ISO in the Sun: Courses on Risk, Information Security, Business Continuity and more in Lanzarote

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Harmonized structure for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, eg ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2022 and ISO/IEC 27701:2025, and how to add any further applicable requirements, e.g. PCI-DSS, GDPR, NIS2 etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2018.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS Auditing

• Setting the Scene: ISO Management Systems
• The ISO Management System Audit Approach
• Audit Methods

Assessing Elements of an IMS

• IMS Element 1: Leadership (Annex SL clause 5)
• IMS Element 2: Context of the Organisation (Annex SL clause 4)
• Audit Methods - Part 1: Document Review, Interview
• IMS Element 3: Support (Annex SL clause 7)
• IMS Element 4: Planning (Annex SL clause 6)
• Audit Methods - Part 2: Observation, Sampling
• IMS Element 5: Operation (Annex SL clause 8)
• IMS Element 6: Performance Evaluation (Annex SL clause 9)
• Audit Methods - Part 3: Corroboration
• IMS Element 7: Improvement (Annex SL clause 10)
• IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMS

• Audit Principles
• Overview of the different Types of Audits
• Certification Process per ISO/IEC 17021-1:2015 et al
• Audit Skills

Objectives

Completion of this course will enable students to

• Describe core processes of an Annex SL based IMS
• Identify additional specific requirements based on the chosen IMS scope
• Recognize the range of different audit types, criteria and objectives
• Understand applicable audit methods and develop skills to apply these
• Execute audit aspect of the certification process
• Manage IMS audit teams

Audience

This course is aimed at students tasked with

• Assessing an organisation's processes as part of implementing an IMS
• Performing self-assessments, pre-cert or internal audits of an IMS
• Acting as (lead) auditor on behalf of a certification body

Prerequisites

General understanding of common business processes. Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012. Exam and first year certification fees are included in the course fees.

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Harmonized structure for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, eg ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2022 and ISO/IEC 27701:2025, and how to add any further applicable requirements, e.g. PCI-DSS, GDPR, NIS2 etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2018.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS Auditing

• Setting the Scene: ISO Management Systems
• The ISO Management System Audit Approach
• Audit Methods

Assessing Elements of an IMS

• IMS Element 1: Leadership (Annex SL clause 5)
• IMS Element 2: Context of the Organisation (Annex SL clause 4)
• Audit Methods - Part 1: Document Review, Interview
• IMS Element 3: Support (Annex SL clause 7)
• IMS Element 4: Planning (Annex SL clause 6)
• Audit Methods - Part 2: Observation, Sampling
• IMS Element 5: Operation (Annex SL clause 8)
• IMS Element 6: Performance Evaluation (Annex SL clause 9)
• Audit Methods - Part 3: Corroboration
• IMS Element 7: Improvement (Annex SL clause 10)
• IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMS

• Audit Principles
• Overview of the different Types of Audits
• Certification Process per ISO/IEC 17021-1:2015 et al
• Audit Skills

Objectives

Completion of this course will enable students to

• Describe core processes of an Annex SL based IMS
• Identify additional specific requirements based on the chosen IMS scope
• Recognize the range of different audit types, criteria and objectives
• Understand applicable audit methods and develop skills to apply these
• Execute audit aspect of the certification process
• Manage IMS audit teams

Audience

This course is aimed at students tasked with

• Assessing an organisation's processes as part of implementing an IMS
• Performing self-assessments, pre-cert or internal audits of an IMS
• Acting as (lead) auditor on behalf of a certification body

Prerequisites

General understanding of common business processes. Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012. Exam and first year certification fees are included in the course fees.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to GDPR Essentials

• Fundamental Principles of the GDPR
• Initiating the GDPR Implementation
• Understanding the Organization
• Clarifying the Data Protection Objectives
• Analysis of the Existing System

Planning the Implementation of the GDPR

• Leadership and Project Approval
• Data Protection Policy
• Definition of the Organizational Structure
• Data Classification
• Risk Assessment under the GDPR

Deploying the GDPR

• Privacy Impact Assessment (PIA)
• Design of Security Controls and Drafting of Specific Policies
• Implementation of Controls
• Definition of the Document Management Process
• Communication, Training and Awareness Plan

Monitoring and Improving the GDPR compliance

• Operations and Incident Management
• Monitoring, Measurement, Analysis and Evaluation
• Internal Audit
• Data Breaches and Corrective Actions
• Continual Improvement

Objectives

Completion of this course will enable students to

• Gain a comprehensive understanding of the concepts and approaches of the GDPR
• Understand the new requirements that the GDPR brings for EU and non-EU organisations and when it is necessary to implement them
• Manage a team implementing the GDPR
• Gain the knowledge and skills required to advise organisations how to manage personal data

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants, advisors and team members implementing the GDPR
• Data Protection Officers and senior managers responsible for the personal data protection
• Members of information security, incident management and business continuity teams

Prerequisites

General understanding of common business processes.

Some past exposure to data protection helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of CISSP CBK (Common Body of Knowledge).

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. the interactive learning technique is based on sound adult learning theories.

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam and features.

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

The CISSP certification is recognized worldwide.

Outline

Security and Risk Management

Asset Security

Security Engineering

Communications and Network Security

Identity and Access Management

Security Assessment and Testing

Security Operations

Software Development Security

Objectives

Completion of this course will enable students to

• Understand the 8 domains of knowledge that are covered on the CISSP exam
• Analyse questions on the exam and be able to select the correct answer
• Apply the knowledge and testing skills learned in class to pass the CISSP exam
• Understand and explain all of the concepts covered in the 8 domains of knowledge
• Apply the skills learned across the 8 domains to solve security problems when you return to work

Audience

This course is aimed at students with (future) roles like

• Security consultants, architects and managers, IT directors and managers
• Security analysts, security systems engineers, network architects
• Chief information security officers (CISOs), directors of security etc.
• Security auditors

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of four students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISSP exam. This has to be taken at the dedicated test facilities as defined by (ISC)2. (ISC)2‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security auditing concepts and industry best practices, covering the entire CISA CBK, aligned with the 28th Edition of the CBK, updated for 2024 Job Practice.

