Training Catalogue

Transcription

1 Training Catalogue

2 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation ISO Compliance Management Implementation Corporate Compliance Workshop Optimizing Your Program.. Certified ISO Risk Manager PECB/ANSI Mastering Risk Management Workshop Toward Risk Convergence.. Certified ISO Governance of IT Manager PECB Certifies ISO Risk Manager of IT PECB/ANSI Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified ISO Disaster Recovery Manager PECB... Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified ISO Lead Manager PECB... Certified ISO/IEC Application Lead Security Implementer PECB. Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified Outsourcing Manager PECB. Certified Lead Privacy Implementer PECB. Certified Lead Forensic Examiner PECB/ANSI Certified Lead Security Incident Professional PECB. Certified Lead SCADA Security Professional PECB/ANSI Certified Lead Penetration Tester PECB.. Certified ISO Lead Implementer PECB. Certified ISO Lead Auditor PECB... Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Implementer PECB

3 Company Profile What We Do GRC Tech is a training and consultancy firm that assists organisations to understand, implement and comply with Governance, Risk and Compliance (GRC) related best practice standards and frameworks that lead to sustained process and business improvement. We meet the training, awareness and consulting needs of organisations in the following categories: Corporate Governance, Risk and Compliance Strategy and Performance Management IT Governance and IT Service Management Business Continuity and Information Security Management International Experience Since our inception in 2010, GRC Tech has successfully provided training, and has delivered GRC related consultancy projects to leading African and international organisations. We have delivered services in among other, South Africa, Botswana, Tanzania, Namibia, Mauritius, Uganda, Swaziland, Oman, Egypt, Kenya and Nigeria. Our Partners 3

4 Training Overview Our training courses are underpinned by internationally accepted Governance, Risk and Compliance (GRC) best practices based on a range of GRC related frameworks and standards including OCEG Red Book 2.1 & 3.0, ISO 19600, BS 10500, COBIT, ISO 38500, ISO 27005, ISO 27001, ISO and ISO Approach to GRC Management Training Our approach to training provides delegates with valuable practical experience of how to overcome the typical challenges they are likely to experience when undertaking GRC related projects within their own organisations. Delegates enjoy the following benefits: A choice of brief management overview, foundation or intensive practitioner-level courses Course development and presentation by subject-matter experts with in-depth knowledge and experience in their field of expertise Practical course content, hand-outs and interactive group discussions International certification exams for selected courses In-house Training On Demand In-house training provides a cost-effective and timesaving training opportunity, especially where an organisation has more than six staff members to train and / or requires training in remote locations. In-house courses can be facilitated at your organisation's own premises or conducted as a private course at a training venue of your choice Self-Study When you choose to study through GRC Tech training you have the option to select your course(s) from our range of certification programs. We offer you an unrivalled selection of quality distance education courses accredited by PECB the most respected awarding bodies Internationally. All of our students have access to an experienced professional in their field of study. He/she is totally committed to helping you succeed and is always on hand to answer any query you may have, no matter how big or small. Training Courses Available Governance, Risk Management & Compliance (GRC) Anti-Bribery Compliance Risk Management IT Governance, Risk Management & Compliance (IT GRC) IT Security Management Business Continuity & Disaster Recovery Management Professional Courses: CMO, CLPI, CLFE, CLSI, CL-SCADASP, CLPT Project Management Supply Chain Security Management Six Sigma 4

