Training Catalogue

61  Download (0)

Full text

(1)
(2)

2

Table of Content

Page Company Profile……… Training Overview……….. Training Catalogue………...

GRC Fundamentals, Strategy & Implementation Workshop……… Anti Bribery Management System Implementation……… ISO 19600 Compliance Management Implementation……… Corporate Compliance Workshop – Optimizing Your Program……….. Certified ISO 31000 Risk Manager – PECB/ANSI……… Mastering Risk Management Workshop – Toward Risk Convergence……….. Certified ISO 38500 Governance of IT Manager – PECB……… Certifies ISO 27005 Risk Manager of IT – PECB/ANSI……… Certified ISO 22301 Lead Implementer – PECB/ANSI……….. Certified ISO 22301 Lead Auditor – PECB/ANSI………. Certified ISO 24762 Disaster Recovery Manager – PECB………... Certified ISO 27001 Lead Implementer – PECB/ANSI……….. Certified ISO 27001 Lead Auditor – PECB/ANSI………. Certified ISO 27002 Lead Manager – PECB………... Certified ISO/IEC 27034 Application Lead Security Implementer – PECB………. Certified ISO 20000 Lead Implementer – PECB/ANSI……….. Certified ISO 20000 Lead Auditor – PECB/ANSI………. Certified Outsourcing Manager – PECB………. Certified Lead Privacy Implementer – PECB………. Certified Lead Forensic Examiner – PECB/ANSI……… Certified Lead Security Incident Professional – PECB………. Certified Lead SCADA Security Professional – PECB/ANSI……… Certified Lead Penetration Tester – PECB……….. Certified ISO 21500 Lead Implementer – PECB………. Certified ISO 21500 Lead Auditor – PECB………... Certified ISO 28000 Lead Implementer – PECB/ANSI……….. Certified ISO 13053 Lead Implementer – PECB……….

3 4 5 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 37 39 41 43 45 47 49 51 53 55 57 59

(3)

3

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Company Profile

What We Do

GRC Tech is a training and consultancy firm that assists organisations to understand, implement and comply with Governance, Risk and Compliance (GRC) related best practice standards and frameworks that lead to sustained process and business improvement.

We meet the training, awareness and consulting needs of organisations in the following categories:

 Corporate Governance, Risk and Compliance

 Strategy and Performance Management

 IT Governance and IT Service Management

 Business Continuity and Information Security Management

International Experience

Since our inception in 2010, GRC Tech has successfully provided training, and has delivered GRC related consultancy projects to leading African and international organisations. We have delivered services in among other, South Africa, Botswana, Tanzania, Namibia, Mauritius, Uganda, Swaziland, Oman, Egypt, Kenya and Nigeria.

(4)

4

Training Overview

Our training courses are underpinned by internationally accepted Governance, Risk and Compliance (GRC) best practices based on a range of GRC related frameworks and standards including OCEG Red Book 2.1 & 3.0, ISO 19600, BS 10500, COBIT, ISO 38500, ISO 27005, ISO 27001, ISO 22301 and ISO 20000…….

Approach to GRC Management Training

Our approach to training provides delegates with valuable practical experience of how to overcome the typical challenges they are likely to experience when undertaking GRC related projects within their own organisations. Delegates enjoy the following benefits:

 A choice of brief management overview, foundation or intensive practitioner-level courses

 Course development and presentation by subject-matter experts with in-depth knowledge and experience in their field of expertise

 Practical course content, hand-outs and interactive group discussions

 International certification exams for selected courses

In-house Training – On Demand

In-house training provides a cost-effective and timesaving training opportunity, especially where an organisation has more than six staff members to train and / or requires training in remote locations.

In-house courses can be facilitated at your organisation's own premises or conducted as a private course at a training venue of your choice

Self-Study

When you choose to study through GRC Tech training you have the option to select your course(s) from our range of certification programs. We offer you an unrivalled selection of quality distance education courses accredited by PECB the most respected awarding bodies Internationally.

All of our students have access to an experienced professional in their field of study. He/she is totally committed to helping you succeed and is always on hand to answer any query you may have, no matter how big or small.

Training Courses Available

 Governance, Risk Management & Compliance (GRC)

 Anti-Bribery

 Compliance

 Risk Management

 IT Governance, Risk Management & Compliance (IT GRC)

 IT Security Management

 Business Continuity & Disaster Recovery Management

 Professional Courses: CMO, CLPI, CLFE, CLSI, CL-SCADASP, CLPT

 Project Management

 Supply Chain Security Management

(5)

5

(6)

6

Governance, Risk Management & Compliance

(GRC)

GRC Fundamentals, Strategy and Implementation – 3 Days

Who Should Attend!

CEO’s, COO’s, Chief Risk Officer, Chief Compliance Officer, Chief Information Officer, Chief Audit Executives and other Senior Managers.