The CISA certification is recognized worldwide.

Outline

Information Systems Auditing Process

• Planning: IS Audit Standards and Types, Functions, Ethics, Risk-based Approach, Types of Controls and Considerations
• Execution: Project Management, Testing and Sampling, Evidence Collection, Data Analytics, Reporting, QA, Process Improvement

Governance and Management of IT

• IT Governance: Laws, Regulations and Industry Standards, Organisational Structures, IT Governance, Strategy, Policies, Procedures, Enterprise Architecture and Risk Management, Data Privacy, Governance and Classification
• IT Management: IT Resource and Vendor Management, Performance Monitoring and Reporting, Quality Assurance

Information Systems Acquisition, Development and Implementation

• Information Systems Acquisition and Development: Project Governance and Management, Business Case, Feasibility Analysis, System Development Methodologies, Control Identification and Design
• Information System Implementation: System Readiness and Implementation Testing, Configuration and Release Management, System Migration, Infrastructure Deployment and Data Conversion, Post-Implementation Review

Information Systems Operation and Business Resilience

• Information Systems Operations: Asset, Capacity, Incident, Problem, Change, Configuration, Log and Patch Management, Job Scheduling, End-User Computing and Shadow IT, Databases etc.
• Business Resilience: BIA, Backup, Storage, Restoration and Recovery, Business Continuity and Disaster Recovery Plan

Protection of Information Assets

• Information Asset Security and Control: Physical Controls, IAM, DLP, Network, Endpoint, Mobile, Wireless, Virtualization, Cloud and IoT Security, Encryption, PKI
• Security Event Management: Security Awareness, Attacks, Testing, Monitoring, Incident Response, Evidence Collection and Forensics

Objectives

Completion of this course will enable students to

• Know the 5 major areas covered by the CISA® certification
• Understand the concepts of IT audit and IT governance
• Preparing for the CISA Certification Exam, e.g. by using multiple choices questions from previous CISA sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Auditors moving into the information security domain
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISA exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 domains of the CISM CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their information security management knowledge and help identify areas they need to study for the CISM exam.

The CISM certification is recognized worldwide.

Outline

Information Security Governance

• Alignment of policy security information on the business strategy and direction
• Policy security information development
• Commitment of senior management and support for information security across the enterprise
• Roles and responsibilities in the governance of information security

Information Security Risk Management and Compliance

• Development of a systematic and analytical approach and the ongoing process of risk management
• Identification, analysis and risk assessment
• Definition of strategies risk treatment
• Risk management communication

Information Security Program Development and Management

• The security information architecture
• System Development Methodologies, Controls
• Methods to define the required security measures
• Contract management and information security requirements
• Metrics and evaluation of IT security performance

Information Security Incident Management

• Components of a security incident management plan
• Concepts and practices in the management of security incidents
• Method classification
• Notification and escalation process
• Detection techniques and incidents analysis

Objectives

Completion of this course will enable students to

• Know the 4 domains covered by the CISM® certification
• Understand the concepts of information security management
• Preparing for the CISM Certification Exam, e.g. by using multiple choices questions from previous CISM sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals
• Auditors requiring more information security management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISM exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 8th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Asset Management
• Enterprise Risk Management and Risk Management Frameworks
• Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity
• Risk Frameworks, Legal, Regulatory and Contractual Requirements

Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Business Impact Analysis, Risk Analysis Methodologies
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk Response Options, Risk and Control Ownership
• Vendor/Supply Chain Risk Management
• Control Design, Selection, Implementation and Analysis
• Risk and Control Testing, Monitoring and Reporting Techniques
• Risk Actions Plans, Risk and Control Metrics

Technology and Security

• Enterprise Architecture, Operations, Portfolio and Project Management
• System Development and Data Life Cycle Management
• Emerging Technologies
• Security Concepts, Frameworks and Standards
• Security/Risk Awareness and Training
• Data Privacy and Data Protection Principles

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Use best risk monitoring practices
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, e.g. by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight
• People working with an ERM (Enterprise Risk Management) framework

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

The CRMS methode is a combination of security incident, incident response, emergency, and crisis management. It focuses on cyber threat situations, is modern by applying current standards and best practice and is modular through defined products and processes. The CRMS method leads to a functioning and effective cyber defense, implementing only necessary and effective defense measures and thereby reducing the organization’s costs for implementation as well as for possible damage.

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Cyber Resilience Management System.

Participants will also gain a thorough understanding of best practices used to implement cyber emergency processes from the CRMS method.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Cyber Resilience Management System

• Normative, Regulatory and Legal Framework
• Information Security Risk and Incident Management
• Business and IT-Service Continuity Management
• Further Standards, Frameworks and Best Practices Used

Planning and Initiating the CRMS Implementation

• Gap Analysis, Business Case and Project Plan
• Risk Management
• Emergency Organisation, Processes and Operations

Implementing the CRMS

• Implementation of a Cyber Risk Management Framework
• Implementation of an Emergency Organisation
• Implementation of Emergency Processes and Procedures
• Implementation of Emergency Operations

Performance Evaluation and Improving the CRMS

• Monitoring the CRMS with Metrics and Key Performance Indicators
• Identify Vulnerabilities and Define Corrective Measures
• Implementation of a Continual Improvement Program

Objectives

Completion of this course will enable students to

• Understand the principles of a CRMS, including the relationship between its components, e.g. risk management, organisation, processes and operations
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a CRMS
• Advise organisations on CRMS best practices
• Manage teams implementing the CRMS

Audience

This course is aimed at students with (future) roles like

• Information Security Risk Management
• Information Security Incident Management
• Business Continuity Management
• IT-Service Continuity Management
• (IT) Professionals moving into Incident Response, Business Continuity or ITSCM operation
• CxO and senior managers with responsibility for Information Security, Business Continuity and / or Emergency Management

Prerequisites

General understanding of common business processes and procedures, the required standards and frameworks.