5 5

6 Governance, Risk Management & Compliance (GRC) GRC Fundamentals, Strategy and Implementation 3 Days Who Should Attend! CEO s, COO s, Chief Risk Officer, Chief Compliance Officer, Chief Information Officer, Chief Audit Executives and other Senior Managers. The objective is to give you an insight and practical strategies for your Governance, Risk and Compliance integration by: Defining progressive governance, risk, and compliance roles and responsibilities to move forward from silo management Fulfilling regulatory requirements while achieving a real ROI Increasing productivity and capital by putting an end to silo management Leveraging your current IT systems to integrate GRC Gaining an in-depth view into key risk metrics and policy compliance to improve your risk control and self-assessments About the Workshop The workshop provides an introductory overview of this new global groundswell of GRC, including discussion of the challenges organizations will face and business case that will drive this new movement. Topics covered include: An introduction to GRC: the new corporate must have Explanation of an integrated GRC system How is GRC different from current governance, risk, and compliance assurance methods? Building your business case What current laws require: a global perspective on bare minimum compliance, how the corporate governance bar continues to move upwards Integrated GRC: what parts must be assembled, bought, wired up, or rented to build one? What cultural changes are required to make it work? Setting up and staffing an integrated GRC system Overcoming barriers and avoiding pitfalls Maintaining and sustaining your GRC and measuring its benefits Agenda: GRC Overview: Where Are We Going and How Do We Get There? GRC: What s the Business Case for Change? Achieving GRC Buy-in at the Top and Establishing Clear Roles & Responsibilities Practical Strategies for Implementing GRC Establishing the Desired Enterprise-Wide Culture 6

7 Governance, Risk Management & Compliance (GRC) Business Objectives & Drivers Risk & Opportunities Plan & Design Integrated Approach Programs: The three core principles Oversight Personnel Leaders and Champions Strategic & Operating Personnel Plan & Organize the GRC Implementation The GRC Technology Roadmap 7

8 Anti Bribery Anti Bribery Management System Implementation 2 Days Successful implementation of BS Specification for an anti-bribery management system (ABMS) shows an organisation commitment to ethical behaviour and a vital part of Corporate Governance in a well-managed organisation which can help protect your corporate reputation and avoiding potentially corrupt transactions. Led by an experienced tutor, this two-day course will guide you through an implementation of an effective ABMS, using a combination of practical exercises, group activities and class discussions. Learning Objectives On completion of the course, delegates will be able to know: How to determine the threat of bribery within an organization How to recognize the key management system concepts of BS What are the benefits specific to my organization in relation to implementing an effective ABMS How to identify a typical framework for implementing BS following the Plan-Do- Check-Act (PDCA) cycle How to interpret the requirements of BS from an implementation perspective in the context of your organization How to conduct a base line review of your organizations current position with regard to BS Who Should Attend? Those responsible for anti-bribery management, ethical behaviour, corporate governance, risk and compliance, management systems, anti-bribery measures, human resources, procurement and those managing/selecting business associates especially if operating in high-risk bribery environments. Recommended job roles include: Human resource professionals and managers Company secretaries Internal legal teams Governance, risk and compliance managers Internal affairs and investigation teams Internal and external management systems auditors who are new to ABMS Procurement managers Private data and records administration teams Agenda Introduction to Anti-Bribery Management System (ABMS) concepts as required by BS Introduction to management systems and the process approach Fundamental principles in anti-bribery management General requirements Planning the Anti-Bribery Management System (ABMS) Allocating responsibility 8

9 Writing the anti-bribery policy Reviewing the requirements of the ABMS Designing or modifying the necessary policies, procedures and controls for the ABMS Preparing an implementation plan for the ABMS Monitoring and reviewing the ABMS Continual improvement of the ABMS Pre-Requisites There are no formal prerequisites to attend, however it is recommended that you have some knowledge of ABMS, in particular the BS standard, as well as an understanding of how your organization operates and the likely risks it faces. 9

10 Compliance ISO Compliance Management Implementation 3 Days ISO defines requirements to continually improve a compliance management system s effectiveness. It requires an organisation to establish, develop, document, implement, evaluate, maintain and improve an effective and responsive Compliance Management System (CMS). The policy, objectives and processes needed for compliance management must be determined, including the sequence and interaction, and be applied throughout. Learning Objectives This 3-day course provides delegates with an understanding of the International Organisation for Standardisation s (ISO) standard for compliance management systems ISO Upon successful completion of this course, participants should be able to: Identify compliance requirements and an appropriate system for recording them Plan, document and establish a compliance management system Review a compliance system & its processes Determine the purpose and the scope of compliance research that needs to be undertaken to meet legal and client obligations Define a compliance research plan and gather the required data Analyse the collected data in a manner that is meaningful to the organisation Document and communicate the compliance research outcomes Understand the components of a Continual improvement framework Use a Continual improvement Framework to ensure new ideas and improvements are managed in a consistent and systematic manner Who Should Attend? Compliance managers and officers Internal legal teams Governance, risk and compliance managers IT GRC officers Internal and external management systems auditors who are new to CMS Agenda Introduction to Compliance Management concepts as required by ISO Introduction to management systems and the process approach Fundamental principles in compliance management General requirements: presentation of the clauses of ISO Planning the Compliance Management System (CMS) Allocating responsibility Writing the compliance management policy and framework Reviewing the requirements of the CMS Designing or modifying the necessary policies, procedures and controls for the CMS 10