The objective is to give you an insight and practical strategies for your Governance, Risk and Compliance integration by:

Defining progressive governance, risk, and compliance roles and responsibilities to move forward from silo management

Fulfilling regulatory requirements while achieving a real ROI

Increasing productivity and capital by putting an end to silo management

Leveraging your current IT systems to integrate GRC

Gaining an in-depth view into key risk metrics and policy compliance to improve your risk control and self-assessments

About the Workshop

The workshop provides an introductory overview of this new global groundswell of GRC, including discussion of the challenges organizations will face and business case that will drive this new movement.

Topics covered include:

An introduction to GRC: the new corporate “must have”

Explanation of an integrated GRC system

How is GRC different from current governance, risk, and compliance assurance methods?

Building your business case

What current laws require: a global perspective on “bare minimum” compliance, how the corporate governance bar continues to move upwards

Integrated GRC: what parts must be assembled, bought, wired up, or rented to build one? What cultural changes are required to make it work?

Setting up and staffing an integrated GRC system

Overcoming barriers and avoiding pitfalls

Maintaining and sustaining your GRC and measuring its benefits

Agenda:

GRC Overview: Where Are We Going and How Do We Get There? GRC: What’s the Business Case for Change?

Achieving GRC Buy-in at the Top and Establishing Clear Roles & Responsibilities Practical Strategies for Implementing GRC

(7)

7

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Governance, Risk Management & Compliance

(GRC)

Business Objectives & Drivers

Risk & Opportunities

Plan & Design

Integrated Approach Programs: The three core principles

Oversight Personnel

Leaders and Champions

Strategic & Operating Personnel

Plan & Organize the GRC Implementation The GRC Technology Roadmap

(8)

8

Anti Bribery

Anti Bribery Management System Implementation – 2 Days

Successful implementation of BS 10500 ‘Specification for an anti-bribery management system (ABMS)’ shows an organisation commitment to ethical behaviour and a vital part of Corporate Governance in a well-managed organisation which can help protect your corporate reputation and avoiding potentially corrupt transactions.

Led by an experienced tutor, this two-day course will guide you through an implementation of an effective ABMS, using a combination of practical exercises, group activities and class discussions.

Learning Objectives

On completion of the course, delegates will be able to know:

 How to determine the threat of bribery within an organization

 How to recognize the key management system concepts of BS 10500

 What are the benefits specific to my organization in relation to implementing an effective ABMS

 How to identify a typical framework for implementing BS 10500 following the Plan-Do-Check-Act (PDCA) cycle

 How to interpret the requirements of BS 10500 from an implementation perspective in the context of your organization

 How to conduct a base line review of your organizations current position with regard to BS 10500

Who Should Attend?

Those responsible for anti-bribery management, ethical behaviour, corporate governance, risk and compliance, management systems, anti-bribery measures, human resources, procurement and those managing/selecting business associates especially if operating in high-risk bribery environments.

Recommended job roles include:

 Human resource professionals and managers

 Company secretaries

 Internal legal teams

 Governance, risk and compliance managers

 Internal affairs and investigation teams

 Internal and external management systems auditors who are new to ABMS

 Procurement managers

 Private data and records administration teams

Agenda

Introduction to Anti-Bribery Management System (ABMS) concepts as required by BS 10500

Introduction to management systems and the process approach

Fundamental principles in anti-bribery management

General requirements

Planning the Anti-Bribery Management System (ABMS)

Allocating responsibility

(9)

9

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Writing the anti-bribery policy

Reviewing the requirements of the ABMS

Designing or modifying the necessary policies, procedures and controls for the ABMS

Preparing an implementation plan for the ABMS

Monitoring and reviewing the ABMS Continual improvement of the ABMS

Pre-Requisites

There are no formal prerequisites to attend, however it is recommended that you have some knowledge of ABMS, in particular the BS 10500 standard, as well as an understanding of how your organization operates and the likely risks it faces.

(10)

10

Compliance

ISO 19600 Compliance Management Implementation – 3 Days

ISO 19600 defines requirements to continually improve a compliance management system’s effectiveness. It requires an organisation to establish, develop, document, implement, evaluate, maintain and improve an effective and responsive Compliance Management System (CMS). The policy, objectives and processes needed for compliance management must be determined, including the sequence and interaction, and be applied throughout.

Learning Objectives

This 3-day course provides delegates with an understanding of the International Organisation for Standardisation’s (ISO) standard for compliance management systems – ISO 19600.

Upon successful completion of this course, participants should be able to:

 Identify compliance requirements and an appropriate system for recording them

 Plan, document and establish a compliance management system

 Review a compliance system & its processes

 Determine the purpose and the scope of compliance research that needs to be undertaken to meet legal and client obligations

 Define a compliance research plan and gather the required data

 Analyse the collected data in a manner that is meaningful to the organisation

 Document and communicate the compliance research outcomes

 Understand the components of a Continual improvement framework

 Use a Continual improvement Framework to ensure new ideas and improvements are managed in a consistent and systematic manner

Who Should Attend?

