Days To create a program that reflects, incorporates and is integrated with your organization's culture, ethos and corporate compliance objectives, design a program that is tailored and fine-tuned with specific regard to the size, form, complexity and history of your organization, document specific steps taken in the implementation and operation of a compliance program and measure the program with metrics. Learning Objectives To recognize the importance of the mission, meeting compliance goal To set standards to be followed To empower employees to make decisions following prescribed guidelines, to ensure that progress was continuing to achieve agreed-upon goals To establish a decision-support mechanism To document specific steps taken in the implementation and operation of a compliance program To measure the program with metrics Who Should Attend? This workshop is designed for senior managers recognizing the importance of the mission - meeting compliance goals, specifically in terms of what is expected by stakeholders, the regulators, with no exceptions. Governance Officer Compliance Officer Legal Counsel Risk Manager Internal Auditor IT Manager Senior Managers in Planning, Finance, Marketing, Project, HR, etc. Consultants & Business Advisors Agenda Introduction Compliance Key Functions The four aspects of compliance operation: Demonstrating Compliance with relevant regulations Embedding Compliance within your organization Managing the cost of Compliance; and Identifying, addressing and resolving regulatory failures Purism v/s Pragmatism Looking at the Big Picture 12
13 What are the Compliance Issues! Governance Issues Compliance Issues Risk Issues IT Compliance Issues Why focus on compliance programs! Introduction to effective compliance program: Culture Scope & Strategy Structure & Resources Policies Communication & training Issue Management Evaluation The Framework Establishing an Enterprise Compliance Program: The Principles The Roadmap to Effective Compliance Policies, Procedures, and Controls The Measuring Criteria How do we measure! The Metrics The Compliance Maturity Model Awareness (external & internal) Structure & Accountability Culture & Consistency Processes/ Controls Automation & Integration Measurement Technology Reporting on measurement Integration of Compliance into the GRC Framework Case Study XYZ Ltd. 13
14 Risk Management Certified ISO Risk Manager (PECB/ANSI) 3 Days MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT BASED ON ISO AND IEC/ISO In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO general risk management standard, the process model it recommends, and how companies may use the standard. This training is also fully compatible with IEC/ISO 31010; which supports ISO by providing guidance for risk assessment. Learning Objectives To understand the concepts, approaches, methods and techniques allowing an effective Risk Management according to ISO To understand the relationship between the Risk Management and the compliance with the requirements of different stakeholders of an organization To acquire the competence to implement, maintain and manage an ongoing Risk Management program according to ISO compliance with all the other requirements To acquire the competence to effectively advise organizations on the best practices in Risk Management Who Should Attend? Governance Officer Compliance Officer Risk Manager Internal Auditor IT Manager Senior Managers in Planning, Finance, Marketing, Project, HR, etc. Consultants & Business Advisors Agenda Introduction, Risk Management framework according to ISO Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of a risk management framework Understanding an organization and its context Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Risk identification Risk analysis and risk evaluation Risk treatment 14
15 Risk acceptance and residual risk management Risk communication and consultation Risk monitoring and review Risk assessment methodologies according to IEC/ISO and Exam Presentation of risk assessment methodologies PECB/ANSI Certification Exam - 2 hours Pre-Requisites None General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Risk Manager Certification fees are included in the exam price Participant manual contain over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to participants 15
16 Risk Management Mastering Risk Management Workshop (Toward Risk Convergence) 2 Days In today's fast-moving, complex operating environment, risk executives need to cultivate an understanding across all areas of risk and business. Business problems are multifaceted, interrelated and increasingly global - executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective. This intensive two-day programme exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research. Learning Objectives Gain a valuable perspective on risk management in terms of corporate governance, as well as its relationship to cultural and stakeholder concerns Expand your network by linking up with a variety of individuals in risk-related fields and various business lines who think and make decisions about risk in the context of the entire enterprise Broaden your knowledge of leading-edge theory and practice, to increase your ability to create and sustain a high level of performance and steer projects to completion through an increased understanding of the issues impacting your organization Take part in focused learning and interact with your peers to improve your decisionmaking, leading to advanced proficiency and strategic advantages. Who Should Attend? Senior risk practitioners Executives with influence over their organization s risk strategy Business-line executives Non-Executive Directors Consultants & Business Advisors Agenda Introduction to GRC & E Defining the terms What is GRC convergence? A View At The Current State An Overview Of Standards Traditional vs Modern Risk Management Challenges with Risk Assessment GRC Risk Convergence - Key issues GRC Risk Convergence The Challenges GRC Risk Convergence Benefits GRC Risk Convergence Defined 16