11 Preparing an implementation plan for the CMS Monitoring and reviewing the CMS Continual improvement of the CMS Pre-Requisites None 11

12 Compliance Corporate Compliance Workshop (Optimizing Your Program) 2 Days To create a program that reflects, incorporates and is integrated with your organization's culture, ethos and corporate compliance objectives, design a program that is tailored and fine-tuned with specific regard to the size, form, complexity and history of your organization, document specific steps taken in the implementation and operation of a compliance program and measure the program with metrics. Learning Objectives To recognize the importance of the mission, meeting compliance goal To set standards to be followed To empower employees to make decisions following prescribed guidelines, to ensure that progress was continuing to achieve agreed-upon goals To establish a decision-support mechanism To document specific steps taken in the implementation and operation of a compliance program To measure the program with metrics Who Should Attend? This workshop is designed for senior managers recognizing the importance of the mission - meeting compliance goals, specifically in terms of what is expected by stakeholders, the regulators, with no exceptions. Governance Officer Compliance Officer Legal Counsel Risk Manager Internal Auditor IT Manager Senior Managers in Planning, Finance, Marketing, Project, HR, etc. Consultants & Business Advisors Agenda Introduction Compliance Key Functions The four aspects of compliance operation: Demonstrating Compliance with relevant regulations Embedding Compliance within your organization Managing the cost of Compliance; and Identifying, addressing and resolving regulatory failures Purism v/s Pragmatism Looking at the Big Picture 12

13 What are the Compliance Issues! Governance Issues Compliance Issues Risk Issues IT Compliance Issues Why focus on compliance programs! Introduction to effective compliance program: Culture Scope & Strategy Structure & Resources Policies Communication & training Issue Management Evaluation The Framework Establishing an Enterprise Compliance Program: The Principles The Roadmap to Effective Compliance Policies, Procedures, and Controls The Measuring Criteria How do we measure! The Metrics The Compliance Maturity Model Awareness (external & internal) Structure & Accountability Culture & Consistency Processes/ Controls Automation & Integration Measurement Technology Reporting on measurement Integration of Compliance into the GRC Framework Case Study XYZ Ltd. 13

14 Risk Management Certified ISO Risk Manager (PECB/ANSI) 3 Days MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT BASED ON ISO AND IEC/ISO In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO general risk management standard, the process model it recommends, and how companies may use the standard. This training is also fully compatible with IEC/ISO 31010; which supports ISO by providing guidance for risk assessment. Learning Objectives To understand the concepts, approaches, methods and techniques allowing an effective Risk Management according to ISO To understand the relationship between the Risk Management and the compliance with the requirements of different stakeholders of an organization To acquire the competence to implement, maintain and manage an ongoing Risk Management program according to ISO compliance with all the other requirements To acquire the competence to effectively advise organizations on the best practices in Risk Management Who Should Attend? Governance Officer Compliance Officer Risk Manager Internal Auditor IT Manager Senior Managers in Planning, Finance, Marketing, Project, HR, etc. Consultants & Business Advisors Agenda Introduction, Risk Management framework according to ISO Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of a risk management framework Understanding an organization and its context Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Risk identification Risk analysis and risk evaluation Risk treatment 14

15 Risk acceptance and residual risk management Risk communication and consultation Risk monitoring and review Risk assessment methodologies according to IEC/ISO and Exam Presentation of risk assessment methodologies PECB/ANSI Certification Exam - 2 hours Pre-Requisites None General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Risk Manager Certification fees are included in the exam price Participant manual contain over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to participants 15