 Compliance managers and officers

 Internal legal teams

 Governance, risk and compliance managers

 IT GRC officers

 Internal and external management systems auditors who are new to CMS

Agenda

Introduction to Compliance Management concepts as required by ISO 19600

Introduction to management systems and the process approach

Fundamental principles in compliance management

General requirements: presentation of the clauses of ISO 19600

Planning the Compliance Management System (CMS)

Allocating responsibility

Writing the compliance management policy and framework

Reviewing the requirements of the CMS

(11)

11

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Preparing an implementation plan for the CMS Monitoring and reviewing the CMS

Continual improvement of the CMS

Pre-Requisites

(12)

12

Compliance

Corporate Compliance Workshop (Optimizing Your Program) – 2 Days

To create a program that reflects, incorporates and is integrated with your organization's culture, ethos and corporate compliance objectives, design a program that is tailored and fine-tuned with specific regard to the size, form, complexity and history of your organization, document specific steps taken in the implementation and operation of a compliance program and measure the program with metrics.

Learning Objectives

 To recognize the importance of the mission, meeting compliance goal

 To set standards to be followed

 To empower employees to make decisions following prescribed guidelines, to ensure that progress was continuing to achieve agreed-upon goals

 To establish a decision-support mechanism

 To document specific steps taken in the implementation and operation of a compliance program

 To measure the program with metrics

Who Should Attend?

This workshop is designed for senior managers recognizing the importance of the mission - meeting compliance goals, specifically in terms of what is expected by stakeholders, the regulators, with no exceptions.  Governance Officer  Compliance Officer  Legal Counsel  Risk Manager  Internal Auditor  IT Manager

 Senior Managers in Planning, Finance, Marketing, Project, HR, etc.

 Consultants & Business Advisors

Agenda

Introduction

Compliance Key Functions

The four aspects of compliance operation:

Demonstrating Compliance with relevant regulations

Embedding Compliance within your organization

Managing the cost of Compliance; and

Identifying, addressing and resolving regulatory failures

Purism v/s Pragmatism Looking at the “Big Picture”

(13)

13

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

What are the Compliance Issues!

Governance Issues

Compliance Issues

Risk Issues

IT Compliance Issues

Why focus on compliance programs!

Introduction to effective compliance program:

Culture

Scope & Strategy

Structure & Resources

Policies

Communication & training

Issue Management

Evaluation

The Framework

Establishing an Enterprise Compliance Program:

The Principles

The Roadmap to Effective Compliance Policies, Procedures, and Controls

The Measuring Criteria

How do we measure! – The Metrics

The Compliance Maturity Model

Awareness (external & internal)

Structure & Accountability

Culture & Consistency

Processes/ Controls Automation & Integration

Measurement

Technology

Reporting on measurement

Integration of Compliance into the GRC Framework Case Study – XYZ Ltd.

(14)

14

Risk Management

Certified ISO 31000 Risk Manager (PECB/ANSI) – 3 Days

MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT BASED ON

ISO 31000 AND IEC/ISO 31010

In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard. This training is also fully compatible with IEC/ISO 31010; which supports ISO 31000 by providing guidance for risk assessment.

Learning Objectives

 To understand the concepts, approaches, methods and techniques allowing an effective Risk Management according to ISO 31000

 To understand the relationship between the Risk Management and the compliance with the requirements of different stakeholders of an organization

 To acquire the competence to implement, maintain and manage an ongoing Risk Management program according to ISO 31000 compliance with all the other requirements

 To acquire the competence to effectively advise organizations on the best practices in Risk Management

Who Should Attend?  Governance Officer

 Compliance Officer

 Risk Manager

 Internal Auditor

 IT Manager

 Senior Managers in Planning, Finance, Marketing, Project, HR, etc.

Consultants & Business Advisors

Agenda

Introduction, Risk Management framework according to ISO 31000

Concepts and definitions related to risk management

Risk management standards, frameworks and methodologies

Implementation of a risk management framework

Understanding an organization and its context

Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 31000

Risk identification

Risk analysis and risk evaluation

(15)

15

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Risk acceptance and residual risk management

Risk communication and consultation

Risk monitoring and review

Risk assessment methodologies according to IEC/ISO 31010 and Exam

Presentation of risk assessment methodologies

PECB/ANSI Certification Exam - 2 hours

Pre-Requisites

None

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO 31000 Risk Manager

 Certification fees are included in the exam price

 Participant manual contain over 350 pages of information and practical examples

 A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to participants

(16)

16

Risk Management

Mastering Risk Management Workshop (Toward Risk Convergence) –

2 Days

In today's fast-moving, complex operating environment, risk executives need to cultivate an understanding across all areas of risk and business.

Business problems are multifaceted, interrelated and increasingly global - executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective.

This intensive two-day programme exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research.

Learning Objectives

 Gain a valuable perspective on risk management in terms of corporate governance, as well as its relationship to cultural and stakeholder concerns

 Expand your network by linking up with a variety of individuals in risk-related fields and various business lines who think and make decisions about risk in the context of the entire enterprise

 Broaden your knowledge of leading-edge theory and practice, to increase your ability to create and sustain a high level of performance and steer projects to completion through an increased understanding of the issues impacting your organization

 Take part in focused learning and interact with your peers to improve your decision-making, leading to advanced proficiency and strategic advantages.