Some exposure to Information Security, Risk Management, Business Continuity, Emergency Management, Security Incident Management, Incident Response are helpful, but not required.

Examination and Certification

This course is designed by Detlef Hösterey, Team lead Resilience & Compliance Advisory at Cyfidelity Security Services GmbH in Bielefeld, Germany.

Attendees will receive a certificate of completion.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Artificial Intelligence Management System based on ISO/IEC 42001:2023.

It provides participants with the necessary competencies to effectively translate AI strategies into actionable solutions. It aims to provide a comprehensive understanding of AI implementation best practices and a framework for its successful integration within organizations, equipping you with the hands-on expertise to drive AIMS implementation projects in a responsible manner.

The course consists of a mix of presentation, discussion and exercises based on real-world examples

Outline

Introduction to AIMS Concepts per ISO/IEC 42001:2023

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Artificial Intelligence
• Fundamental Principles of Artificial Intelligence
• Artificial Intelligence Management System (AIMS)

Planning the AIMS Implementation

• Context of the Organization and Gap Analysis
• Defining Scope and Objectives of the AIMS
• Development of AI Policies
• AI Risk Management: Approach, Methodology, Identification,Analysis, Evaluation and Treatment of Risk
• Drafting the AI Statement of Applicability

Implementing the AIMS

• Implementation of a Document Management Framework
• Design of Controls and Writing Procedures
• Awareness, Training und Communication
• Management of AI Operations

Performance Evaluation and Improving the AIMS

• Monitoring the AIMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Continual Improvement
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of an AIMS conforming to ISO/IEC 42001:2023, including the relationship to an ISMS per ISO/IEC 27001:2013/2022 and regulatory frameworks
• Apply concepts, approaches, standards, methods and techniques for the effective operation of an AIMS
• Advise organisations on AIMS best practices
• Manage teams implementing ISO/IEC 42001:2023

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing an AIMS
• CxO and senior managers of an AI / AIMS scope
• Auditors requiring more AIMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to AI, information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2022.

ISO/IEC 27005:2022 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2022.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2022

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Recording and Reporting
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• NIST Framework
• CCTA Risk Analysis and Management Method (CRAMM)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2022
• Understand the relationship between risk management, controls and ISO/IEC 27001:2022
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2022 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006-1:2024.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2022

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 27001:2022 Certification Process
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2022

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 27001:2022 Certification Audit
• ISMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to
• ISO/IEC 27001:2022
• Perform ISO/IEC 27001:2022 internal audits
• Execute ISO/IEC 27001:2022 certification audits on behalf of a certification body
• Manage ISMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• ISMS certification auditors
• Project managers, consultants and information security team members participating in ISMS audits
• information security practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Privacy Information Management System based on ISO/IEC 27701:2025.

Participants will also gain a thorough understanding of requirements and guidance of ISO/IEC 27701:2025 as well as their relationship ISO/IEC 27001:2022 et al and thus that between a PIMS and an ISMS.

Moreover, participants will gain a comprehensive understanding of best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to PIMS Concepts per ISO/IEC 27701:2025

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security and Privacy
• Privacy Information Management System (PIMS)

Planning the PIMS Implementation

• PIMS Scope and Privacy Policy
• Privacy Risk Assessment
• Privacy Impact Assessment
• PIMS Statement of Applicability
• Selection of Controls

Implementing the PIMS

• Implementation of a Document Management Framework
• Awareness, Training und Communication
• Documentation Management
• Implementation of Controls
• Implementation of Controls specific to Controllers of Personally Identifiable Information (PII)
• Implementation of Controls specific to PII Controllers

Performance Evaluation and Improving the PIMS

• Monitoring the PIMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a PIMS conforming to ISO/IEC 27701:2025, including the relationship to and ISMS, ISO/IEC 27001:2022, ISO/IEC 27002:2022 etc and regulatory frameworks
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a PIMS
• Advise organisations on PIMS best practices
• Manage teams implementing ISO/IEC 27701:2025

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing privacy and data management
• Data and privacy officers
• CxO and senior managers of a PIMS and ISMS scope
• Auditors requiring more PIMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Exam and first year certification fees are included in the course fees.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Information Security Management System based on ISO/IEC 27001:2022.

Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002:2022.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 27000 family of standards, e.g. ISO/IEC 27003 (Implementation), ISO/IEC 27004 (Measurements), ISO/IEC 27005 (Risk Management) etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2022

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2022

Planning and Initiating the ISMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the ISMS
• Development of Information Security Policies
• Risk Management: Approach, Methodology, Identification,Analysis, Evaluation and Treatment of Risk
• Drafting the Statement of Applicability

Implementing the ISMS

• Implementation of a Document Management Framework
• Design of Controls and Writing Procedures
• Implementation of Controls based ISO/IEC 27001:2022 Annex A
• Development of a Communication, Training & Awareness Program
• Incident Management
• Operations Management of the ISMS

Performance Evaluation and Improving the ISMS

• Monitoring the ISMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to ISO/IEC 27001:2022, including the relationship between its components, e.g. risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of an ISMS
• Advise organisations on ISMS best practices
• Manage teams implementing ISO/IEC 27001:2022

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing an ISMS
• (IT) Professionals moving into ISMS operation
• CxO and senior managers of an ISMS scope
• Auditors requiring more ISMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Artificial Intelligence Management System based on ISO/IEC 42001:2023.