16 Risk Management Mastering Risk Management Workshop (Toward Risk Convergence) 2 Days In today's fast-moving, complex operating environment, risk executives need to cultivate an understanding across all areas of risk and business. Business problems are multifaceted, interrelated and increasingly global - executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective. This intensive two-day programme exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research. Learning Objectives Gain a valuable perspective on risk management in terms of corporate governance, as well as its relationship to cultural and stakeholder concerns Expand your network by linking up with a variety of individuals in risk-related fields and various business lines who think and make decisions about risk in the context of the entire enterprise Broaden your knowledge of leading-edge theory and practice, to increase your ability to create and sustain a high level of performance and steer projects to completion through an increased understanding of the issues impacting your organization Take part in focused learning and interact with your peers to improve your decisionmaking, leading to advanced proficiency and strategic advantages. Who Should Attend? Senior risk practitioners Executives with influence over their organization s risk strategy Business-line executives Non-Executive Directors Consultants & Business Advisors Agenda Introduction to GRC & E Defining the terms What is GRC convergence? A View At The Current State An Overview Of Standards Traditional vs Modern Risk Management Challenges with Risk Assessment GRC Risk Convergence - Key issues GRC Risk Convergence The Challenges GRC Risk Convergence Benefits GRC Risk Convergence Defined 16

17 Assessing Risks Developing A Common Shared Context Case Study Control vs Risk Focus Risk Taxonomy: Focus on Risk Types Understanding The Anatomy Of Risk The DNA Of Risk Management The Key Indicator Trio Risk Assessment Methodology Risk Assurance The GRC Framework Building A Business Case GRC Desired State Risk Maturity Level 17

18 IT Governance, Risk Management & Compliance Certified ISO Governance of IT Manager (PECB) 2 Days MASTERING THE FUNDAMENTAL PRINCIPLES AND CONCEPTS OF CORPORATE GOVERNANCE OF INFORMATION TECHNOLOGY BASED ON ISO This two day intensive course enables the participants to develop the necessary expertise to support an organization in implementing corporate governance of Information Technology as specified in ISO/IEC Participants will also gain a thorough understanding of best practices used to implement guidance for Corporate Governance of IT from all areas of ISO ISO/IEC applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization. Learning Objectives To understand the implementation of guidance for the corporate governance of IT in accordance with ISO 38500, & To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an corporate governance of IT To understand the relationship between the components of a corporate governance of IT, including responsibility, strategy, acquisition, performance, conformance, human behavior To acquire necessary expertise to manage a team implementing ISO Who Should Attend? Project managers or consultants wanting to prepare and to support an organization in the implementation of corporate governance of Information Technology ISO auditors who wish to fully understand the corporate governance of IT implementation process Senior Managers responsible for the IT governance of an enterprise and the management of its risks Members of groups monitoring the resources within the organization External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies; Vendors of hardware, software, communications and other IT products Internal and external service providers (including consultants) Agenda Introduction to corporate governance of IT Fundamental principles of corporate governance of IT Initiation process of corporate governance of IT Definition of the scope Corporate governance application Objectives of ISO Benefits of using this standard Referenced documents ISO & Definitions 18

19 Framework and guidance for good governance of IT Principles Model Responsibility of directors for corporate governance of IT Strategy of IT development Acquisition Performance of corporate governance of IT Conformance Human Behavior PECB Certification Exam - 2 hours General Information After successfully completing the ISO Corporate Governance of IT Manager exam, participants can apply for the credentials of Certified ISO Corporate Governance of IT Provisional Manager or Certified ISO Corporate Governance of IT Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 200 pages of information and practical examples A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 19

20 IT Governance, Risk Management & Compliance Certified ISO IT Risk Manager (PECB/ANSI) 3 Days MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY BASED ON ISO In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO/IEC 27001:2013 standard. Learning Objectives To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO To interpret the requirements of ISO on information security risk management To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO To acquire the competence to effectively advise organizations on the best practices in information security risk management Who Should Attend? Risk managers Member of the information security team Persons responsible for information security or conformity within an organization Staff implementing or seeking to comply with ISO or involved in a risk management program IT consultants Agenda Introduction, risk management program according to ISO Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of an information security risk management program Understanding an organization and its context Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Risk identification Risk analysis and risk evaluation Risk assessment with a quantitative method Risk treatment 20