Who Should Attend?

 Senior risk practitioners

 Executives with influence over their organization’s risk strategy

 Business-line executives

 Non-Executive Directors

 Consultants & Business Advisors

Agenda

Introduction to GRC & E – Defining the terms What is “GRC’” convergence?

A View At The “Current State”

An Overview Of Standards

Traditional vs Modern Risk Management Challenges with Risk Assessment GRC Risk Convergence - Key issues

GRC Risk Convergence – The Challenges

GRC Risk Convergence – Benefits

(17)

17

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Assessing Risks

Developing A Common Shared Context

Case Study

Control vs Risk Focus

Risk Taxonomy: Focus on Risk Types

Understanding The Anatomy Of Risk

The DNA Of Risk Management

The Key Indicator Trio

Risk Assessment Methodology

Risk Assurance

The GRC Framework Building A Business Case GRC Desired State Risk Maturity Level

(18)

18

IT Governance, Risk Management & Compliance

Certified ISO 38500 Governance of IT Manager (PECB) – 2 Days

MASTERING THE FUNDAMENTAL PRINCIPLES AND CONCEPTS OF CORPORATE

GOVERNANCE OF INFORMATION TECHNOLOGY BASED ON ISO 38500

This two day intensive course enables the participants to develop the necessary expertise to support an organization in implementing corporate governance of Information Technology as specified in ISO/IEC 38500. Participants will also gain a thorough understanding of best practices used to implement guidance for Corporate Governance of IT from all areas of ISO 38500. ISO/IEC 38500 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.

Learning Objectives

 To understand the implementation of guidance for the corporate governance of IT in accordance with ISO 38500, 38501 & 38502

 To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an corporate governance of IT

 To understand the relationship between the components of a corporate governance of IT, including responsibility, strategy, acquisition, performance, conformance, human behavior

 To acquire necessary expertise to manage a team implementing ISO 38500

Who Should Attend?

 Project managers or consultants wanting to prepare and to support an organization in the implementation of corporate governance of Information Technology

 ISO 38500 auditors who wish to fully understand the corporate governance of IT implementation process

 Senior Managers responsible for the IT governance of an enterprise and the management of its risks

 Members of groups monitoring the resources within the organization

 External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies;

 Vendors of hardware, software, communications and other IT products

 Internal and external service providers (including consultants)

Agenda

Introduction to corporate governance of IT

Fundamental principles of corporate governance of IT

Initiation process of corporate governance of IT

Definition of the scope

Corporate governance application

Objectives of ISO 38500

Benefits of using this standard

Referenced documents – ISO 38501 & 38502

(19)

19

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Framework and guidance for good governance of IT

Principles

Model

Responsibility of directors for corporate governance of IT

Strategy of IT development

Acquisition

Performance of corporate governance of IT

Conformance

Human Behavior

PECB Certification Exam - 2 hours

General Information

After successfully completing the “ISO 38500 Corporate Governance of IT Manager” exam, participants can apply for the credentials of Certified ISO 38500 Corporate Governance of IT Provisional Manager or Certified ISO 38500 Corporate Governance of IT Manager, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 200 pages of information and practical examples

 A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to the participants

 In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(20)

20

IT Governance, Risk Management & Compliance

Certified ISO 27005 IT Risk Manager (PECB/ANSI) – 3 Days

MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT IN

INFORMATION SECURITY BASED ON ISO 27005

In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO/IEC 27001:2013 standard.

Learning Objectives

 To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 27005

 To interpret the requirements of ISO 27001 on information security risk management

 To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization

 To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO 27005

 To acquire the competence to effectively advise organizations on the best practices in information security risk management

Who Should Attend?

 Risk managers

 Member of the information security team

 Persons responsible for information security or conformity within an organization

 Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program

 IT consultants

Agenda

Introduction, risk management program according to ISO 27005

Concepts and definitions related to risk management

Risk management standards, frameworks and methodologies

Implementation of an information security risk management program

Understanding an organization and its context

Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005

Risk identification

Risk analysis and risk evaluation

Risk assessment with a quantitative method

(21)

21

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Risk acceptance and residual risk management

Information Security Risk Communication and Consultation

Risk monitoring and review

Overview of other information security risk assessment methods and exam

Presentation of OCTAVE method

Presentation of MEHARI method

Presentation of EBIOS method

Presentation of Harmonized TRA method

PECB/ANSI Certification Exam (2 hours)

General Information

After successfully completing the “Certified ISO 27005 Risk Manager” exam, participants can apply for the credentials of Certified ISO 27005 Risk Manager or Certified ISO 27005 Risk Manager, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 350 pages of information and practical examples

 A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants

 In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(22)

22

Business Continuity

Certified ISO 22301 Lead Implementer (PECB/ANSI) – 5 Days

MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A BUSINESS

CONTINUITYMANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301

This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301. The participants will also gain a thorough understanding of best practices used to implement Business Continuity processes from the ISO 22399. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS 25999 (Business Continuity Management Specification) and ISO 27031 (Guidelines for information and communication technology readiness for Business Continuity)

Learning Objectives

 To understand the implementation of a BCMS in accordance with ISO 22301, ISO 27031 or BS 25999

 To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a BCMS

 To understand the relationship between the components of a BCMS and the compliance with the other requirements

 To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO 22301 or BS 25999

 To acquire the necessary expertise to manage a team implementing ISO 22301 or BS 25999

Who Should Attend?