17 Assessing Risks Developing A Common Shared Context Case Study Control vs Risk Focus Risk Taxonomy: Focus on Risk Types Understanding The Anatomy Of Risk The DNA Of Risk Management The Key Indicator Trio Risk Assessment Methodology Risk Assurance The GRC Framework Building A Business Case GRC Desired State Risk Maturity Level 17
18 IT Governance, Risk Management & Compliance Certified ISO Governance of IT Manager (PECB) 2 Days MASTERING THE FUNDAMENTAL PRINCIPLES AND CONCEPTS OF CORPORATE GOVERNANCE OF INFORMATION TECHNOLOGY BASED ON ISO This two day intensive course enables the participants to develop the necessary expertise to support an organization in implementing corporate governance of Information Technology as specified in ISO/IEC Participants will also gain a thorough understanding of best practices used to implement guidance for Corporate Governance of IT from all areas of ISO ISO/IEC applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization. Learning Objectives To understand the implementation of guidance for the corporate governance of IT in accordance with ISO 38500, & To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an corporate governance of IT To understand the relationship between the components of a corporate governance of IT, including responsibility, strategy, acquisition, performance, conformance, human behavior To acquire necessary expertise to manage a team implementing ISO Who Should Attend? Project managers or consultants wanting to prepare and to support an organization in the implementation of corporate governance of Information Technology ISO auditors who wish to fully understand the corporate governance of IT implementation process Senior Managers responsible for the IT governance of an enterprise and the management of its risks Members of groups monitoring the resources within the organization External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies; Vendors of hardware, software, communications and other IT products Internal and external service providers (including consultants) Agenda Introduction to corporate governance of IT Fundamental principles of corporate governance of IT Initiation process of corporate governance of IT Definition of the scope Corporate governance application Objectives of ISO Benefits of using this standard Referenced documents ISO & Definitions 18
19 Framework and guidance for good governance of IT Principles Model Responsibility of directors for corporate governance of IT Strategy of IT development Acquisition Performance of corporate governance of IT Conformance Human Behavior PECB Certification Exam - 2 hours General Information After successfully completing the ISO Corporate Governance of IT Manager exam, participants can apply for the credentials of Certified ISO Corporate Governance of IT Provisional Manager or Certified ISO Corporate Governance of IT Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 200 pages of information and practical examples A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 19
20 IT Governance, Risk Management & Compliance Certified ISO IT Risk Manager (PECB/ANSI) 3 Days MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY BASED ON ISO In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO/IEC 27001:2013 standard. Learning Objectives To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO To interpret the requirements of ISO on information security risk management To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO To acquire the competence to effectively advise organizations on the best practices in information security risk management Who Should Attend? Risk managers Member of the information security team Persons responsible for information security or conformity within an organization Staff implementing or seeking to comply with ISO or involved in a risk management program IT consultants Agenda Introduction, risk management program according to ISO Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of an information security risk management program Understanding an organization and its context Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Risk identification Risk analysis and risk evaluation Risk assessment with a quantitative method Risk treatment 20
21 Risk acceptance and residual risk management Information Security Risk Communication and Consultation Risk monitoring and review Overview of other information security risk assessment methods and exam Presentation of OCTAVE method Presentation of MEHARI method Presentation of EBIOS method Presentation of Harmonized TRA method PECB/ANSI Certification Exam (2 hours) General Information After successfully completing the Certified ISO Risk Manager exam, participants can apply for the credentials of Certified ISO Risk Manager or Certified ISO Risk Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 21
