ISO in the Sun: Courses on Risk, Information Security, Business Continuity and more in Lanzarote

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Harmonized structure for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, eg ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 20000-1:2018, ISO 22301:2019 and ISO/IEC 27001:2013, and how to add any further applicable requirements, eg PCI-DSS, SOX, GDPR etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2018.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS Auditing

• Setting the Scene: ISO Management Systems
• The ISO Management System Audit Approach
• Audit Methods

Assessing Elements of an IMS

• IMS Element 1: Leadership (Annex SL clause 5)
• IMS Element 2: Context of the Organisation (Annex SL clause 4)
• Audit Methods - Part 1: Document Review, Interview
• IMS Element 3: Support (Annex SL clause 7)
• IMS Element 4: Planning (Annex SL clause 6)
• Audit Methods - Part 2: Observation, Sampling
• IMS Element 5: Operation (Annex SL clause 8)
• IMS Element 6: Performance Evaluation (Annex SL clause 9)
• Audit Methods - Part 3: Corroboration
• IMS Element 7: Improvement (Annex SL clause 10)
• IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMS

• Audit Principles
• Overview of the different Types of Audits
• Certification Process per ISO/IEC 17021-1:2015 et al
• Audit Skills

Objectives

Completion of this course will enable students to

• Describe core processes of an Annex SL based IMS
• Identify additional specific requirements based on the chosen IMS scope
• Recognize the range of different audit types, criteria and objectives
• Understand applicable audit methods and develop skills to apply these
• Execute audit aspect of the certification process
• Manage IMS audit teams

Audience

This course is aimed at students tasked with

• Assessing an organisation's processes as part of implementing an IMS
• Performing self-assessments, pre-cert or internal audits of an IMS
• Acting as (lead) auditor on behalf of a certification body

Prerequisites

General understanding of common business processes. Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012. Exam and first year certification fees are included in the course fees.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2019 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO 22301:2019 Certification Audit
• BCMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformity's

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019
• Perform ISO 22301:2019 internal audits
• Execute ISO 22301:2019 certification audits on behalf of a certification body
• Manage BCMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• BCMS certification auditors
• Project managers, consultants and business continuity team members participating in BCMS audits
• Business continuity practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2019.

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the BCMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the BCMS
• Development of Business Continuity Policies
• Development of Business Continuity Policies

Implementing the BCMS

• Implementation of a Document Management Framework
• Design of Business Continuity Processes and Writing Procedures
• Implementation of Business Continuity Processes
• Development of a Communication, Training & Awareness Program
• Incident and Emergency Management
• Operations Management of the BCMS

Performance Evaluation and Improving the BCMS

• Monitoring the BCMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019, including the relationship between its components, eg risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS
• Advise organisations on BCMS best practices
• Manage teams implementing ISO 22301:2019

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a BCMS
• (IT) Professionals moving into BCMS operation
• CxO and senior managers of a BCMS scope
• Auditors requiring more BCMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 20000-1:2018 Certification Audit
• SMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018
• Perform ISO/IEC 20000-1:2018 internal audits
• Execute ISO/IEC 20000-1:2018 certification audits on behalf of a certification body
• Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• SMS certification auditors
• Project managers, consultants and service management team members participating in SMS audits
• IT and service management practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to service management, management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.