 Project managers or consultants wanting to prepare and support an organization in the implementation of a Business Continuity Management System (BCMS)

 Business Continuity auditors who wish to fully understand the implementation of a Business Continuity Management System

 Individuals responsible for the Business Continuity or conformity in an organization

 Members of a Business Continuity team

 Expert advisors in Business Continuity

 Members of organizations that want to prepare for a business continuity function or for a BCMS project management function

Agenda

Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301: Initiating a BCMS

Introduction to the management systems and the process approach

Presentation of the standards ISO 22301, ISO/PAS 22399, ISO 27031, BS 25999 and regulatory framework

(23)

23

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Preliminary analysis and determining the level of maturity of the existing BCMS based upon ISO 21827

Writing a business case and a project plan for the implementation of a BCMS

Planning a BCMS based on ISO 22301

Definition of the scope of a BCMS

Development of a BCMS and Business Continuity Policies

Business Impact Analysis (BIA) and Risk Assessment

Implementing a BCMS based on ISO 22301

Implementation of a document management framework

Design and implementation of Business Continuity processes and writing procedures

Development of a training & awareness program and communicating about the BCMS

Incident management and emergency management

Operations management of a BCMS

Controlling, monitoring and measuring e a BCMS and the certification audit of a BCMS in accordance with ISO 22301

Monitoring BCMS processes

Development of metrics, performance indicators and dashboards

Internal audit and management review of a BCMS

Implementation of a continual improvement program

Preparing for an ISO 22301 certification audit

PECB/ANSI Certification Exam - 3 Hours

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Implementer, Certified ISO 22301 Implementer or Certified ISO 22301 Lead Implementer, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 450 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(24)

24

Business Continuity

Certified ISO 22301 Lead Auditor (PECB/ANSI) – 4 Days

MASTERING THE AUDIT OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM

(BCMS) BASED ON ISO 22301, IN COMPLIANCE WITH THE REQUIREMENTS OF

ISO 19011 AND ISO 17021

This four-day intensive course enables the participants to develop the needed expertise to audit a Business Continuity Management System (BCMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 and certification audits according to ISO 17021. Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution) necessary for efficient conduct of an audit. This training is compatible with BS 25999 audit (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).

Learning Objectives

 To acquire the expertise of performing an ISO 22301 or BS 25999 internal audit, following the ISO 19011 guidelines To acquire the expertise of performing an ISO 22301 or BS 25999 certification audit, following the ISO 19011 guidelines and the specifications of ISO 17021

 To acquire the expertise necessary for managing a BCMS audit team

 To understand the operation of the BCMS in accordance with ISO 22301, ISO 27031 or BS 25999

 To understand the relationship between a Business Continuity Management System, including risk management, controls, the relationship & the compliance with the other requirements

Who Should Attend?

 Internal auditors and auditors wanting to perform and lead BCMS certification audits

 Project managers or consultants wanting to master the BCMS audit process

 Individuals responsible for Business Continuity or conformity in an organization

 Members of a Business Continuity team

 Expert advisors in information technology

 Technical experts wanting to prepare for a Business Continuity audit function

Agenda

Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301

Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework

Fundamental principles of Business Continuity

(25)

25

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Business Continuity Management System (BCMS)

Detailed presentation of the clauses of ISO22301

Planning and initiating an ISO 22301 audit

Fundamental audit concepts and principles

Audit the approach based on evidence and risk

Preparation of an ISO 22301 certification audit

BCMS documentation audit

Conducting an opening meeting

Conducting an ISO 22301 audit

Communication during the audit

Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation

Audit test plans

Formulation of audit findings and documenting of nonconformities

Concluding and ensuring the follow-up of an ISO 22301 audit

Audit documentation

Conducting a closing meeting and conclusion of an ISO 22301 audit

Evaluation of corrective action plans

ISO 22301 surveillance audit

ISO 22301 internal audit management program and second party audits

PECB/ANSI Certification Exam - 3 Hours

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Auditor, Certified ISO 22301 Auditor or Certified ISO 22301 Auditor, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 450 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(26)

26

Business Continuity

Certified ISO 24762 Disaster Recovery Manager (PECB) – 3 Days

MASTERING THE IMPLEMENTATION AND MANAGEMENT OF ICT DISASTER

RECOVERY SERVICES ACCORDING TO ISO 24762

This three day intensive course enables participants to develop the necessary expertise to support an organization in implementing; maintaining and managing an ongoing Information and Communications Technology Disaster Recovery plan according to ISO 24762. Participants will also gain a thorough understanding of best practices described by this International Standard.

Learning Objectives

 To understand the concepts, approaches, methods and techniques for the implementation and effective management of Disaster Recovery services

 To understand the relationship between ICT Disaster Recovery and the compliance with the requirements of different stakeholders on an organization

 To acquire the competence to implement, maintain and manage a Disaster Recovery plan in accordance with ISO 24762

 To acquire the competence to effectively advise organizations on the best practices in ICT Disaster Recovery

Who Should Attend?

 Disaster Recovery of IT

 Persons responsible for disaster recovery of conformity within an organization

 Member of a disaster recovery team

 IT disaster recovery consultants

 Staff implementing or seeking to comply with ISO 24762 or involved in a disaster recovery plan

Agenda

Introduction, risk assessment and mitigation according to ISO 24762

Differences between business continuity and disaster recovery

Asset management

Risk assessment and mitigation

Document management

Information security

Business continuity

Recovery facilities and sites, outsourced services and activation of DR plan according to ISO 24762

Recovery facilities

Outsourced services

Recovery sites

Activation of disaster recovery plan

(27)

27

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Performance measurement

Self-assessment

Testing

Continual improvement

PECB Certification Exam – 2 Hours

General Information

The “Certified ISO 24762 Disaster Recovery Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP).

 Certification fees are included in the exam price

 Participant manual contains over 300 pages of information and practical examples

 A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants

 In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(28)

28

Information Security Management System

Certified ISO 27001 Lead Implementer (PECB/ANSI) – 5 Days

MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN INFORMATION

SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001

This five-day intensive course enables the participants to develop the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001. The participants will also be given a thorough grounding in best practices used to implement Information Security controls from all areas of ISO 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).

Learning Objectives

 To understand the implementation of an ISMS

 To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS

 To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS

 To acquire the necessary expertise to manage a team implementing ISO 27001

Who Should Attend?

 Compliance project managers

 Information Security consultants

 Internal and external ISO 27001 auditors

 Members of an Information Security team

Agenda

Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; initiating an ISMS

Introduction to the management systems and the process approach

Presentation of the ISO 27000 family standards and regulatory framework

Fundamental principles of Information Security

Preliminary analysis and determining the level of maturity based on ISO 21827

Writing a business case and a project plan for the implementation of an ISMS

Planning the implementation of an ISMS based on ISO 27001

Defining the scope of an ISMS

Drafting an ISMS and Information Security policies

Selection of the approach and methodology for risk assessment

Risk management: identification, analysis and treatment of risk (based on ISO 27005)

(29)

29

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Implementing an ISMS based on ISO 27001

Implementation of a document management framework

Design of and implementation of controls

Information Security training, awareness and communication program

Incident management (drawing on guidance from ISO 27035)

Operations management of an ISMS

Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO 27001

Monitoring the ISMS controls

Development of metrics, performance indicators and dashboards in accordance with ISO 27004

ISO 27001 internal audit

Management review of an ISMS

Implementation of a continual improvement program

Preparing for an ISO 27001 certification audit

PECB/ANSI Certification Exam (3 Hours)

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO 27001 Provision Implementer, Certified ISO 27001 Implementer or Certified ISO 27001 Lead

Implementer, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 450 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(30)

30

Information Security Management System

Certified ISO 27001 Lead Auditor (PECB/ANSI) – 4 Days

MASTERING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT

SYSTEM (ISMS) BASED ON ISO 27001, IN COMPLIANCE WITH THE

REQUIREMENTS OF ISO 19011 AND ISO 17021

This four-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC 27001 standard. Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.

Objectives

To acquire expertise of performing an ISO 27001 internal audit, following the ISO 19011 guidelines

To acquire expertise of performing an ISO 27001 certification audit, following the ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006

To acquire necessary expertise for managing an ISMS audit team

To understand the operation of an ISO 27001

Who Should Attend?

 Internal auditors

 Auditors wanting to perform and lead an ISMS certification audits

 Members of an Information Security team

Technical experts wanting to prepare for an Information Security audit function

Agenda

Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001

Normative, regulatory and legal framework related to Information Security

Fundamental principles of Information Security

The ISO 27001 certification process

Detailed presentation of the clauses of ISO 27001

Planning and initiating an ISO 27001 audit

Fundamental audit concepts and principles

Audit the approach based on evidence and on risk

Preparation of an ISO 27001 certification audit

Documenting of an ISMS audit

(31)

31

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Communication during the audit

Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation

Drafting test plans

Formulation of audit findings, drafting of nonconformity reports

Concluding and ensuring the follow-up of an ISO 27001 audit

Audit documentation

Conducting a closing meeting and conclusion of an ISO 27001 audit

Evaluation of corrective action plans

ISO 27001 surveillance audit and audit management program

PECB/ANSI Certification Exam

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO 27001 Provision Auditor, Certified ISO 27001 Auditor or Certified ISO 27001 Lead Auditor, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 450 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions

(32)

32

Information Security Management System

Certified ISO 27002 Lead Manager (PECB) – 4 Days

MASTERING

THE

FUNDAMENTAL

PRINCIPLES,

CONCEPTS

AND

IMPLEMENTATION OF THE BEST PRACTICES OF INFORMATION SECURITY

CONTROLS WITHIN THE PROCESS OF IMPLEMENTING AN INFORMATION

SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO/IEC 27002.

This four day intensive course enables the participants to develop the expertise needed to support an organization in implementing and managing the information security controls of an Information Security Management System (ISMS) based on ISO 27001. Participants will also be given a thorough grounding in the best practices used to implement information security controls from all the areas of ISO 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). It is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).

Learning Objectives

 To gain a comprehensive understanding of the concepts, approaches, standards,

methods and techniques related to an ISMS and the required information security controls

 To understand the initiation, implementation, maintenance and improvement of the ISMS within an organization

 To acquire the necessary expertise to manage a team implementing ISO 27002

 To develop the knowledge and skills required to advise organizations on best practices in the management of information security controls To improve the capacity for analysis and decision making in the context of information security controls

Who Should Attend?

 Managers or consultants wanting to implement an Information Security Management System (ISMS)

 Project managers or consultants wanting to master the Information Security Management System implementation process

 Persons responsible for the information security or conformity in an organization

 Members of information security teams

 Expert advisors in information technology

 Technical experts wanting to prepare for an Information Security Audit function

 Persons responsible to develop their own information security management guidelines

Agenda

Introduction to Information Security Management System (ISMS) concepts and ISO 27002

Course objective and structure

Standard and regulatory framework

Fundamental Principles of Information Security

Introduction to Information Security Management System

Information security policies

(33)

33

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

Implementation of information security controls related to Human Resources, Asset Management and Access Control

Human resources security

Asset Management

Access Control

Implementation of information security controls related to Cryptography, Physical and Environment Security, Operations and Network

Cryptography

Physical and Environmental Security

Operations Security

Communications security

Implementation of information security controls for Systems, Supplier Relationships, Incident Management, Continuity and Compliance

System acquisition, development and maintenance

Supplier Relationships

Information security Incident Management

Information security aspects of business continuity management

Compliance

Golden Rules and Conclusion

PECB Certification Exam - 3 Hours

General Information

After successfully completing the “ISO 27002 Lead Manager” exam, participants can apply for the credentials of Certified ISO 27002 Provisional Lead Manager, Certified ISO 27002 Manager or Certified ISO 27002 Lead Manager, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 450 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants

 In case of failure of the exam, the participants are allowed to retake it for free under certain conditions

(34)

34

Information Security Management System

Certified ISO/IEC 27034 Application Lead Security Implementer (PECB)

– 4 Days

MASTERING THE IMPLEMENTATION OF APPLICATION SECURITY (AS)

PROCESSES, ACTIVITIES AND SECURITIES TECHNIQUES ACROSS THE

ORGANISATION BASED ON THE INTERNATIONAL STANDARD ISO/IEC 27034 –

APPLICATION SECURITY

This four-day intensive course enables the participants to understand specific principles and concepts proposed by ISO/ IEC 27034 for AS and understand how they can be implemented, step by step, to help organizations to develop, acquire, implement, use, and maintain trustworthy applications, according to their specific business context, at an acceptable cost. More specifically, the ISO/IEC 27034 framework proposes components and processes to provide verifiable evidences that an application have reached and maintained a targeted level of trust as specified by the organization. The responsibility of a Certified ISO/IEC 27034 Application Security Lead Implementer is to assist organizations to put in place required 27034 framework elements and guide the organization to integrate Application Security Controls (ASC) seamlessly throughout the life cycle of their applications. AS applies not only to the software of an application but also to its other components and contributing factors that impact its security, such as its technological context, its regulatory context, its business context, its specifications, the sensitivity of its data, and the processes and actors supporting its entire life cycle. This framework applies to all sizes and all types of organizations (e.g. not only to commercial enterprises, government agencies and non-profit organizations that are using applications, but also to large, medium and small vendors that develop software, application and business services) exposed to security risks on information associated with their applications.

Learning Objectives

 To understand the implementation of AS in accordance with ISO/IEC 27034

 To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of AS

 To understand the relationship between the components of an AS including risk

management, controls and compliance with the requirements of different stakeholders of the organization

 To acquire necessary expertise to support an organization in implementing, managing and maintaining an AS as specified in ISO/IEC 27034

 To acquire necessary expertise to manage a team implementing ISO/IEC 27034

 To develop knowledge and skills required to advise organizations on best practices in the management of AS

 To improve the capacity for analysis and decision making in the context of AS

Who Should Attend?

 Managers, such as information security managers, project managers, administrators, software development managers, application owners and line managers, who wish to:

(35)

35

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

represents for the organization;

 Prepare and to support organization in the implementation of an AS project

 Provisioning and operation teams such as architects, analysts, programmers, testers, system administrators, DBA, network administrators, and technical personnel, who wish to:

 minimize the impact of introducing ASC into organizations’ existing processes, such as design, development, test, deployment, operation, archival and destruction

 understand which controls should be applied at each stage of an application's life

cycle and witch one should be implemented inside the application itself

 Acquirers and Suppliers who wish to:

 prepare/comply to requests for proposals that include requirements for ASC and Level of Trust

 Auditors who wish to:

 fully understand the AS processes involves in the ISO/IEC 27034

Agenda

Introduction: AS overview and concepts as proposed by ISO/IEC 27034

Introduction to ISO/IEC 27034 AS and its global vision

Fundamental principles in Information Security

Overview, concepts, principles, definitions, scope, components, processes and actors involved in AS

Embedded implicit concepts

Presentation of the 27034 series:

 ISO/IEC 27034-1: Overview & concepts

 ISO/IEC 27034-2: AS in an organization

 ISO/IEC 27034-3: AS in a project

 ISO/IEC 27034-4: AS validation, verification and certification

 ISO/IEC 27034-5: AS structures requirements

 ISO/IEC 27034-5-1: XML Schemas

 ISO/IEC 27034-6: Examples and cases study

Implementation of AS based on ISO/IEC 27034

Security in application project

 The Application Security Management Process

 Provisioning and operating an application

 Maintaining the Actual Level of Trust on the Targeted Level of Trust

 Development of AS validation

Implementation of AS based on ISO/IEC 27034 (cont.)

AS at the organization level

 Goals of AS for a organization

 The Organization Normative Framework (ONF)

 The ONF committee

 The ONF Management process

 Integration of ISO/IEC 27034 elements into the organization’s existing processes

 Design, validation, implementation, verification, operation and evolution of ASCs

 The ASC libraries

 The AS Traceability matrix

 Drafting the certification process

Security guidance for specific organizations and applications

Case Study

(36)

36

application

 Developing ASCs

 Acquiring ASCs

AS validation and certification

The purpose of internal AS audit

 Minimize the cost of an audit

 Be sure you have all expected evidences ready

Overview of the AS validation and certification process under 27034.

 How to help an organization to be certified

 How to help an application project to be certified

Protocols and ASC data structure based on ISO/IEC 27034

An free formal languages for ASC communication

ISO/27034 proposed XML schemas,

 data structure, descriptions, graphical representation

ISO/IEC 27034 AS final review PECB Certification Exam – 3 Hours

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27034 Application Security Provisional Implementer, Certified ISO/IEC 27034 Application Security Implementer or Certified ISO/IEC 27034 Application Security Lead Implementer,

depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 350 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants

 In case of failure of the exam, the participants are allowed to retake it for free under certain conditions

(37)

37

For more info call us – Tel: +2711462 7138 or Email: owen@grctech.co.za URL: www.grctech.co.za

IT Service Management

Certified ISO 20000 Lead Implementer (PECB/ANSI) – 5 Days

MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A SERVICE

MANAGEMENT SYSTEM (SMS) BASED ON ISO 20000

This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Service Management System as specified in ISO/IEC 20000-1. Also, the participants will gain a thorough understanding of in best practices for planning and implementing the Service Management processes starting from the fields of ISO 20000 planning and implementing new and changed services, service delivery process, relationship management processes, problem resolution process, control processes and release processes. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 20000-2 (Guidelines for the Implementation of an SMS) and ITIL.

Learning Objectives

 To understand the implementation of a Service Management System in accordance with ISO 20000

 To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques allowing an effective management of a Service Management System

 To know the interrelationships between ISO/IEC 20000-1, ISO/IEC 20000-2 and ITIL

 To acquire expertise to support an organization in implementing, managing and maintaining a Service Management System (SMS) as specified in ISO/IEC 20000

 To acquire the necessary expertise to manage a team in implementing the ISO 20000 standard

Who Should Attend?

 Project managers or consultants willing to implement of a Service Management System (SMS)

 ISO 20000 auditors who wish to fully understand the SMS implementation process

 Individuals responsible for the SMS conformity in an organization

 Technical experts wanting to prepare for a SMS function

Agenda

Introduction to Service Management System (SMS) concepts as required by ISO 20000; initiating a SMS

Presentation of the ISO 20000 family of standards and comparison with ITIL V2 and V3

Fundamental principles of Service Management System

Preliminary analysis and establishment of the maturity level of an existing SMS

Writing a business case and a project plan for the implementation of a SMS

Planning a SMS based on ISO 20000

Definition of the scope of a SMS

(38)

38

Budgeting and accounting for IT services

Implementing a SMS based on ISO 20000

Change, configuration, release, capacity and availability management

Service continuity and security management

Incident and problem management

Operations management of a SMS

Controlling, monitoring, measuring and improving a SMS certification audit of a SMS in accordance with ISO 20000

Controlling and monitoring a SMS

Development of metrics, performance indicators and dashboards

ISO 20000 internal audit and management review

Implementation of a continual improvement program

Preparing for an ISO 20000 certification audit

PECB/ANSI Certification Exam – 3 Hours

General Information

After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 20000 Provisional Implementer, Certified ISO/IEC 20000 Implementer or Certified ISO/IEC 20000 Lead Implementer, depending on their level of experience.

 Certification fees are included in the exam price

 Participant manual contains over 350 pages of information and practical examples

 A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants

 In case of failure of the exam, the participants are allowed to retake it for free under certain conditions

Figure

Updating...

References

Related subjects :