22 Business Continuity Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A BUSINESS CONTINUITYMANAGEMENT SYSTEM (BCMS) BASED ON ISO This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO The participants will also gain a thorough understanding of best practices used to implement Business Continuity processes from the ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS (Business Continuity Management Specification) and ISO (Guidelines for information and communication technology readiness for Business Continuity) Learning Objectives To understand the implementation of a BCMS in accordance with ISO 22301, ISO or BS To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a BCMS To understand the relationship between the components of a BCMS and the compliance with the other requirements To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO or BS To acquire the necessary expertise to manage a team implementing ISO or BS Who Should Attend? Project managers or consultants wanting to prepare and support an organization in the implementation of a Business Continuity Management System (BCMS) Business Continuity auditors who wish to fully understand the implementation of a Business Continuity Management System Individuals responsible for the Business Continuity or conformity in an organization Members of a Business Continuity team Expert advisors in Business Continuity Members of organizations that want to prepare for a business continuity function or for a BCMS project management function Agenda Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301: Initiating a BCMS Introduction to the management systems and the process approach Presentation of the standards ISO 22301, ISO/PAS 22399, ISO 27031, BS and regulatory framework Fundamental principles of Business Continuity 22
23 Preliminary analysis and determining the level of maturity of the existing BCMS based upon ISO Writing a business case and a project plan for the implementation of a BCMS Planning a BCMS based on ISO Definition of the scope of a BCMS Development of a BCMS and Business Continuity Policies Business Impact Analysis (BIA) and Risk Assessment Implementing a BCMS based on ISO Implementation of a document management framework Design and implementation of Business Continuity processes and writing procedures Development of a training & awareness program and communicating about the BCMS Incident management and emergency management Operations management of a BCMS Controlling, monitoring and measuring e a BCMS and the certification audit of a BCMS in accordance with ISO Monitoring BCMS processes Development of metrics, performance indicators and dashboards Internal audit and management review of a BCMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam - 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 23
24 Business Continuity Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the needed expertise to audit a Business Continuity Management System (BCMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO and certification audits according to ISO Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution) necessary for efficient conduct of an audit. This training is compatible with BS audit (Business continuity management specification) and ISO (Guidelines for information and communication technology readiness for business continuity). Learning Objectives To acquire the expertise of performing an ISO or BS internal audit, following the ISO guidelines To acquire the expertise of performing an ISO or BS certification audit, following the ISO guidelines and the specifications of ISO To acquire the expertise necessary for managing a BCMS audit team To understand the operation of the BCMS in accordance with ISO 22301, ISO or BS To understand the relationship between a Business Continuity Management System, including risk management, controls, the relationship & the compliance with the other requirements Who Should Attend? Internal auditors and auditors wanting to perform and lead BCMS certification audits Project managers or consultants wanting to master the BCMS audit process Individuals responsible for Business Continuity or conformity in an organization Members of a Business Continuity team Expert advisors in information technology Technical experts wanting to prepare for a Business Continuity audit function Agenda Introduction to Business Continuity Management System (BCMS) concepts as required by ISO Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS and regulatory framework Fundamental principles of Business Continuity ISO certification process 24
25 Business Continuity Management System (BCMS) Detailed presentation of the clauses of ISO22301 Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and risk Preparation of an ISO certification audit BCMS documentation audit Conducting an opening meeting Conducting an ISO audit Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Audit test plans Formulation of audit findings and documenting of nonconformities Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit ISO internal audit management program and second party audits PECB/ANSI Certification Exam - 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Auditor, Certified ISO Auditor or Certified ISO Auditor, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 25