It provides participants with the necessary competencies to effectively translate AI strategies into actionable solutions. It aims to provide a comprehensive understanding of AI implementation best practices and a framework for its successful integration within organizations, equipping you with the hands-on expertise to drive AIMS implementation projects in a responsible manner.

The course consists of a mix of presentation, discussion and exercises based on real-world examples

Outline

Introduction to AIMS Concepts per ISO/IEC 42001:2023

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Artificial Intelligence
• Fundamental Principles of Artificial Intelligence
• Artificial Intelligence Management System (AIMS)

Planning the AIMS Implementation

• Context of the Organization and Gap Analysis
• Defining Scope and Objectives of the AIMS
• Development of AI Policies
• AI Risk Management: Approach, Methodology, Identification,Analysis, Evaluation and Treatment of Risk
• Drafting the AI Statement of Applicability

Implementing the AIMS

• Implementation of a Document Management Framework
• Design of Controls and Writing Procedures
• Awareness, Training und Communication
• Management of AI Operations

Performance Evaluation and Improving the AIMS

• Monitoring the AIMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Continual Improvement
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of an AIMS conforming to ISO/IEC 42001:2023, including the relationship to an ISMS per ISO/IEC 27001:2013/2022 and regulatory frameworks
• Apply concepts, approaches, standards, methods and techniques for the effective operation of an AIMS
• Advise organisations on AIMS best practices
• Manage teams implementing ISO/IEC 42001:2023

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing an AIMS
• CxO and senior managers of an AI / AIMS scope
• Auditors requiring more AIMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to AI, information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2022 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006-1:2024.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2022

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 27001:2022 Certification Process
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2022

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 27001:2022 Certification Audit
• ISMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to
• ISO/IEC 27001:2022
• Perform ISO/IEC 27001:2022 internal audits
• Execute ISO/IEC 27001:2022 certification audits on behalf of a certification body
• Manage ISMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• ISMS certification auditors
• Project managers, consultants and information security team members participating in ISMS audits
• information security practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Information Security Management System based on ISO/IEC 27001:2022.

Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002:2022.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 27000 family of standards, e.g. ISO/IEC 27003 (Implementation), ISO/IEC 27004 (Measurements), ISO/IEC 27005 (Risk Management) etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2022

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2022

Planning and Initiating the ISMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the ISMS
• Development of Information Security Policies
• Risk Management: Approach, Methodology, Identification,Analysis, Evaluation and Treatment of Risk
• Drafting the Statement of Applicability

Implementing the ISMS

• Implementation of a Document Management Framework
• Design of Controls and Writing Procedures
• Implementation of Controls based ISO/IEC 27001:2022 Annex A
• Development of a Communication, Training & Awareness Program
• Incident Management
• Operations Management of the ISMS

Performance Evaluation and Improving the ISMS

• Monitoring the ISMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to ISO/IEC 27001:2022, including the relationship between its components, e.g. risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of an ISMS
• Advise organisations on ISMS best practices
• Manage teams implementing ISO/IEC 27001:2022

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing an ISMS
• (IT) Professionals moving into ISMS operation
• CxO and senior managers of an ISMS scope
• Auditors requiring more ISMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to GDPR Essentials

• Fundamental Principles of the GDPR
• Initiating the GDPR Implementation
• Understanding the Organization
• Clarifying the Data Protection Objectives
• Analysis of the Existing System

Planning the Implementation of the GDPR

• Leadership and Project Approval
• Data Protection Policy
• Definition of the Organizational Structure
• Data Classification
• Risk Assessment under the GDPR

Deploying the GDPR

• Privacy Impact Assessment (PIA)
• Design of Security Controls and Drafting of Specific Policies
• Implementation of Controls
• Definition of the Document Management Process
• Communication, Training and Awareness Plan

Monitoring and Improving the GDPR compliance

• Operations and Incident Management
• Monitoring, Measurement, Analysis and Evaluation
• Internal Audit
• Data Breaches and Corrective Actions
• Continual Improvement

Objectives

Completion of this course will enable students to

• Gain a comprehensive understanding of the concepts and approaches of the GDPR
• Understand the new requirements that the GDPR brings for EU and non-EU organisations and when it is necessary to implement them
• Manage a team implementing the GDPR
• Gain the knowledge and skills required to advise organisations how to manage personal data

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants, advisors and team members implementing the GDPR
• Data Protection Officers and senior managers responsible for the personal data protection
• Members of information security, incident management and business continuity teams

Prerequisites

General understanding of common business processes.

Some past exposure to data protection helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Privacy Information Management System based on ISO/IEC 27701:2025.

Participants will also gain a thorough understanding of requirements and guidance of ISO/IEC 27701:2025 as well as their relationship ISO/IEC 27001:2022 et al and thus that between a PIMS and an ISMS.

Moreover, participants will gain a comprehensive understanding of best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to PIMS Concepts per ISO/IEC 27701:2025

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security and Privacy
• Privacy Information Management System (PIMS)

Planning the PIMS Implementation

• PIMS Scope and Privacy Policy
• Privacy Risk Assessment
• Privacy Impact Assessment
• PIMS Statement of Applicability
• Selection of Controls

Implementing the PIMS

• Implementation of a Document Management Framework
• Awareness, Training und Communication
• Documentation Management
• Implementation of Controls
• Implementation of Controls specific to Controllers of Personally Identifiable Information (PII)
• Implementation of Controls specific to PII Controllers

Performance Evaluation and Improving the PIMS

• Monitoring the PIMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a PIMS conforming to ISO/IEC 27701:2025, including the relationship to and ISMS, ISO/IEC 27001:2022, ISO/IEC 27002:2022 etc and regulatory frameworks
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a PIMS
• Advise organisations on PIMS best practices
• Manage teams implementing ISO/IEC 27701:2025

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing privacy and data management
• Data and privacy officers
• CxO and senior managers of a PIMS and ISMS scope
• Auditors requiring more PIMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Exam and first year certification fees are included in the course fees.