21 Risk acceptance and residual risk management Information Security Risk Communication and Consultation Risk monitoring and review Overview of other information security risk assessment methods and exam Presentation of OCTAVE method Presentation of MEHARI method Presentation of EBIOS method Presentation of Harmonized TRA method PECB/ANSI Certification Exam (2 hours) General Information After successfully completing the Certified ISO Risk Manager exam, participants can apply for the credentials of Certified ISO Risk Manager or Certified ISO Risk Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 21

22 Business Continuity Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A BUSINESS CONTINUITYMANAGEMENT SYSTEM (BCMS) BASED ON ISO This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO The participants will also gain a thorough understanding of best practices used to implement Business Continuity processes from the ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS (Business Continuity Management Specification) and ISO (Guidelines for information and communication technology readiness for Business Continuity) Learning Objectives To understand the implementation of a BCMS in accordance with ISO 22301, ISO or BS To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a BCMS To understand the relationship between the components of a BCMS and the compliance with the other requirements To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO or BS To acquire the necessary expertise to manage a team implementing ISO or BS Who Should Attend? Project managers or consultants wanting to prepare and support an organization in the implementation of a Business Continuity Management System (BCMS) Business Continuity auditors who wish to fully understand the implementation of a Business Continuity Management System Individuals responsible for the Business Continuity or conformity in an organization Members of a Business Continuity team Expert advisors in Business Continuity Members of organizations that want to prepare for a business continuity function or for a BCMS project management function Agenda Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301: Initiating a BCMS Introduction to the management systems and the process approach Presentation of the standards ISO 22301, ISO/PAS 22399, ISO 27031, BS and regulatory framework Fundamental principles of Business Continuity 22

23 Preliminary analysis and determining the level of maturity of the existing BCMS based upon ISO Writing a business case and a project plan for the implementation of a BCMS Planning a BCMS based on ISO Definition of the scope of a BCMS Development of a BCMS and Business Continuity Policies Business Impact Analysis (BIA) and Risk Assessment Implementing a BCMS based on ISO Implementation of a document management framework Design and implementation of Business Continuity processes and writing procedures Development of a training & awareness program and communicating about the BCMS Incident management and emergency management Operations management of a BCMS Controlling, monitoring and measuring e a BCMS and the certification audit of a BCMS in accordance with ISO Monitoring BCMS processes Development of metrics, performance indicators and dashboards Internal audit and management review of a BCMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam - 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 23

24 Business Continuity Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the needed expertise to audit a Business Continuity Management System (BCMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO and certification audits according to ISO Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution) necessary for efficient conduct of an audit. This training is compatible with BS audit (Business continuity management specification) and ISO (Guidelines for information and communication technology readiness for business continuity). Learning Objectives To acquire the expertise of performing an ISO or BS internal audit, following the ISO guidelines To acquire the expertise of performing an ISO or BS certification audit, following the ISO guidelines and the specifications of ISO To acquire the expertise necessary for managing a BCMS audit team To understand the operation of the BCMS in accordance with ISO 22301, ISO or BS To understand the relationship between a Business Continuity Management System, including risk management, controls, the relationship & the compliance with the other requirements Who Should Attend? Internal auditors and auditors wanting to perform and lead BCMS certification audits Project managers or consultants wanting to master the BCMS audit process Individuals responsible for Business Continuity or conformity in an organization Members of a Business Continuity team Expert advisors in information technology Technical experts wanting to prepare for a Business Continuity audit function Agenda Introduction to Business Continuity Management System (BCMS) concepts as required by ISO Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS and regulatory framework Fundamental principles of Business Continuity ISO certification process 24

25 Business Continuity Management System (BCMS) Detailed presentation of the clauses of ISO22301 Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and risk Preparation of an ISO certification audit BCMS documentation audit Conducting an opening meeting Conducting an ISO audit Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Audit test plans Formulation of audit findings and documenting of nonconformities Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit ISO internal audit management program and second party audits PECB/ANSI Certification Exam - 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Auditor, Certified ISO Auditor or Certified ISO Auditor, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 25