26 Business Continuity Certified ISO Disaster Recovery Manager (PECB) 3 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF ICT DISASTER RECOVERY SERVICES ACCORDING TO ISO This three day intensive course enables participants to develop the necessary expertise to support an organization in implementing; maintaining and managing an ongoing Information and Communications Technology Disaster Recovery plan according to ISO Participants will also gain a thorough understanding of best practices described by this International Standard. Learning Objectives To understand the concepts, approaches, methods and techniques for the implementation and effective management of Disaster Recovery services To understand the relationship between ICT Disaster Recovery and the compliance with the requirements of different stakeholders on an organization To acquire the competence to implement, maintain and manage a Disaster Recovery plan in accordance with ISO To acquire the competence to effectively advise organizations on the best practices in ICT Disaster Recovery Who Should Attend? Disaster Recovery of IT Persons responsible for disaster recovery of conformity within an organization Member of a disaster recovery team IT disaster recovery consultants Staff implementing or seeking to comply with ISO or involved in a disaster recovery plan Agenda Introduction, risk assessment and mitigation according to ISO Differences between business continuity and disaster recovery Asset management Risk assessment and mitigation Document management Information security Business continuity Recovery facilities and sites, outsourced services and activation of DR plan according to ISO Recovery facilities Outsourced services Recovery sites Activation of disaster recovery plan Measurement, testing and continual improvement 26
27 Performance measurement Self-assessment Testing Continual improvement PECB Certification Exam 2 Hours General Information The Certified ISO Disaster Recovery Manager exam fully meets the requirements of the PECB Examination and Certification Program (ECP). Certification fees are included in the exam price Participant manual contains over 300 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 27
28 Information Security Management System Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO This five-day intensive course enables the participants to develop the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC The participants will also be given a thorough grounding in best practices used to implement Information Security controls from all areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Learning Objectives To understand the implementation of an ISMS To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS To acquire the necessary expertise to manage a team implementing ISO Who Should Attend? Compliance project managers Information Security consultants Internal and external ISO auditors Members of an Information Security team Agenda Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; initiating an ISMS Introduction to the management systems and the process approach Presentation of the ISO family standards and regulatory framework Fundamental principles of Information Security Preliminary analysis and determining the level of maturity based on ISO Writing a business case and a project plan for the implementation of an ISMS Planning the implementation of an ISMS based on ISO Defining the scope of an ISMS Drafting an ISMS and Information Security policies Selection of the approach and methodology for risk assessment Risk management: identification, analysis and treatment of risk (based on ISO 27005) Drafting the statement of applicability 28
29 Implementing an ISMS based on ISO Implementation of a document management framework Design of and implementation of controls Information Security training, awareness and communication program Incident management (drawing on guidance from ISO 27035) Operations management of an ISMS Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO Monitoring the ISMS controls Development of metrics, performance indicators and dashboards in accordance with ISO ISO internal audit Management review of an ISMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam (3 Hours) General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provision Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 29
30 Information Security Management System Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC standard. Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently. Objectives To acquire expertise of performing an ISO internal audit, following the ISO guidelines To acquire expertise of performing an ISO certification audit, following the ISO guidelines and the specifications of ISO and ISO To acquire necessary expertise for managing an ISMS audit team To understand the operation of an ISO Who Should Attend? Internal auditors Auditors wanting to perform and lead an ISMS certification audits Members of an Information Security team Technical experts wanting to prepare for an Information Security audit function Agenda Introduction to Information Security Management System (ISMS) concepts as required by ISO Normative, regulatory and legal framework related to Information Security Fundamental principles of Information Security The ISO certification process Detailed presentation of the clauses of ISO Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and on risk Preparation of an ISO certification audit Documenting of an ISMS audit Conducting an ISO audit 30