Overview

The CRMS methode is a combination of security incident, incident response, emergency, and crisis management. It focuses on cyber threat situations, is modern by applying current standards and best practice and is modular through defined products and processes. The CRMS method leads to a functioning and effective cyber defense, implementing only necessary and effective defense measures and thereby reducing the organization’s costs for implementation as well as for possible damage.

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Cyber Resilience Management System.

Participants will also gain a thorough understanding of best practices used to implement cyber emergency processes from the CRMS method.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Cyber Resilience Management System

• Normative, Regulatory and Legal Framework
• Information Security Risk and Incident Management
• Business and IT-Service Continuity Management
• Further Standards, Frameworks and Best Practices Used

Planning and Initiating the CRMS Implementation

• Gap Analysis, Business Case and Project Plan
• Risk Management
• Emergency Organisation, Processes and Operations

Implementing the CRMS

• Implementation of a Cyber Risk Management Framework
• Implementation of an Emergency Organisation
• Implementation of Emergency Processes and Procedures
• Implementation of Emergency Operations

Performance Evaluation and Improving the CRMS

• Monitoring the CRMS with Metrics and Key Performance Indicators
• Identify Vulnerabilities and Define Corrective Measures
• Implementation of a Continual Improvement Program

Objectives

Completion of this course will enable students to

• Understand the principles of a CRMS, including the relationship between its components, e.g. risk management, organisation, processes and operations
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a CRMS
• Advise organisations on CRMS best practices
• Manage teams implementing the CRMS

Audience

This course is aimed at students with (future) roles like

• Information Security Risk Management
• Information Security Incident Management
• Business Continuity Management
• IT-Service Continuity Management
• (IT) Professionals moving into Incident Response, Business Continuity or ITSCM operation
• CxO and senior managers with responsibility for Information Security, Business Continuity and / or Emergency Management

Prerequisites

General understanding of common business processes and procedures, the required standards and frameworks.

Some exposure to Information Security, Risk Management, Business Continuity, Emergency Management, Security Incident Management, Incident Response are helpful, but not required.

Examination and Certification

This course is designed by Detlef Hösterey, Team lead Resilience & Compliance Advisory at Cyfidelity Security Services GmbH in Bielefeld, Germany.

Attendees will receive a certificate of completion.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2022.

ISO/IEC 27005:2022 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2022.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2022

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Recording and Reporting
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• NIST Framework
• CCTA Risk Analysis and Management Method (CRAMM)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2022
• Understand the relationship between risk management, controls and ISO/IEC 27001:2022
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of CISSP CBK (Common Body of Knowledge).

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. the interactive learning technique is based on sound adult learning theories.

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam and features.

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

The CISSP certification is recognized worldwide.

Outline

Security and Risk Management

Asset Security

Security Engineering

Communications and Network Security

Identity and Access Management

Security Assessment and Testing

Security Operations

Software Development Security

Objectives

Completion of this course will enable students to

• Understand the 8 domains of knowledge that are covered on the CISSP exam
• Analyse questions on the exam and be able to select the correct answer
• Apply the knowledge and testing skills learned in class to pass the CISSP exam
• Understand and explain all of the concepts covered in the 8 domains of knowledge
• Apply the skills learned across the 8 domains to solve security problems when you return to work

Audience

This course is aimed at students with (future) roles like

• Security consultants, architects and managers, IT directors and managers
• Security analysts, security systems engineers, network architects
• Chief information security officers (CISOs), directors of security etc.
• Security auditors

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of four students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISSP exam. This has to be taken at the dedicated test facilities as defined by (ISC)2. (ISC)2‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security auditing concepts and industry best practices, covering the entire CISA CBK, aligned with the 28th Edition of the CBK, updated for 2024 Job Practice.

The CISA certification is recognized worldwide.

Outline

Information Systems Auditing Process

• Planning: IS Audit Standards and Types, Functions, Ethics, Risk-based Approach, Types of Controls and Considerations
• Execution: Project Management, Testing and Sampling, Evidence Collection, Data Analytics, Reporting, QA, Process Improvement

Governance and Management of IT

• IT Governance: Laws, Regulations and Industry Standards, Organisational Structures, IT Governance, Strategy, Policies, Procedures, Enterprise Architecture and Risk Management, Data Privacy, Governance and Classification
• IT Management: IT Resource and Vendor Management, Performance Monitoring and Reporting, Quality Assurance

Information Systems Acquisition, Development and Implementation

• Information Systems Acquisition and Development: Project Governance and Management, Business Case, Feasibility Analysis, System Development Methodologies, Control Identification and Design
• Information System Implementation: System Readiness and Implementation Testing, Configuration and Release Management, System Migration, Infrastructure Deployment and Data Conversion, Post-Implementation Review

Information Systems Operation and Business Resilience

• Information Systems Operations: Asset, Capacity, Incident, Problem, Change, Configuration, Log and Patch Management, Job Scheduling, End-User Computing and Shadow IT, Databases etc.
• Business Resilience: BIA, Backup, Storage, Restoration and Recovery, Business Continuity and Disaster Recovery Plan

Protection of Information Assets

• Information Asset Security and Control: Physical Controls, IAM, DLP, Network, Endpoint, Mobile, Wireless, Virtualization, Cloud and IoT Security, Encryption, PKI
• Security Event Management: Security Awareness, Attacks, Testing, Monitoring, Incident Response, Evidence Collection and Forensics

Objectives

Completion of this course will enable students to

• Know the 5 major areas covered by the CISA® certification
• Understand the concepts of IT audit and IT governance
• Preparing for the CISA Certification Exam, e.g. by using multiple choices questions from previous CISA sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Auditors moving into the information security domain
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISA exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 domains of the CISM CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their information security management knowledge and help identify areas they need to study for the CISM exam.