26 Business Continuity Certified ISO Disaster Recovery Manager (PECB) 3 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF ICT DISASTER RECOVERY SERVICES ACCORDING TO ISO This three day intensive course enables participants to develop the necessary expertise to support an organization in implementing; maintaining and managing an ongoing Information and Communications Technology Disaster Recovery plan according to ISO Participants will also gain a thorough understanding of best practices described by this International Standard. Learning Objectives To understand the concepts, approaches, methods and techniques for the implementation and effective management of Disaster Recovery services To understand the relationship between ICT Disaster Recovery and the compliance with the requirements of different stakeholders on an organization To acquire the competence to implement, maintain and manage a Disaster Recovery plan in accordance with ISO To acquire the competence to effectively advise organizations on the best practices in ICT Disaster Recovery Who Should Attend? Disaster Recovery of IT Persons responsible for disaster recovery of conformity within an organization Member of a disaster recovery team IT disaster recovery consultants Staff implementing or seeking to comply with ISO or involved in a disaster recovery plan Agenda Introduction, risk assessment and mitigation according to ISO Differences between business continuity and disaster recovery Asset management Risk assessment and mitigation Document management Information security Business continuity Recovery facilities and sites, outsourced services and activation of DR plan according to ISO Recovery facilities Outsourced services Recovery sites Activation of disaster recovery plan Measurement, testing and continual improvement 26

27 Performance measurement Self-assessment Testing Continual improvement PECB Certification Exam 2 Hours General Information The Certified ISO Disaster Recovery Manager exam fully meets the requirements of the PECB Examination and Certification Program (ECP). Certification fees are included in the exam price Participant manual contains over 300 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 27

28 Information Security Management System Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO This five-day intensive course enables the participants to develop the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC The participants will also be given a thorough grounding in best practices used to implement Information Security controls from all areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Learning Objectives To understand the implementation of an ISMS To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS To acquire the necessary expertise to manage a team implementing ISO Who Should Attend? Compliance project managers Information Security consultants Internal and external ISO auditors Members of an Information Security team Agenda Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; initiating an ISMS Introduction to the management systems and the process approach Presentation of the ISO family standards and regulatory framework Fundamental principles of Information Security Preliminary analysis and determining the level of maturity based on ISO Writing a business case and a project plan for the implementation of an ISMS Planning the implementation of an ISMS based on ISO Defining the scope of an ISMS Drafting an ISMS and Information Security policies Selection of the approach and methodology for risk assessment Risk management: identification, analysis and treatment of risk (based on ISO 27005) Drafting the statement of applicability 28

29 Implementing an ISMS based on ISO Implementation of a document management framework Design of and implementation of controls Information Security training, awareness and communication program Incident management (drawing on guidance from ISO 27035) Operations management of an ISMS Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO Monitoring the ISMS controls Development of metrics, performance indicators and dashboards in accordance with ISO ISO internal audit Management review of an ISMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam (3 Hours) General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provision Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 29

30 Information Security Management System Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC standard. Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently. Objectives To acquire expertise of performing an ISO internal audit, following the ISO guidelines To acquire expertise of performing an ISO certification audit, following the ISO guidelines and the specifications of ISO and ISO To acquire necessary expertise for managing an ISMS audit team To understand the operation of an ISO Who Should Attend? Internal auditors Auditors wanting to perform and lead an ISMS certification audits Members of an Information Security team Technical experts wanting to prepare for an Information Security audit function Agenda Introduction to Information Security Management System (ISMS) concepts as required by ISO Normative, regulatory and legal framework related to Information Security Fundamental principles of Information Security The ISO certification process Detailed presentation of the clauses of ISO Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and on risk Preparation of an ISO certification audit Documenting of an ISMS audit Conducting an ISO audit 30

31 Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Drafting test plans Formulation of audit findings, drafting of nonconformity reports Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit and audit management program PECB/ANSI Certification Exam General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provision Auditor, Certified ISO Auditor or Certified ISO Lead Auditor, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 31