31 Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Drafting test plans Formulation of audit findings, drafting of nonconformity reports Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit and audit management program PECB/ANSI Certification Exam General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provision Auditor, Certified ISO Auditor or Certified ISO Lead Auditor, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 31
32 Information Security Management System Certified ISO Lead Manager (PECB) 4 Days MASTERING THE FUNDAMENTAL PRINCIPLES, CONCEPTS AND IMPLEMENTATION OF THE BEST PRACTICES OF INFORMATION SECURITY CONTROLS WITHIN THE PROCESS OF IMPLEMENTING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO/IEC This four day intensive course enables the participants to develop the expertise needed to support an organization in implementing and managing the information security controls of an Information Security Management System (ISMS) based on ISO Participants will also be given a thorough grounding in the best practices used to implement information security controls from all the areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). It is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Learning Objectives To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS and the required information security controls To understand the initiation, implementation, maintenance and improvement of the ISMS within an organization To acquire the necessary expertise to manage a team implementing ISO To develop the knowledge and skills required to advise organizations on best practices in the management of information security controls To improve the capacity for analysis and decision making in the context of information security controls Who Should Attend? Managers or consultants wanting to implement an Information Security Management System (ISMS) Project managers or consultants wanting to master the Information Security Management System implementation process Persons responsible for the information security or conformity in an organization Members of information security teams Expert advisors in information technology Technical experts wanting to prepare for an Information Security Audit function Persons responsible to develop their own information security management guidelines Agenda Introduction to Information Security Management System (ISMS) concepts and ISO Course objective and structure Standard and regulatory framework Fundamental Principles of Information Security Introduction to Information Security Management System Information security policies Organization of information security 32
33 Implementation of information security controls related to Human Resources, Asset Management and Access Control Human resources security Asset Management Access Control Implementation of information security controls related to Cryptography, Physical and Environment Security, Operations and Network Cryptography Physical and Environmental Security Operations Security Communications security Implementation of information security controls for Systems, Supplier Relationships, Incident Management, Continuity and Compliance System acquisition, development and maintenance Supplier Relationships Information security Incident Management Information security aspects of business continuity management Compliance Golden Rules and Conclusion PECB Certification Exam - 3 Hours General Information After successfully completing the ISO Lead Manager exam, participants can apply for the credentials of Certified ISO Provisional Lead Manager, Certified ISO Manager or Certified ISO Lead Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 33
34 Information Security Management System Certified ISO/IEC Application Lead Security Implementer (PECB) 4 Days MASTERING THE IMPLEMENTATION OF APPLICATION SECURITY (AS) PROCESSES, ACTIVITIES AND SECURITIES TECHNIQUES ACROSS THE ORGANISATION BASED ON THE INTERNATIONAL STANDARD ISO/IEC APPLICATION SECURITY This four-day intensive course enables the participants to understand specific principles and concepts proposed by ISO/ IEC for AS and understand how they can be implemented, step by step, to help organizations to develop, acquire, implement, use, and maintain trustworthy applications, according to their specific business context, at an acceptable cost. More specifically, the ISO/IEC framework proposes components and processes to provide verifiable evidences that an application have reached and maintained a targeted level of trust as specified by the organization. The responsibility of a Certified ISO/IEC Application Security Lead Implementer is to assist organizations to put in place required framework elements and guide the organization to integrate Application Security Controls (ASC) seamlessly throughout the life cycle of their applications. AS applies not only to the software of an application but also to its other components and contributing factors that impact its security, such as its technological context, its regulatory context, its business context, its specifications, the sensitivity of its data, and the processes and actors supporting its entire life cycle. This framework applies to all sizes and all types of organizations (e.g. not only to commercial enterprises, government agencies and nonprofit organizations that are using applications, but also to large, medium and small vendors that develop software, application and business services) exposed to security risks on information associated with their applications. Learning Objectives To understand the implementation of AS in accordance with ISO/IEC To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of AS To understand the relationship between the components of an AS including risk management, controls and compliance with the requirements of different stakeholders of the organization To acquire necessary expertise to support an organization in implementing, managing and maintaining an AS as specified in ISO/IEC To acquire necessary expertise to manage a team implementing ISO/IEC To develop knowledge and skills required to advise organizations on best practices in the management of AS To improve the capacity for analysis and decision making in the context of AS Who Should Attend? Managers, such as information security managers, project managers, administrators, software development managers, application owners and line managers, who wish to: Balance the cost of implementing and maintaining AS against the risks and value it 34
EXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor The objective of the Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses the needed expertise to audit a Quality
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27001 Lead Auditor The objective of the Certified ISO/IEC 27001 Lead Auditor examination is to ensure that the candidate has the knowledge and the skills to
More informationBusiness Intelligence & Business Continuity
Business Intelligence & Business Continuity BCM Maturity Curve April 22, 2013 COOP Systems Briefing 2 Chris Alvord, CEO, COOP Systems CBCP, MBCI, Former DRII Certified Trainer OCEG GRC, ISO 22301 Lead
More informationMoving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationBureau of Standards Jamaica Quarterly Training Schedule July - September 2015
Bureau of Standards Jamaica Quarterly Training Schedule July - September 2015 () The mission of the BSJ Training unit is to promote a culture of quality within the Jamaican society, by providing high and
More informationBUILD YOUR CYBERSECURITY SKILLS WITH NRB
BUILD YOUR CYBERSECURITY SKILLS WITH NRB BECOME A PECB CERTIFIED ISO 27001 AUDITOR OR INSTRUCTOR NRB established a partnership with the Professional Evaluation and Certification Board (PECB) to enrich
More informationCLASSIFICATION SPECIFICATION FORM
www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationGCERT BALTIC JSC. Tel.: +370 682 16 335 info@gcert.lt, www.gcerti.com www.gcert.eu Vilnius, Lithuania GCERT BALTIC JSC. ISO certification and training
Tel.: +370 682 16 335 info@gcert.lt, www.gcerti.com www.gcert.eu Vilnius, Lithuania GCERT BALTIC JSC GCERT BALTIC JSC - certification and training service provider. We provide Auditors and Management Systems
More informationQuick Guide: Managing ICT Risk for Business
Quick Guide: Managing ICT Risk for Business This Quick Guide is one of a series of information products aimed at helping small to medium sized enterprises identify and manage risks when assessing, buying
More informationFoundation Bridge in IT Service Management (ITSM) according to ISO/IEC 20000. Specification Sheet. ISO/IEC 20000 Foundation Bridge TÜV SÜD Akademie
Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC 20000 Specification Sheet TÜV SÜD Akademie Issue: 2.0 Date: 25 October 2012 Table of Contents 1 Reading aid... 4 2 ISO/IEC 20000 -
More informationWhen Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES. www.pecb.com
When Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES www.pecb.com CONTENT 3 4 4 5 7 7 7 7 8 Introduction An overview of ISO 31000:2009 Structure of ISO 31000:2009 Key
More informationHKITPC Competency Definition
HKITPC Competency Definition for the Certification copyright 2011 HKITPC HKITPC Competency Definition Document Number: HKCS-CD-L1L2 Version: 1.0 Date: June 2011 Prepared by Hong Kong IT Professional Certification
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationAn Overview of ISO/IEC 27000 family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationProcuring Penetration Testing Services
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
More informationInformation Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project
Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationNeed to protect your information? Take action with BSI s ISO/IEC 27001.
Need to protect your information? Take action with BSI s ISO/IEC 27001. Put sensitive customer and company information in the safe hands of ISO/IEC 27001. You simply can t be too careful when it comes
More informationCorporate Governance Guidelines
Corporate Governance Guidelines Teachers Federation Health Ltd ABN: 86 097 030 414 Original Endorsed: 25/06/2015 Version: December 2015 1. Corporate Governance Framework 1 2. Board of Directors 2 3. Performance
More informationYour Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.
INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing
More informationquality, health & safety and environment training and consulting
quality, health & safety and environment training and consulting QUALMS Group QHSE Training & Consulting is a leading business services provider of applied; Quality, Food Safety, Occupational Health &
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationISO 9001 Quality Management System Lead Auditor Training (IRCA)
ISO 9001 Quality Management System Lead Auditor Training (IRCA) Course Description BSI s Quality Management Systems (QMS) Auditor/Lead Auditor Training Course (ISO 9001) course teaches the principles and
More informationIntroduction to Social Compliance & Its Business Benefits
Proposal for Conducting Seminar on Introduction to Social Compliance & Its Business Benefits Submitted to: Environment Agency, Abu Dhabi Table of Contents Summary..02 Seminar Objectives 02 Content Outline..02
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
More informationChapter 2 INDUSTRIAL BUYING BEHAVIOUR: DECISION MAKING IN PURCHASING
Chapter 1 THE ROLE OF PURCHASING IN THE VALUE CHAIN The role and importance of the purchasing and supply function in the value chain. The difference between concepts such as ordering, buying, purchasing,
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationTRAINING BROCHURE 2015
CHAMBER CERTIFICATION ASSESSMENT SERVICES LIMITED TRAINING BROCHURE 2015 For the last 20 years, Chamber Certification Assessment Services Limited has been providing highly professional, quality training
More informationQUALITY MANAGEMENT SYSTEM MANUAL
The online version of this document is controlled. Therefore, all printed versions of this document are unofficial copies. QUALITY MANAGEMENT SYSTEM MANUAL 6901 Charles Street Towson, Maryland 21204 Manual
More informationRisk Management Committee Charter
Ramsay Health Care Limited ACN 001 288 768 Risk Management Committee Charter Approved by the Board of Ramsay Health Care Limited on 29 September 2015 Ramsay Health Care Limited ABN 57 001 288 768 Risk
More informationIT Risk & Security Specialist Position Description
Specialist Position Description February 9, 2015 Specialist Position Description February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level
More informationMiddlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager
Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationSABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE
SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE PREAMBLE The purpose of the IT Governance Committee is to ensure that IT is effectively governed at SABPP in accordance with the King III Code of Governance
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationFujitsu Group s Information Security
Fujitsu Group s Information Under the corporate governance system, the Fujitsu Group promotes appropriate information management and information usage according to Group rules, as part of risk management.
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationPreparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000
Preparation Guide Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published,
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationStandards for the Professional Practice of Internal Auditing
Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,
More informationCP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems
Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER
More informationTERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs)
TERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs) AUGUST 2014 1. Introduction National Information Technology Authority (NITA-U) was established by the Act of Parliament (National Information Technology
More informationISO 27001: Information Security and the Road to Certification
ISO 27001: Information Security and the Road to Certification White paper Abstract An information security management system (ISMS) is an essential part of an organization s defense against cyberattacks
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationCamber Quality Assurance (QA) Approach
Camber Quality Assurance (QA) Approach Camber s QA approach brings a tested, systematic methodology, ensuring that our customers receive the highest quality products and services, delivered via efficient
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationInternal Audit Standards
Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing
More informationTENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review
TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review CLOSING DATE & TIME FRIDAY, 23 JANUARY 2015 17H00 (Namibian Time) POSTAL & PHYSICAL ADDRESS
More informationHow to gain and maintain ISO 27001 certification
Public How to gain and maintain ISO 27001 certification Urpo Kaila, Head of Security CSC IT Center for Science ltd. urpo.kaila@csc.fi, security@csc.fi GÉANT SIG ISM 1 st Workshop, 2015-05-12, imperial.ac.uk
More informationPrincipled Performance & GRC
part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management
More informationCOBIT 5 Implementation Certification Course
COBIT 5 Implementation Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive
More informationICT SERVICE LEVEL AGREEMENT MANAGEMENT POLICY (EXTERNAL SERVICE PROVIDERS/VENDORS)
ICT SERVICE LEVEL AGREEMENT MANAGEMENT POLICY (EXTERNAL SERVICE PROVIDERS/VENDORS) TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIMS OF THE POLICY...
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationCertification Process Requirements
SAAS Certification Process Requirements SAAS Procedure 200 and ISO/IEC 17021 Social Accountability Accreditation Services, June 2010 Accreditation Process and Policies SAAS Normative Requirements SAAS
More informationWEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy
WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011
More informationFunctional and technical specifications. Background
Functional and technical specifications Background In terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA), the deputy auditor-general (DAG) is responsible for maintaining an effective, efficient
More informationISO/IEC 27001:2013 Your implementation guide
ISO/IEC 27001:2013 Your implementation guide What is ISO/IEC 27001? Successful businesses understand the value of timely, accurate information, good communications and confidentiality. Information security
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationPreliminary Draft JOB DESCRIPTIONS AND QUALIFICATIONS OF KEY PERSONNEL. XXXXX PPP Unit
Preliminary Draft JOB DESCRIPTIONS AND QUALIFICATIONS OF KEY PERSONNEL XXXXX PPP Unit Chief Executive Officer Job Description: The CEO is tasked with the establishment of a PPP Unit for the Government
More informationHKCAS Supplementary Criteria No. 8
Page 1 of 12 HKCAS Supplementary Criteria No. 8 Accreditation Programme for Information Security Management System (ISMS) Certification 1 INTRODUCTION 1.1 HKAS accreditation for information security management
More information2015 Information Security Awareness Catalogue
Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with
More informationISO 24762 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO 24762 INFORMATION TECHNOLOGY SECURITY TECHNIQUES GUIDELINES FOR INFORMATION AND COMMUNICATIONS TECHNOLOGY DISASTER RECOVERY SERVICES www.pecb.com CONTENT 3 4 5 5
More informationC ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY
CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information
More informationISO 9001:2015 QUALITY MANAGEMENT SYSTEMS AUDITOR/LEAD AUDITOR
Knowledge RECOGNITION Skills retention Further excellence behaviour Ability COMPETENCE QUALIFICATION ISO 9001 Training services SGS ACADEMY www.sgs.com sgs academy transforming people and businesses As
More informationBoard Charter. May 2014
May 2014 Document History and Version Control Document History Document Title: Board Charter Document Type: Charter Owner: Board [Company Secretary] Description of content: Corporate Governance practices
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationAEROSPACE STANDARD. Quality Management Systems - Requirements for Aviation, Space and Defense Organizations RATIONALE
AEROSPACE STANDARD AS9100C Issued 1999-11 Revised 2009-01 Superseding AS9100B Quality Management Systems - Requirements for Aviation, Space and Defense Organizations RATIONALE This standard has been revised
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationCSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.
Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1
More informationPreparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationPosition Description. Department: Quantitative Research Direct Reports: Project Manager/Researcher Senior Researcher
Position Description Position Title: Research Director (Quantitative) Reports to: Executive Director, Research Department: Direct Reports: Project Manager/Researcher Senior Researcher Date: 03/10/2011
More informationInformation Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationApplication of King III Corporate Governance Principles
APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationMANAGEMENT DEVELOPMENT COURSES
(FULL VIEW) MANAGEMENT DEVELOPMENT COURSES MANAGEMENT DEVELOPMENT COURSES LEADERSHIP DEVELOPMENT Developing Leadership Competencies 4 4 days 230,000 1-4 13-16 26-29 6-9 Critical Thinking: Tools for Problem
More informationQuick Guide: Meeting ISO 55001 Requirements for Asset Management
Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get
More informationPreparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,
More informationIntroduction to Business Continuity Planning
Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute
More informationTrusts. Protect your organisation from money laundering and fraud to prevent reputational damage
Trusts Protect your organisation from money laundering and fraud to prevent reputational damage Our Our organisation organisation was was founded on on four four key key values: innovation, quality, quality,
More informationPlan Development Getting from Principles to Paper
Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards
More informationJob Description Solutions Lead
Solutions Lead Department: Group: Direct Line Manager: Direct Reports: Business Support Manager - Information Services Database Applications Analyst, Technical Business Analyst Delegations: Primary Location:
More information