The CISM certification is recognized worldwide.

Outline

Information Security Governance

• Alignment of policy security information on the business strategy and direction
• Policy security information development
• Commitment of senior management and support for information security across the enterprise
• Roles and responsibilities in the governance of information security

Information Security Risk Management and Compliance

• Development of a systematic and analytical approach and the ongoing process of risk management
• Identification, analysis and risk assessment
• Definition of strategies risk treatment
• Risk management communication

Information Security Program Development and Management

• The security information architecture
• System Development Methodologies, Controls
• Methods to define the required security measures
• Contract management and information security requirements
• Metrics and evaluation of IT security performance

Information Security Incident Management

• Components of a security incident management plan
• Concepts and practices in the management of security incidents
• Method classification
• Notification and escalation process
• Detection techniques and incidents analysis

Objectives

Completion of this course will enable students to

• Know the 4 domains covered by the CISM® certification
• Understand the concepts of information security management
• Preparing for the CISM Certification Exam, e.g. by using multiple choices questions from previous CISM sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals
• Auditors requiring more information security management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISM exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 8th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Asset Management
• Enterprise Risk Management and Risk Management Frameworks
• Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity
• Risk Frameworks, Legal, Regulatory and Contractual Requirements

Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Business Impact Analysis, Risk Analysis Methodologies
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk Response Options, Risk and Control Ownership
• Vendor/Supply Chain Risk Management
• Control Design, Selection, Implementation and Analysis
• Risk and Control Testing, Monitoring and Reporting Techniques
• Risk Actions Plans, Risk and Control Metrics

Technology and Security

• Enterprise Architecture, Operations, Portfolio and Project Management
• System Development and Data Life Cycle Management
• Emerging Technologies
• Security Concepts, Frameworks and Standards
• Security/Risk Awareness and Training
• Data Privacy and Data Protection Principles

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Use best risk monitoring practices
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, e.g. by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight
• People working with an ERM (Enterprise Risk Management) framework

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

The CRMS methode is a combination of security incident, incident response, emergency, and crisis management. It focuses on cyber threat situations, is modern by applying current standards and best practice and is modular through defined products and processes. The CRMS method leads to a functioning and effective cyber defense, implementing only necessary and effective defense measures and thereby reducing the organization’s costs for implementation as well as for possible damage.

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Cyber Resilience Management System.

Participants will also gain a thorough understanding of best practices used to implement cyber emergency processes from the CRMS method.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Cyber Resilience Management System

• Normative, Regulatory and Legal Framework
• Information Security Risk and Incident Management
• Business and IT-Service Continuity Management
• Further Standards, Frameworks and Best Practices Used

Planning and Initiating the CRMS Implementation

• Gap Analysis, Business Case and Project Plan
• Risk Management
• Emergency Organisation, Processes and Operations

Implementing the CRMS

• Implementation of a Cyber Risk Management Framework
• Implementation of an Emergency Organisation
• Implementation of Emergency Processes and Procedures
• Implementation of Emergency Operations

Performance Evaluation and Improving the CRMS

• Monitoring the CRMS with Metrics and Key Performance Indicators
• Identify Vulnerabilities and Define Corrective Measures
• Implementation of a Continual Improvement Program

Objectives

Completion of this course will enable students to

• Understand the principles of a CRMS, including the relationship between its components, e.g. risk management, organisation, processes and operations
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a CRMS
• Advise organisations on CRMS best practices
• Manage teams implementing the CRMS

Audience

This course is aimed at students with (future) roles like

• Information Security Risk Management
• Information Security Incident Management
• Business Continuity Management
• IT-Service Continuity Management
• (IT) Professionals moving into Incident Response, Business Continuity or ITSCM operation
• CxO and senior managers with responsibility for Information Security, Business Continuity and / or Emergency Management

Prerequisites

General understanding of common business processes and procedures, the required standards and frameworks.

Some exposure to Information Security, Risk Management, Business Continuity, Emergency Management, Security Incident Management, Incident Response are helpful, but not required.

Examination and Certification

This course is designed by Detlef Hösterey, Team lead Resilience & Compliance Advisory at Cyfidelity Security Services GmbH in Bielefeld, Germany.

Attendees will receive a certificate of completion.

Overview

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2019 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO 22301:2019 Certification Audit
• BCMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformity's

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019
• Perform ISO 22301:2019 internal audits
• Execute ISO 22301:2019 certification audits on behalf of a certification body
• Manage BCMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• BCMS certification auditors
• Project managers, consultants and business continuity team members participating in BCMS audits
• Business continuity practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2019.

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the BCMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the BCMS
• Development of Business Continuity Policies
• Development of Business Continuity Policies

Implementing the BCMS

• Implementation of a Document Management Framework
• Design of Business Continuity Processes and Writing Procedures
• Implementation of Business Continuity Processes
• Development of a Communication, Training & Awareness Program
• Incident and Emergency Management
• Operations Management of the BCMS

Performance Evaluation and Improving the BCMS

• Monitoring the BCMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019, including the relationship between its components, e.g. risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS
• Advise organisations on BCMS best practices
• Manage teams implementing ISO 22301:2019

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a BCMS
• (IT) Professionals moving into BCMS operation
• CxO and senior managers of a BCMS scope
• Auditors requiring more BCMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2019 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO 22301:2019 Certification Audit
• BCMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformity's

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019
• Perform ISO 22301:2019 internal audits
• Execute ISO 22301:2019 certification audits on behalf of a certification body
• Manage BCMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• BCMS certification auditors
• Project managers, consultants and business continuity team members participating in BCMS audits
• Business continuity practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2019.