32 Information Security Management System Certified ISO Lead Manager (PECB) 4 Days MASTERING THE FUNDAMENTAL PRINCIPLES, CONCEPTS AND IMPLEMENTATION OF THE BEST PRACTICES OF INFORMATION SECURITY CONTROLS WITHIN THE PROCESS OF IMPLEMENTING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO/IEC This four day intensive course enables the participants to develop the expertise needed to support an organization in implementing and managing the information security controls of an Information Security Management System (ISMS) based on ISO Participants will also be given a thorough grounding in the best practices used to implement information security controls from all the areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). It is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Learning Objectives To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS and the required information security controls To understand the initiation, implementation, maintenance and improvement of the ISMS within an organization To acquire the necessary expertise to manage a team implementing ISO To develop the knowledge and skills required to advise organizations on best practices in the management of information security controls To improve the capacity for analysis and decision making in the context of information security controls Who Should Attend? Managers or consultants wanting to implement an Information Security Management System (ISMS) Project managers or consultants wanting to master the Information Security Management System implementation process Persons responsible for the information security or conformity in an organization Members of information security teams Expert advisors in information technology Technical experts wanting to prepare for an Information Security Audit function Persons responsible to develop their own information security management guidelines Agenda Introduction to Information Security Management System (ISMS) concepts and ISO Course objective and structure Standard and regulatory framework Fundamental Principles of Information Security Introduction to Information Security Management System Information security policies Organization of information security 32

33 Implementation of information security controls related to Human Resources, Asset Management and Access Control Human resources security Asset Management Access Control Implementation of information security controls related to Cryptography, Physical and Environment Security, Operations and Network Cryptography Physical and Environmental Security Operations Security Communications security Implementation of information security controls for Systems, Supplier Relationships, Incident Management, Continuity and Compliance System acquisition, development and maintenance Supplier Relationships Information security Incident Management Information security aspects of business continuity management Compliance Golden Rules and Conclusion PECB Certification Exam - 3 Hours General Information After successfully completing the ISO Lead Manager exam, participants can apply for the credentials of Certified ISO Provisional Lead Manager, Certified ISO Manager or Certified ISO Lead Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 33

34 Information Security Management System Certified ISO/IEC Application Lead Security Implementer (PECB) 4 Days MASTERING THE IMPLEMENTATION OF APPLICATION SECURITY (AS) PROCESSES, ACTIVITIES AND SECURITIES TECHNIQUES ACROSS THE ORGANISATION BASED ON THE INTERNATIONAL STANDARD ISO/IEC APPLICATION SECURITY This four-day intensive course enables the participants to understand specific principles and concepts proposed by ISO/ IEC for AS and understand how they can be implemented, step by step, to help organizations to develop, acquire, implement, use, and maintain trustworthy applications, according to their specific business context, at an acceptable cost. More specifically, the ISO/IEC framework proposes components and processes to provide verifiable evidences that an application have reached and maintained a targeted level of trust as specified by the organization. The responsibility of a Certified ISO/IEC Application Security Lead Implementer is to assist organizations to put in place required framework elements and guide the organization to integrate Application Security Controls (ASC) seamlessly throughout the life cycle of their applications. AS applies not only to the software of an application but also to its other components and contributing factors that impact its security, such as its technological context, its regulatory context, its business context, its specifications, the sensitivity of its data, and the processes and actors supporting its entire life cycle. This framework applies to all sizes and all types of organizations (e.g. not only to commercial enterprises, government agencies and nonprofit organizations that are using applications, but also to large, medium and small vendors that develop software, application and business services) exposed to security risks on information associated with their applications. Learning Objectives To understand the implementation of AS in accordance with ISO/IEC To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of AS To understand the relationship between the components of an AS including risk management, controls and compliance with the requirements of different stakeholders of the organization To acquire necessary expertise to support an organization in implementing, managing and maintaining an AS as specified in ISO/IEC To acquire necessary expertise to manage a team implementing ISO/IEC To develop knowledge and skills required to advise organizations on best practices in the management of AS To improve the capacity for analysis and decision making in the context of AS Who Should Attend? Managers, such as information security managers, project managers, administrators, software development managers, application owners and line managers, who wish to: Balance the cost of implementing and maintaining AS against the risks and value it 34