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the BCMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the BCMS
• Development of Business Continuity Policies
• Development of Business Continuity Policies

Implementing the BCMS

• Implementation of a Document Management Framework
• Design of Business Continuity Processes and Writing Procedures
• Implementation of Business Continuity Processes
• Development of a Communication, Training & Awareness Program
• Incident and Emergency Management
• Operations Management of the BCMS

Performance Evaluation and Improving the BCMS

• Monitoring the BCMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019, including the relationship between its components, e.g. risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS
• Advise organisations on BCMS best practices
• Manage teams implementing ISO 22301:2019

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a BCMS
• (IT) Professionals moving into BCMS operation
• CxO and senior managers of a BCMS scope
• Auditors requiring more BCMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

The CRMS methode is a combination of security incident, incident response, emergency, and crisis management. It focuses on cyber threat situations, is modern by applying current standards and best practice and is modular through defined products and processes. The CRMS method leads to a functioning and effective cyber defense, implementing only necessary and effective defense measures and thereby reducing the organization’s costs for implementation as well as for possible damage.

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Cyber Resilience Management System.

Participants will also gain a thorough understanding of best practices used to implement cyber emergency processes from the CRMS method.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Cyber Resilience Management System

• Normative, Regulatory and Legal Framework
• Information Security Risk and Incident Management
• Business and IT-Service Continuity Management
• Further Standards, Frameworks and Best Practices Used

Planning and Initiating the CRMS Implementation

• Gap Analysis, Business Case and Project Plan
• Risk Management
• Emergency Organisation, Processes and Operations

Implementing the CRMS

• Implementation of a Cyber Risk Management Framework
• Implementation of an Emergency Organisation
• Implementation of Emergency Processes and Procedures
• Implementation of Emergency Operations

Performance Evaluation and Improving the CRMS

• Monitoring the CRMS with Metrics and Key Performance Indicators
• Identify Vulnerabilities and Define Corrective Measures
• Implementation of a Continual Improvement Program

Objectives

Completion of this course will enable students to

• Understand the principles of a CRMS, including the relationship between its components, e.g. risk management, organisation, processes and operations
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a CRMS
• Advise organisations on CRMS best practices
• Manage teams implementing the CRMS

Audience

This course is aimed at students with (future) roles like

• Information Security Risk Management
• Information Security Incident Management
• Business Continuity Management
• IT-Service Continuity Management
• (IT) Professionals moving into Incident Response, Business Continuity or ITSCM operation
• CxO and senior managers with responsibility for Information Security, Business Continuity and / or Emergency Management

Prerequisites

General understanding of common business processes and procedures, the required standards and frameworks.

Some exposure to Information Security, Risk Management, Business Continuity, Emergency Management, Security Incident Management, Incident Response are helpful, but not required.

Examination and Certification

This course is designed by Detlef Hösterey, Team lead Resilience & Compliance Advisory at Cyfidelity Security Services GmbH in Bielefeld, Germany.

Attendees will receive a certificate of completion.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 20000-1:2018 Certification Audit
• SMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018
• Perform ISO/IEC 20000-1:2018 internal audits
• Execute ISO/IEC 20000-1:2018 certification audits on behalf of a certification body
• Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• SMS certification auditors
• Project managers, consultants and service management team members participating in SMS audits
• IT and service management practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to service management, management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2018.

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Comparison with ITIL V2 and V3
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the SMS

Implementing the SMS

• Catalogue, Asset, Configuration and Relationship Management
• Budget, Demand and Capacity Management
• Change, Release and Deployment Management
• Incident and Problem Management
• Service Availability and Continuity Management
• Information Security Management
• Operations Management of the SMS

Performance Evaluation and Improving the SMS

• Monitoring the SMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018, including the relationship between its components, e.g. risk management, controls, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS
• Advise organisations on SMS best practices
• Manage teams implementing ISO/IEC 20000-1:2018

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a SMS or extending from ITIL etc
• (IT) Professionals moving into SMS operation
• CxO and senior managers of a SMS scope
• Auditors requiring more SMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 20000-1:2018 Certification Audit
• SMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018
• Perform ISO/IEC 20000-1:2018 internal audits
• Execute ISO/IEC 20000-1:2018 certification audits on behalf of a certification body
• Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• SMS certification auditors
• Project managers, consultants and service management team members participating in SMS audits
• IT and service management practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to service management, management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2018.

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Comparison with ITIL V2 and V3
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the SMS

Implementing the SMS

• Catalogue, Asset, Configuration and Relationship Management
• Budget, Demand and Capacity Management
• Change, Release and Deployment Management
• Incident and Problem Management
• Service Availability and Continuity Management
• Information Security Management
• Operations Management of the SMS

Performance Evaluation and Improving the SMS

• Monitoring the SMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018, including the relationship between its components, e.g. risk management, controls, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS
• Advise organisations on SMS best practices
• Manage teams implementing ISO/IEC 20000-1:2018

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a SMS or extending from ITIL etc
• (IT) Professionals moving into SMS operation
• CxO and senior managers of a SMS scope
• Auditors requiring more SMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 8th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Asset Management
• Enterprise Risk Management and Risk Management Frameworks
• Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity
• Risk Frameworks, Legal, Regulatory and Contractual Requirements

Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Business Impact Analysis, Risk Analysis Methodologies
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk Response Options, Risk and Control Ownership
• Vendor/Supply Chain Risk Management
• Control Design, Selection, Implementation and Analysis
• Risk and Control Testing, Monitoring and Reporting Techniques
• Risk Actions Plans, Risk and Control Metrics

Technology and Security

• Enterprise Architecture, Operations, Portfolio and Project Management
• System Development and Data Life Cycle Management
• Emerging Technologies
• Security Concepts, Frameworks and Standards
• Security/Risk Awareness and Training
• Data Privacy and Data Protection Principles

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Use best risk monitoring practices
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, e.g. by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight
• People working with an ERM (Enterprise Risk Management) framework

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2022.

ISO/IEC 27005:2022 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2022.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2022

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Recording and Reporting
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• NIST Framework
• CCTA Risk Analysis and Management Method (CRAMM)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2022
• Understand the relationship between risk management, controls and ISO/IEC 27001:2022
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR, DORA, NIS-2 etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Fundamental Concepts and Definitions of Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, Interviews
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis, SWIFT
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2022.

ISO/IEC 27005:2022 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2022.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2022

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Recording and Reporting
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• NIST Framework
• CCTA Risk Analysis and Management Method (CRAMM)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2022
• Understand the relationship between risk management, controls and ISO/IEC 27001:2022
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 8th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Asset Management
• Enterprise Risk Management and Risk Management Frameworks
• Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity
• Risk Frameworks, Legal, Regulatory and Contractual Requirements

Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Business Impact Analysis, Risk Analysis Methodologies
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk Response Options, Risk and Control Ownership
• Vendor/Supply Chain Risk Management
• Control Design, Selection, Implementation and Analysis
• Risk and Control Testing, Monitoring and Reporting Techniques
• Risk Actions Plans, Risk and Control Metrics

Technology and Security

• Enterprise Architecture, Operations, Portfolio and Project Management
• System Development and Data Life Cycle Management
• Emerging Technologies
• Security Concepts, Frameworks and Standards
• Security/Risk Awareness and Training
• Data Privacy and Data Protection Principles

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Use best risk monitoring practices
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, e.g. by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight
• People working with an ERM (Enterprise Risk Management) framework

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Introduction PRINCE2
• PRINCE2 Process Model
• Starting Up a Project
• Organization
• Business Case

Day 2

• Initiating a Project
• Quality
• Plans
• Risk
• Change
• Controlling a Stage
• Managing Product Delivery
• Progress

Day 3

• Managing a Stage Boundary
• Closing a Project
• Tailoring PRINCE2 to the Project Environment
• PRINCE2 foundation Exam

Objectives

Completion of this course will enable students to

• Understand basics of PRINCE2 Project Management
• Know the basic differences between the PRINCE2 Principles, Themes and Processes
• Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date

Exam fees are included in the course fees

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Summary of the PRINCE2 Method
• Analysis of the 'Managing Successful Project with PRINCE2' Book
• PRINCE2 Test Exam 1

Day 2

• Review and Analysis of PRINCE2 Test Exam 2
• PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students to

• To understand PRINCE2 Project Management method in enough detail
• Successfully participate in the PRINCE2 Practitioner exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Introduction PRINCE2
• PRINCE2 Process Model
• Starting Up a Project
• Organization
• Business Case

Day 2

• Initiating a Project
• Quality
• Plans
• Risk
• Change
• Controlling a Stage
• Managing Product Delivery
• Progress

Day 3

• Managing a Stage Boundary
• Closing a Project
• Tailoring PRINCE2 to the Project Environment
• PRINCE2 foundation Exam

Objectives

Completion of this course will enable students to

• Understand basics of PRINCE2 Project Management
• Know the basic differences between the PRINCE2 Principles, Themes and Processes
• Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date

Exam fees are included in the course fees

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Summary of the PRINCE2 Method
• Analysis of the 'Managing Successful Project with PRINCE2' Book
• PRINCE2 Test Exam 1

Day 2

• Review and Analysis of PRINCE2 Test Exam 2
• PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students to

• To understand PRINCE2 Project Management method in enough detail
• Successfully participate in the PRINCE2 Practitioner exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Introduction PRINCE2
• PRINCE2 Process Model
• Starting Up a Project
• Organization
• Business Case

Day 2

• Initiating a Project
• Quality
• Plans
• Risk
• Change
• Controlling a Stage
• Managing Product Delivery
• Progress

Day 3

• Managing a Stage Boundary
• Closing a Project
• Tailoring PRINCE2 to the Project Environment
• PRINCE2 foundation Exam

Objectives

Completion of this course will enable students to

• Understand basics of PRINCE2 Project Management
• Know the basic differences between the PRINCE2 Principles, Themes and Processes
• Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date

Exam fees are included in the course fees

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Summary of the PRINCE2 Method
• Analysis of the 'Managing Successful Project with PRINCE2' Book
• PRINCE2 Test Exam 1

Day 2

• Review and Analysis of PRINCE2 Test Exam 2
• PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students to

• To understand PRINCE2 Project Management method in enough detail
• Successfully participate in the PRINCE2 Practitioner exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Introduction PRINCE2
• PRINCE2 Process Model
• Starting Up a Project
• Organization
• Business Case

Day 2

• Initiating a Project
• Quality
• Plans
• Risk
• Change
• Controlling a Stage
• Managing Product Delivery
• Progress

Day 3

• Managing a Stage Boundary
• Closing a Project
• Tailoring PRINCE2 to the Project Environment
• PRINCE2 foundation Exam

Objectives

Completion of this course will enable students to

• Understand basics of PRINCE2 Project Management
• Know the basic differences between the PRINCE2 Principles, Themes and Processes
• Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date

Exam fees are included in the course fees

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Summary of the PRINCE2 Method
• Analysis of the 'Managing Successful Project with PRINCE2' Book
• PRINCE2 Test Exam 1

Day 2

• Review and Analysis of PRINCE2 Test Exam 2
• PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students to

• To understand PRINCE2 Project Management method in enough detail
• Successfully participate in the PRINCE2 Practitioner exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees