ISO in the Sun 2020 Program in the Sun 2020 Program.pdf · 5 Days - € 1750 - 31 CPDs - Costa...

ISO in the Sun

SoftQualMTraining

2020Course Program

https://isointhesun.com/



https://www.linkedin.com/company/11011724

https://www.facebook.com/ISOintheSun

https://www.twitter.com/ISOintheSun

https://www.instagram.com/isointhesun/

http://pecb.com

More Courses, Dates, T&Cs, Info and Booking:www.ISOintheSun.com or +34 609 124 289

ISO in the SunWelcome to our

Course Program2020

As conformity with the ISO standards and other frameworks increasingly becomes a requirement to do business, management and their staff wonder how to get there.

ISO in the Sun is an ongoing series of courses on Risk, Information Security, Business Continuity, Service, Project and Integrated Management, hosted by in SoftQualMthe beautiful surroundings of Lanzarote in the Canary Islands, Spain.

We believe that the success of training courses is greatly enhanced by an enjoyable learning environment.

Individual as well as Integrated Management Systems addressing Risk, Information Security, Business Continuity, (IT) Services and other areas are getting ever more important for ever more organisations.

This is the ideal opportunity to combine your continuing professional education with a break in the sun.

Alternatively, you can also join our courses live online from wherever you are.

At the end of the training day you can relax at the beach and have dinner outside in one of the many restaurants - just as we do at lunch time - all thanks to the great climate here all year around where Winter doesn’t exist.

We are scheduling more events all the time, so please follow us on social media and our website or get in touch if interested in other subjects and dates.

We limit courses to ten students as well as running courses even with only one or two students.

You learn from instructors with a wealth of real-world experience. As for myself, I travel the world as consultant, auditor and trainer, and love sharing those experiences that often put things into perspective in my courses.

As an added benefit, students regularly confirm that they save significantly coming here compared to attending similar courses in the typical metropolitan settings.

Our Students come from all kinds of industries and sizes of organisations world-wide, from freelance consultants and auditors, SMEs to Multinationals and EU institutions.

Our courses are usually open and hence held in English yet exams often available in multiple languages. Our trainers are however multi-lingual and we can arrange courses eg in German as well as “in-house” in Lanzarote or for self-study. Simply enquire.

We look forward to welcoming you here in Lanzarote

Martin Holzke

SoftQualMTraining

Martin HolzkeFounder of ISO in the Sun








Spring 2020 Schedule Overview

SoftQualMTraining

Ÿ IMS Lead Auditor20. - 24. April 2020 (5 Days) - € 1750

Information Security

Business Continuity

Ÿ PECB EU General Data Protection Regulation (GDPR) Data Protection Officer6. - 10. April 2020 (5 Days) - € 1750

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor30. March - 3. April 2020 (5 Days) - € 1750

Ÿ PECB ISO/IEC 27701 Privacy Information Management System (PIMS) Lead Implementer27. April - 1. May 2020 (5 Days) - € 1750

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Auditor16. - 20. March 2020 (5 Days) - € 1750

Service Management

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Implementer4. - 8. May 2020 (5 Days) - € 1750

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Implementer2. - 6. March 2020 (5 Days) - € 1750

Integrated Management Systems (IMS)

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer23. - 27. March 2020 (5 Days) - € 1750

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Auditor25. - 29. May 2020 (5 Days) - € 1750

Technical Courses

Ÿ PRINCE2 Practitioner23. - 24. April 2020 (2 Days) - € 1100

Ÿ PRINCE2 Foundation + Practitioner20. - 24. April 2020 (5 Days) - € 2100

Ÿ Managing Cyber Security Risk and Resilience25. - 29. May 2020 (5 Days) - € 1750

Ÿ Third Party Supplier and Vendor Risk Management18. - 22. May 2020 (5 Days) - € 1750

Ÿ PRINCE2 Foundation20. - 22. April 2020 (3 Days) - € 1300

Ÿ Installing, Configuring and Managing a Windows Server 2016 Public Key Infrastructure6 - 10. April 2020 (5 Days) - € 1950

Project Management

Risk Management

Ÿ PECB ISO 31000 Risk Manager14. - 16. April 2020 (3 Days) - € 1100

Ÿ PECB ISO/IEC 27005 Information Security Risk Manager24. - 26. February 2020 (3 Days) - € 1100








Autumn 2020 Schedule Overview

SoftQualMTraining

Ÿ CISSP Bootcamp9. - 13. November 2020 (5 Days) - € 2450

Ÿ IMS Lead Auditor16. - 20. November 2020 (5 Days) - € 1750

Ÿ PECB EU General Data Protection Regulation (GDPR) Data Protection Officer9. - 13. November 2020 (5 Days) - € 1750

Integrated Management Systems (IMS)

Ÿ PECB ISO/IEC 27701 Privacy Information Management System (PIMS) Lead Implementer28. September - 2. October 2020 (5 Days) - € 1750

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer21. - 25. September 2020 (5 Days) - € 1750

Information Security

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Implementer23. - 27. November 2020 (5 Days) - € 1750

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Implementer12. - 16. October 2020 (5 Days) - € 1750

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor7. - 11. September 2020 (5 Days) - € 1750

Service Management

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Auditor19. - 23. October 2020 (5 Days) - € 1750

Business Continuity

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Auditor30. November - 4. December 2020 (5 Days) - € 1750

Risk Management

Ÿ PECB ISO 31000 Risk Manager28. - 30. October 2020 (3 Days) - € 1100

Ÿ PECB ISO/IEC 27005 Information Security Risk Manager2. - 4. November 2020 (3 Days) - € 1100

Ÿ Managing Cyber Security Risk and Resilience5. - 9. October 2020 (5 Days) - € 1750

Ÿ Installing, Configuring and Managing a Windows Server 2016 Public Key Infrastructure2 - 6. November 2020 (5 Days) - € 1950

Technical Courses

Project Management

Ÿ Third Party Supplier and Vendor Risk Management12. - 16. October 2020 (5 Days) - € 1750

Ÿ PRINCE2 Foundation26. - 28. October 2020 (3 Days) - € 1300

Ÿ PRINCE2 Practitioner29. - 30. October 2020 (2 Days) - € 1100

Ÿ PRINCE2 Foundation + Practitioner26. - 30. October 2020 (5 Days) - € 2100








Next Dates: 20. - 24. April 2020 and 16. - 20. November 2020

5 Days - € 1750 - 31 CPDs - Arrecife, Lanzarote, Canary Islands, Spain or Live Online

This five day course provides an overview to the structure of an Integrated Management System (IMS) based on ISO/IEC Annex L,

and how to audit the same internally or in the context of certification.

Integrated Management System (IMS)Lead Auditor

Overview

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2018.

Ÿ Audit Methods

Ÿ Audit Methods - Part 1: Document Review, InterviewŸ IMS Element 3: Support (Annex L clause 7)

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO/IEC's normative Annex L (Proposals for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex L, namely ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 20000-1:2018, ISO 22301:2019 and ISO/IEC 27001:2013, and how to add any further applicable requirements, eg PCI-DSS, SOX, GDPR etc.

Outline

Introducing IMS-Auditing

Assessing Elements of an IMS Ÿ IMS Element 1: Leadership (Annex L clause 5)

Ÿ The ISO Management System Audit ApproachŸ Setting the Scene: ISO Management Systems

Ÿ IMS Element 2: Context of the Organisation (Annex L clause 4)

Ÿ Audit Principles

Ÿ IMS Element 6: Performance Evaluation (Annex L clause 9)

Ÿ Certification Process per ISO/IEC 17021-1:2015 et al

Ÿ IMS Element 4: Planning (Annex L clause 6)

Ÿ IMS Element 7: Improvement (Annex L clause 10)

Auditing an IMS

Ÿ Overview of the different Types of Audits

Ÿ IMS Element 5: Operation (Annex L clause 8)

Ÿ IMS Element 8: Management Review (Annex L clause 9.3)

Ÿ Audit Methods - Part 2: Observation, Sampling

Ÿ Audit Methods - Part 3: Corroboration

Ÿ Audit Skills

Ÿ Recognise the range of different audit types, criteria and objectives

Ÿ Manage IMS audit teams

Objectives

Completion of this course will enable students toŸ Describe core processes of an Annex L based IMSŸ Identify additional specific requirements based on

the chosen IMS scope

Ÿ Understand applicable audit methods and develop skills to apply these

Ÿ Execute audit aspect of the certification process

Audience

Prerequisites

Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages.

Ÿ Performing self-assessments, pre-cert or internal audits of an IMS

Exam and first year certification fees are included in the course fees.

This course is aimed at students tasked with

Ÿ Acting as (lead) auditor on behalf of a certification body

General understanding of common business processes.

This course has been designed by and SoftQualMpartners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012.

Ÿ Assessing an organisation's processes as part of implementing an IMS

SoftQualMTraining








http://smart-iso.com/


PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor


Next Dates: 30. March - 3. April 2020 and 7. - 11. September 2020

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013,


Ÿ Fundamental Audit Concepts and Principles

Ÿ Documenting Nonconformities

Ÿ Preparation of an ISO/IEC 27001:2013 Certification AuditŸ ISMS Documentation Audit

Concluding and Follow-up of the Audit

Ÿ Fundamental Principles of Information Security

Ÿ Formulation of Audit Findings

Ÿ Conducting an Opening Meeting

Ÿ ISO/IEC 27001:2013 Certification Process

Ÿ Clauses of ISO/IEC 27001:2013

Ÿ Audit Test Plans

Ÿ Audit Documentation


Ÿ Conducting a Closing Meeting and Conclusion of the AuditŸ Evaluation of Corrective Action Plans

Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2013 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015.

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013Ÿ Normative, Regulatory and Legal Framework

Ÿ Information Security Management System (ISMS)

Planning and Initiating the Audit

Ÿ Audit Approach based on Evidence and Risk

Conducting the AuditŸ Communication during the AuditŸ Audit procedures: Observation, Document Review, Interview,

Sampling, Technical Verification, Corroboration and Evaluation

Ÿ Quality Review

Ÿ Surveillance and Re-Certification AuditsŸ Internal Audit Management Program

Ÿ Manage ISMS audit teams

Ÿ IT and information security practitioners moving into audit roles

Ÿ Execute ISO/IEC 27001:2013 certification audits on behalf of a certification body


Completion of this course will enable students toŸ Understand the principles of an ISMS conforming to

ISO/IEC 27001:2013

This course is aimed at students with (future) roles like

Objectives

Ÿ Perform ISO/IEC 27001:2013 internal audits

Ÿ Internal auditorsŸ ISMS certification auditorsŸ Project managers, consultants and information

security team members participating in ISMS audits

Audience

Prerequisites

Some past exposure to information or IT security, management systems and audits helpful, but not required.




This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO/IEC 27001 Information Security

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013,

and how to implement the same in an organisation, eg for the purpose of certification.


Management System (ISMS) Lead Implementer

Next Dates: 23. - 27. March 2020 and 21. - 25. September 2020

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Information Security Management System based on ISO/IEC 27001:2013.

Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002:2013.

Ÿ Internal Audit, Management Review and Corrective Actions

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 27000 family of standards, eg ISO/IEC 27003 (Implementation), ISO/IEC 27004 (Measurements), ISO/IEC 27005 (Risk Management) etc.

Introduction to ISMS Concepts per ISO/IEC 27001:2013

Ÿ Development of Information Security Policies

Ÿ Drafting the Statement of Applicability

Ÿ Implementation of a Document Management Framework

Outline

Ÿ Fundamental Principles of Information Security

Ÿ Gap Analysis, Business Case and Project Plan

Implementing the ISMS

Ÿ Development of a Communication, Training & Awareness Program

Planning and Initiating the ISMS Implementation

Performance Evaluation and Improving the ISMSŸ Monitoring the ISMS with Metrics, Performance Indicators etc

Ÿ Information Security Management System (ISMS)


Ÿ Clauses of ISO/IEC 27001:2013

Ÿ Design of Controls and Writing Procedures

Ÿ Normative, Regulatory and Legal Framework

Ÿ Operations Management of the ISMS

Ÿ Defining Scope and Objectives of the ISMS

Ÿ Implementation of Controls based ISO/IEC 27001:2013 Annex A

Ÿ Implementation of a Continual Improvement Program

Ÿ Risk Management: Approach, Methodology, Identification, Analysis, Evaluation and Treatment of Risk

Ÿ Incident Management

Ÿ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of an ISMS conforming to

ISO/IEC 27001:2013, including the relationship between its components, eg risk management, controls, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of an ISMS

Ÿ Advise organisations on ISMS best practices Ÿ Manage teams implementing ISO/IEC 27001:2013

Audience

This course is aimed at students with (future) roles like Ÿ Project managers, consultants and team members

implementing an ISMSŸ (IT) Professionals moving into ISMS operation Ÿ CxO and senior managers of an ISMS scope





Some past exposure to information or IT security, management systems and / or project management helpful, but not required.


Ÿ Auditors requiring more ISMS implementation insight

Prerequisites

SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


Management System (PIMS) Lead Implementer

Next Dates: 27. April - 1. May 2020 and 28. September - 2. October 2020


PECB ISO/IEC 27701 Privacy Information

This five day course provides an overview to the structure of an Privacy Information Management System (PIMS) based on ISO/IEC 27701:2019,


Ÿ Selection of Controls

Ÿ Monitoring the PIMS with Metrics, Performance Indicators etc

Ÿ Implementation of Controls

Ÿ Privacy Impact AssessmentŸ PIMS Statement of Applicability

Ÿ Implementation of Controls specific to Controllers of Personally Identifiable Information (PII)

Overview

Ÿ Implementation of Controls specific to PII

Planning the PIMS Implementation

Moreover, participants will gain a comprehensive understanding of best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.



Ÿ PIMS Scope and Privacy Policy

Participants will also gain a thorough understanding of requirements and guidance of ISO/IEC 27701:2019 as well as their relationship ISO/IEC 27001:2013 et al and thus that between a PIMS and an ISMS.

Ÿ Fundamental Principles of Information Security and Privacy

Ÿ Documentation Management

Implementing the PIMS

Ÿ Awareness, Training und Communication

Ÿ Internal Audit, Management Review and Corrective ActionsŸ Continual Improvement

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Privacy Information Management System based on ISO/IEC 27701:2019.

Outline

Ÿ Privacy Information Management System (PIMS)

Introduction to PIMS Concepts per ISO/IEC 27701:2019

Ÿ Privacy Risk Assessment

Performance Evaluation and Improving the PIMS


Ÿ Project managers, consultants and team members implementing privacy and data management

Ÿ Understand the principles of a PIMS conforming to ISO/IEC 27701:2019, including the relationship to and ISMS, ISO/IEC 27001:2013, ISO/IEC 27002:2013 etc and regulatory frameworks

Objectives

Completion of this course will enable students to

Audience

Ÿ CxO and senior managers of a PIMS and ISMS scope

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of an PIMS

Ÿ Auditors requiring more PIMS implementation insight


Prerequisites



Ÿ Data and privacy officers

Ÿ Manage teams implementing ISO/IEC 27701:2019


Ÿ Advise organisations on PIMS best practices




SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB EU General Data Protection Regulation (GDPR)Data Protection Officer


This five day course provides an overview to the requirements of the GDPR in force and applicable since of 25. May 2018,

and how to implement the same in an organisation dealing with data subjects in the European Union.


Ÿ Fundamental Principles of the GDPR

Outline

Overview

Ÿ Data Protection PolicyŸ Definition of the Organizational StructureŸ Data Classification

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.


Ÿ Initiating the GDPR ImplementationŸ Understanding the Organisation

Ÿ Analysis of the Existing System

Introduction to GDPR Essentials

Planning the Implementation of the GDPR

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

Ÿ Leadership and Project Approval

Ÿ Clarifying the Data Protection Objectives

Monitoring and Improving the GDPR compliance

Deploying the GDPR

Ÿ Communication, Training and Awareness Plan

Ÿ Operations and Incident Management

Ÿ Definition of the Document Management Process

Ÿ Risk Assessment under the GDPR

Ÿ Data Breaches and Corrective ActionsŸ Continual Improvement

Ÿ Internal Audit

Ÿ Design of Security Controls and Drafting of Specific PoliciesŸ Privacy Impact Assessment (PIA)

Ÿ Monitoring, Measurement, Analysis and Evaluation

Ÿ Implementation of Controls

Objectives

Completion of this course will enable students toŸ Gain a comprehensive understanding of the

concepts and approaches of the GDPR

Ÿ Data Protection Officers and senior managers responsible for the personal data protection



Prerequisites



Ÿ Understand the new requirements that the GDPR brings for EU and non-EU organisations and when it is necessary to implement them

Ÿ Gain the knowledge and skills required to advise organisations how to manage personal data


Audience


Ÿ Members of information security, incident management and business continuity teams

Some past exposure to data protection helpful, but not required.

Ÿ Manage a team implementing the GDPR

Ÿ Project managers, consultants, advisors and team members implementing the GDPR

SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


CISSP Bootcamp5 Days - € 2450 - 31 CPDs - Arrecife, Lanzarote, Canary Islands, Spain or Live Online

Next Dates: 9. - 13. November 2020

This 5 day course will prepare for the CISSP exam Certified Information Systems Security Professional, covering the entire CBK (Common Body of Knowledge) as defined by (ISC)2.

The CISSP certification is recognized worldwide.

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. the interactive learning technique is based on sound adult learning theories.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of CISSP CBK (Common Body of Knowledge).

Outline

Asset Security

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam and features

Security Operations

Security Assessment and Testing

Security Engineering

Security and Risk Management

Software Development Security

Identity and Access Management

Communications and Network Security

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overal information security program to protect organizations from growing sophisticated attacks.



Ÿ Apply the skills learned across the 8 domains to solve security problems when you return to work


Ÿ Understand and explain all of the concepts covered in the 8 domains of knowledge

Audience

Objectives

Ÿ Security Consultants, Security Managers, IT Director/Managers,

Ÿ Security Auditors, Security Architects,

Ÿ Chief Information Security Officers, Directors of Security etc.

Ÿ Understand the 8 domains of knowledge that are covered on the CISSP exam

Prerequisites

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISSP exam. This has to be taken at the dedicated test facilities as defined by (ISC)2.

Ÿ Apply the knowledge and testing skills learned in class to pass the CISSP exam

Ÿ Security Analysts, Security Systems Engineers, Network Architects,

Basic knowledge of Information Systems is recommended.

Ÿ Analyse questions on the exam and be able to select the correct answer

Minimum of four students are required to run this course.

SoftQualMTraining







https://www.nitroxis.be/


PECB ISO 22301 Business Continuity Management System (BCMS) Lead Auditor


Next Dates: 25. - 29. May 2020 and 30. November - 4. December 2020

This five day course provides an overview to the structure of a Business Continuity Management System (BCMS) based on ISO 22301:2019,


Ÿ Conducting a Closing Meeting and Conclusion of the Audit

Ÿ Internal Audit Management ProgramŸ Surveillance and Re-Certification Audits

Ÿ Quality Review

Ÿ Evaluation of Corrective Action Plans

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2019 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

Introduction to BCMS Concepts per ISO 22301:2019


Outline

Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Business ContinuityŸ ISO 22301:2019 Certification Process

Overview

Ÿ Business Continuity Management System (BCMS)

Ÿ Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation

Ÿ Audit Approach based on Evidence and RiskŸ Preparation of an ISO 22301:2019 Certification Audit

Ÿ Fundamental Audit Concepts and Principles

Conducting the Audit

Ÿ Clauses of ISO 22301:2019

Ÿ Conducting an Opening Meeting

Ÿ Audit Test PlansŸ Formulation of Audit Findings Ÿ Documenting Nonconformities

Ÿ Communication during the Audit

Planning and Initiating the Audit

Concluding and Follow-up of the AuditŸ Audit Documentation

Ÿ BCMS Documentation Audit

Ÿ Perform ISO 22301:2019 internal audits

Ÿ Internal auditors

Ÿ Manage BCMS audit teams


Ÿ BCMS certification auditorsŸ Project managers, consultants and business

continuity team members participating in BCMS audits



Objectives

Ÿ Understand the principles of a BCMS conforming to ISO 22301:2019

Ÿ Execute ISO 22301:2019 certification audits on behalf of a certification body

Audience


Ÿ Business continuity practitioners moving into audit roles

Prerequisites

Some past exposure to business continuity, management systems and audits helpful, but not required.




SoftQualMTraining







http://www.pecb.com

http://www.pecb.com



This five day course provides an overview to the structure of a Business Continuity Management System (BCMS) based on ISO 22301:2019,


PECB ISO 22301 Business Continuity Management System (BCMS) Lead Implementer

Next Dates: 2. - 6. March 2020 and 23. - 27. November 2020

Ÿ Implementation of a Document Management Framework

Outline

Ÿ Fundamental Principles of Business ContinuityŸ ISO 22301:2019 Certification Process

Ÿ Incident and Emergency Management

Overview

Introduction to BCMS Concepts per ISO 22301:2019Ÿ Normative, Regulatory and Legal Framework

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.


Ÿ Business Continuity Management System (BCMS)Ÿ Clauses of ISO 22301:2019

Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the BCMSŸ Development of Business Continuity PoliciesŸ Business Impact Analysis (BIA) and Risk Assessment

Ÿ Operations Management of the BCMS

Implementing the BCMS

Performance Evaluation and Improving the BCMS


Ÿ Monitoring the BCMS with Metrics, Performance Indicators etc

Planning and Initiating the BCMS Implementation

Ÿ Implementation of Business Continuity ProcessesŸ Development of a Communication, Training & Awareness Program



This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2019.

Ÿ Design of Business Continuity Processes and Writing Procedures

Prerequisites


Ÿ Manage teams implementing ISO 22301:2019

Ÿ (IT) Professionals moving into BCMS operation

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS



Some past exposure to business continuity, management systems and / or project management helpful, but not required.

Objectives

Ÿ CxO and senior managers of a BCMS scope

Ÿ Project managers, consultants and team members implementing a BCMS

Ÿ Auditors requiring more BCMS implementation insight



Completion of this course will enable students toŸ Understand the principles of a BCMS conforming to

ISO 22301:2019, including the relationship between its components, eg risk management, requirements of interested parties

Ÿ Advise organisations on BCMS best practices

Audience


SoftQualMTraining







http://www.pecb.com

http://www.pecb.com



PECB ISO/IEC 20000 Service Management System (SMS) Lead Auditor

Next Dates: 16. - 20. March 2020 and 19. - 23. October 2020

This five day course provides an overview to the structure of a Service Management System (SMS) based on ISO/IEC 20000-1:2018,


Overview


Introduction to SMS Concepts per ISO/IEC 20000-1:2018Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Service Management

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

Outline

Ÿ ISO/IEC 20000-1:2018 Certification ProcessŸ Service Management System (SMS)Ÿ Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and Principles

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

Ÿ Audit Approach based on Evidence and RiskŸ Preparation of an ISO/IEC 20000-1:2018 Certification AuditŸ SMS Documentation AuditŸ Conducting an Opening Meeting

Conducting the Audit

Ÿ Surveillance and Re-Certification AuditsŸ Evaluation of Corrective Action Plans

Ÿ Audit Test Plans

Ÿ Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation

Ÿ Quality Review

Ÿ Communication during the Audit

Ÿ Formulation of Audit Findings Ÿ Documenting Nonconformities

Concluding and Follow-up of the AuditŸ Audit Documentation

Ÿ Conducting a Closing Meeting and Conclusion of the Audit

Ÿ Internal Audit Management Program

Ÿ Internal auditors



Ÿ Execute ISO/IEC 20000-1:2018 certification audits on behalf of a certification body

Ÿ IT and service management practitioners moving into audit roles


Ÿ Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018

Prerequisites

Ÿ Project managers, consultants and service management team members participating in SMS audits

Some past exposure to service management, management systems and / or audits helpful, but not required.

Ÿ Manage SMS audit teams



Ÿ Perform ISO/IEC 20000-1:2018 internal audits

Objectives

Audience


Ÿ SMS certification auditors


SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO/IEC 20000 Service Management System (SMS) Lead Implementer


This five day course provides an overview to the structure of a Service Management System (SMS) based on ISO/IEC 20000-1:2018,and how to implement the same in an organisation, eg for the purpose of certification.

Next Dates: 4. - 8. May 2020 and 12. - 16. October 2020

Ÿ Clauses of ISO/IEC 20000-1:2018

Ÿ ISO/IEC 20000-1:2018 Certification Process


This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.

Ÿ Information Security Management

Ÿ Monitoring the SMS with Metrics, Performance Indicators etc

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

Outline

Implementing the SMS

Ÿ Service Availability and Continuity Management

Ÿ Gap Analysis, Business Case and Project Plan

Ÿ Budget, Demand and Capacity Management

Ÿ Service Management System (SMS)

Ÿ Development of Service Management Policies

Ÿ Catalogue, Asset, Configuration and Relationship Management

Ÿ Defining Scope and Objectives of the SMS

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

Ÿ Change, Release and Deployment Management

Performance Evaluation and Improving the SMS


Planning and Initiating the SMS Implementation



This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2018.

Ÿ Fundamental Principles of Service Management Ÿ Comparison with ITIL V2 and V3

Ÿ Incident and Problem Management

Ÿ Operations Management of the SMS


Overview


Prerequisites


Ÿ Manage teams implementing ISO/IEC 20000-1:2018

Ÿ (IT) Professionals moving into SMS operation


Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS

Ÿ Advise organisations on SMS best practices

Audience


Objectives

Ÿ Project managers, consultants and team members implementing a SMS or extending from ITIL etc

Ÿ CxO and senior managers of a SMS scope

Ÿ Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018, including the relationship between its components, eg risk management, controls, requirements of interested parties

Ÿ Auditors requiring more SMS implementation insight





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


Next Dates: 14. - 16. April 2020 and 28. - 30. October 2020


PECB ISO 31000 Risk Manager

This three day course provides an overview to the generic principles of risk management based on ISO 31000:2018,

and how to apply the same across an organisation, eg for operational or financial risk, the various risk-based management systems like IMS, QMS, EMS, SMS, BCMS, ISMS, OH&SMS etc.


Ÿ Risk Management Standards, Frameworks and Methodologies

Ÿ Risk Acceptance and Residual Risk Management

Examples of Risk Assessment MethodologiesŸ Overview to IEC 31010:2009

Ÿ Cause and Effect Diagram

Overview

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

Outline

Elements of the Risk Management Framework

Ÿ Risk Communication and ConsultationŸ Risk Monitoring and Review

Ÿ Fault and Failure Analysis using FTA, FMEA and FMECA

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

Ÿ Risk Treatment

Ÿ Hazard Analysis using HAZOP and HACCP

Introduction to Risk Management per ISO 31000:2018

Ÿ Scenario Analysis

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Ÿ Concepts and Definitions relating to Risk Management

Ÿ Implementation of a Risk Management Framework

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

Ÿ Understanding an Organisation and its Context

Ÿ Risk IdentificationŸ Risk Analysis and Risk Evaluation

Ÿ Brainstorming, DELPHI

The course ends with a two hour written essay-style exam on the last day available in multiple languages.

Prerequisites

Ÿ Project managers, consultants and team members implementing and operating management systems

Ÿ Risk managers and Business process owners

Ÿ Auditors requiring more risk management insight





Some past exposure to risk management and / or management systems helpful, but not required.

Ÿ Regulatory compliance managers

Ÿ Understand the relationship between risk management and requirements of interested parties

Ÿ Implement, maintain and manage an ongoing risk management program

Ÿ Advise organisations on best practices in risk management

Audience

Objectives


Completion of this course will enable students toŸ Understand concepts, approaches, methods, tools

and techniques for effective risk management according to ISO 31000:2018

SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


Next Dates: 24. - 26. February 2020 and 2. - 4. November 2020

This three day course provides an overview to the principles of risk management in information security based on ISO/IEC 27005:2018,

and how to apply the same across an organisation, eg for the context of certification to ISO/IEC 27001:2013.

PECB ISO/IEC 27005 Information SecurityRisk Manager


This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2018.

Outline

Ÿ Understanding an Organisation and its Context

ISO/IEC 27005:2018 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.

Ÿ Risk Management Standards, Frameworks and Methodologies

Elements of the Risk Management Framework Ÿ Risk Identification

Introduction to Information Security Risk Management per ISO/IEC 27005:2018

Ÿ Risk Analysis and Risk EvaluationŸ Risk Treatment


Overview

Ÿ Concepts and Definitions relating to Risk Management

Ÿ Implementation of a Risk Management Framework

Ÿ Risk Acceptance and Residual Risk Management

Ÿ Risk Monitoring and Review

Ÿ Harmonised Risk Analysis Method (MEHARI)

Ÿ Harmonized Threat and Risk Assessment (TRA)

Ÿ Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)

Ÿ Expression of Needs and Identification of Security Objectives (EBIOS)

Ÿ Risk Communication and Consultation

Examples of Risk Assessment Methodologies

Audience

This course is aimed at students with (future) roles like Ÿ Risk managers and Information security officers

Ÿ Auditors requiring more risk management insight

Ÿ Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2018

Ÿ Project managers, consultants and team members implementing and operating information security management systems

Prerequisites



Ÿ Understand the relationship between risk management, controls and ISO/IEC 27001:2013


Objectives


Ÿ Advise organisations on best practices in information security risk management

Ÿ Implement, maintain and manage an ongoing information security risk management program

The course ends with a two hour written essay-style exam on the last day available in multiple languages.



SoftQualMTraining







http://www.pecb.com

http://www.pecb.com



This five day course provides an overview to cyber security strategies based on a wide range of available best practice approaches,

applicable in the context of supporting organisations in setting up cyber security resilience capabilities.


Managing Cyber Security Risk and Resilience

Ÿ The Cyber Risk Framework of the World Economic Forum, and the European Union Agency for Network and Information Security (ENISA)

Ÿ Payment Card Industry Standard (PCI – DSS)

Ÿ Standards of Good Practice for Information Security Ÿ The IT Capability Maturity Framework

Ÿ CIS Top 20 Critical Controls for effective Cyber Defence

Ÿ TCCYBERŸ NIST Cyber Security Framework

Ÿ HITRUST CSF

Information security risk management and a resilient approach to cyber security focus the organization on managing risk to critical assets by optimizing both protection and continuity strategies. Although a daunting challenge, improving an organization's capabilities does not always require significant additional financial investment.

Overview

The five day course builds on knowledge of information security management practices to equip participants with the know-how to manage cyber security risk and resilience to meet compliance objectives in organisations of any size.

The course consists of a mix of presentation, discussion and drawing on real live case studies.

Outline

Ÿ The current landscape of cyber security standards, best practice and guidance documents

Part One: Cyber Security Risk

Ÿ NCSC (UK) 10 Steps to Cyber Security and Cyber Essentials

Ÿ The role and the importance of people, processes and technology in cyber security

Ÿ Key requirements (outcomes) of an effective cyber security risk management strategy

Ÿ Using Cyber security and IT governance best practice frameworks such as COBIT 5

Ÿ Information security risk management as the core competence of cyber security management

Part Two: Cyber ResilienceŸ Essentials of Cyber Resilience (The Cyber Resilience Lifecycle)Ÿ Essentials of building a Cyber-Resilient OrganisationŸ How ISO22301 is essential to achieving cyber resilience in the

event of a cyber security attack

Ÿ Explain the relationship of cyber security and resilience to other forms of security, and draw together these domains for the organisation's maximum benefit

Objectives

Completion of this course will enable students toŸ Provide advice and guidance on cyber security and

resilience issues to help protect an organisation against cyber security threats

Ÿ CxO and senior managersŸ Auditors requiring more cyber security insight

Prerequisites


Ÿ Project managers, consultants and team members implementing cyber security resilience measures



This course has been designed by and SoftQualMpartners, who also mark the exam and issue the Cyber Security Professional certification in accordance with ISO/IEC 17024:2012.

Some past exposure to business risk, cyber, information or IT security helpful, but not required.

Audience


The course ends with a three hour written essay-style exam in English on the last day.

Ÿ Investigate and detect cyber crime

Ÿ Define stakeholders and provide a description of their roles with regards to cyber security

Ÿ (Security) Risk managers

Ÿ Understand the framework for resolving cyber security issues through collaboration

SoftQualMTraining









This five day course provides an overview to principles of third party supplier and vendor security risk assessment and management

and how to implement the respective function in an organisation.

Third Party Supplier and Vendor Risk Management5 Days - € 1750 - 31 CPDs - Arrecife, Lanzarote, Canary Islands, Spain or Live Online


Ÿ Due Diligence and Risk Assessment of Outsourcing ArrangementŸ Oversight of the Outsourcing Arrangement and Exit strategy

Ÿ Access, Information and Audit Rights

Monitoring and Control of Outsourcing Arrangements

Implementation of Outsourcing Process Activities

Ÿ Inventory and Risk-based Segmentation of Service Providers

Ÿ The Outsourcing Contractual PhaseŸ Pre-outsourcing Analysis

Ÿ Information System and Data Security

Ÿ Business ContinuityŸ Internal AuditŸ Communication, Training and Awareness, Documentation

Planning the Implementation of Outsourcing

Ÿ Clarifying Outsourcing ObjectivesŸ Analysis of existing Outsourcing

Ÿ Third-Party Supplier and Vendor Risk GovernanceŸ Risk Management Framework

Ÿ Outsourcing Policy

Ÿ Establishment of Management Control GroupsŸ Periodic Reviews, Reporting Policies and Procedures

Ÿ Essentials on Outsourcing to Cloud Service Providers

Ÿ Performing Information Security Control Assessments

Cloud Outsourcing

Outline

This five day course enables participants to develop the necessary expertise to support organisations implementing and effectively managing third-party supplier and vendor risk.

Overview

Hardly a day goes by without hearing about yet another organisation's data being compromised after hackers gained access to it through a third party supplier or vendor. Each incident highlights that in addition to in-house information security, organisations now also need to ensure that their third party suppliers and vendors' (cyber) security standards meet or exceed their own.

Introduction to Outsourcing Essentials

Ÿ Understanding the OrganisationŸ Fundamentals of effective Outsourcing

The course consists of a mix of presentation, discussion and drawing on real live case studies.

Ÿ Gain knowledge and skills required to advise organisations on how to implement effective risk-based outsourcing

Audience


Ÿ Understand best practice for establishing, implementing, operating, monitoring, reviewing, maintaining and improving third party supplier and vendor security controls to protect outsourced information assets

Ÿ Manage a team implementing outsourcing

Objectives


Ÿ Gain a comprehensive understanding of the concepts and approaches of effective risk-based outsourcing


This course has been designed by and SoftQualMpartners, who also mark the exam and issue the Third Party Risk Management Professional certification in accordance with ISO/IEC 17024:2012.


Ÿ Procurement Professionals / Auditors requiring third party supplier and vendor risk management insight

Ÿ Project managers, consultants and team members implementing third-party supplier and vendor risk management

Ÿ CxO and senior managers


Prerequisites


The course ends with a three hour written essay-style exam in English on the last day.

SoftQualMTraining











This three day course provides an overview to the basics of PRINCE2 Project Management.

This course can be combined with the PRINCE2 Practitioner course at a special rate of € 2100 for both courses.

PRINCE2 Project Management Foundation


Review exercises as well as a practice test assist the exam preparation.

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

Ÿ Managing Product Delivery

Ÿ Introduction PRINCE2

Ÿ Business Case

Outline

Ÿ Controlling a Stage

Ÿ Tailoring PRINCE2 to the Project Environment Ÿ PRINCE2 Foundation Exam

Ÿ Organisation

Ÿ Initiating a Project

Day 1

Ÿ Change

Ÿ Progress

Day 3

Ÿ Risk

Ÿ Quality

Ÿ Closing a Project

Ÿ Starting Up a ProjectŸ PRINCE2 Process Model

Day 2

Ÿ Managing a Stage Boundary

Ÿ Plans

Ÿ Know the basic differences between the PRINCE2 Principles, Themes and Processes


Objectives

Exam fees are included in the course fees.

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation. See polychor.com for full details.

Ÿ Understand basics of PRINCE2 Project Management

Audience

Ÿ Project managers

Ÿ CxO and senior managers sponsoring projects

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Ÿ Consultants and team members managing or supporting a project using PRINCE2


Prerequisites


Ÿ Prepare for the PRINCE2 Foundation exam

Some past exposure to project management helpful, but not required.

SoftQualMTraining







https://polychor.com/




PRINCE2 Project Management Practitioner

This two day course teaches how to use the PRINCE2 Project Management method in real-life.

This course can be combined with the PRINCE2 Foundation course at a special rate of € 2100 for both courses.


Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.


Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

Ÿ PRINCE2 Test Exam 1Ÿ Analysis of the 'Managing Successful Project with PRINCE2' Book

Day 2Ÿ Review and Analysis of PRINCE2 Test Exam 2

Ÿ Summary of the PRINCE2 Method

Ÿ PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students toŸ To understand PRINCE2 Project Management method

in enough detail

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees.

Ÿ CxO and senior managers sponsoring projects

Audience


Prerequisites


The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation. See polychor.com for full details.

Ÿ Project managers

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Ÿ Successfully participate in the PRINCE2 Practitioner exam

Must have passed the PRINCE2 Foundation exam.

Ÿ Consultants and team members managing or supporting a project using PRINCE2

SoftQualMTraining










Installing, Configuring and Managing a Windows Server 2016 Public Key Infrastructure



This five day course provides an overview to concepts of a Public Key Infrastructure (PKI) and demonstrates with hands-on labs

how to implement Active Directory Certificate Services in a Windows Server 2016 environment.

Overview

The course has a balance between the theoretical and practical part and contains exercises with real world examples. Total lab time of the course is more than 50%.

Ÿ Installing and Configuring Active Directory Certificate Services

Ÿ Implementing Code Signing

Ÿ Certificate Templates

Ÿ Use of SSL to Secure RDP Connections

Ÿ Understanding Cryptography

Ÿ Certificate EnrollmentŸ Key Archival and Recovery

Ÿ Backup and Clean-up Certificate Authority Database

Ÿ Installing and Configuring an Online Certificate Status Protocol

This five day course starts with the basics of a Public Key Infrastructure (PKI) and ends with more advanced topics. This intensive technical course is intended for anyone who is interested in implementing, configuring and managing Active Directory Certificate Services.

Contents

Ÿ Designing a Public Key Infrastructure

Ÿ Backup and Restore Certificate Authority

Ÿ Network Device Enrollment Service

Ÿ Implementing an SMTP Exit Module

Ÿ Use OpenSSL to Generate Certificate Requests

Ÿ Implementing IEEE 802.1x for Wired Networks using a Cisco Catalyst Switch

Ÿ Implementing IEEE 802.1x for Wireless Networks using Cisco Wireless Access Point

Ÿ Implementing Virtual Smart Cards using Trusted Platform Module

Ÿ Securing BitLocker USB drives with virtual smart cards

Ÿ Implementing Smart Card for Multi-Factor Authentication (Athena)

Ÿ Protecting a Certificate Authority Keys using a Hardware Security Module (YubiHSM2)

Ÿ Deploying Multi-protocol Security Keys for Multi-Factor Authentication (YubiKey4)

Ÿ Installing and Configuring Certificate Enrollment Policy Web Service

Order and focus of the hands-on labs can be adjusted based on interests of the participants.

Ÿ Implementing Key Attestation

Ÿ Implementing Least-Privilege Administrative Models

Knowledge of Windows 7 or Windows 10, Windows Server 2012 or Windows Server 2016, Active Directory, Network Infrastructure Roles, and Group Policies. Experience on how to create users, groups, group policies, installation of roles and features.


Minimum of three students are required to run this course.

Assessment and first year certification fees are included in the course fees.

The course ends with an assessment on the last day.

This course has been designed by and SoftQualMpartners, who also assess and issue the Active Directory Certificate Services Professional certification in accordance with ISO/IEC 17024:2012.

Prerequisites

An understanding of previous Microsoft Active Directory Certificate Services helpful, but not required.

Participants are required to bring their own computer (min. 16 GB RAM, 60 GB of free disk space) with VMware Professional 14 (licensed or trial version) installed. Virtual machines required will be supplied.

Ÿ Windows System Engineers (MCSA, MCSE)Ÿ Security Engineers, PKI consultants

Ÿ Understand the basics of a Public Key Infrastructure (PKI)

Ÿ Implement, configure and manage Windows Server 2016 Active Directory Certificate Services


Audience

Objectives


Ÿ Gain knowledge and skills required to advise organisations on how to implement Windows Server 2016 Active Directory Certificate Services

SoftQualMTraining









Frequently Asked Questions

Exercises during the courses are very similar to the exam questions, hence closely participating in those exercises has proven to be the best exam preparation.

While you could attend multiple of the individual Lead Auditor courses, you would notice significant repetitions. We would hence rather recommend the Annex SL IMS Lead Auditor course in that case, which teaches auditor skills as well as introducing a range of management system standards.

Unless specifically stated, no.

Will I gain from attending multiple Lead Implementer courses or are they rather repetitive?

Yes. Unlike the Lead Auditor courses, the Lead Implementer courses significantly differ from each other. While implementation strategies are similar, the required processes vary widely from standard to standard.

Most exams are essay-based, i.e. students are presented with a number of questions to be answered free text.

Do the courses include practice exams?

Having said that, we find that many students eventually attend both. Why that? Implementers often get involved in internal audit, and hence also need audit skills. Likewise, many auditors find it helpful to gain a deeper understanding of detailed implementation of the management system.

How do I best qualify as Lead Auditor for multiple management system standards?

Should I attend Lead Auditor or Lead Implementer?

While the Lead Implementer courses focus on putting a management system in place, the Lead Auditor courses teach the skills how to evaluate the effectiveness of such a management system, whether through self-assessment, internal audit or certification. Both start with an overview to the management system standard, but the Lead Implementer courses naturally dive deeper into the detail.

So, choose depending on your job role.

Is Information Security not merely IT Security?

No, ISO/IEC 20000 applies to any kind of service, not just IT services as relevant to ITIL. While often applied to IT service organisations, other service providers, eg in hospitality, print etc. start to discover ISO/IEC 20000 as a helpful management system in their context.

Is Business Continuity merely an IT subject?

Is ISO/IEC 20000 not merely ITIL?

Which of Risk Management course is right for me?

While the ISO/IEC 27005 Risk Manager course is information security centric, ISO 31000 Risk Manager course casts the net wider looking at risk management in a generic manner thus making it also relevant and applicable for a wide range of other management systems and business activities, including being helpful to satisfy the requirements of a risk-based approach in the latest revisions of ISO 9001, ISO 14001 and ISO 45001.

No, information security affects all aspects of an organisation. No doubt, IT is a major factor in most places these days, and IT Security hence mostly is a significant part of information security. However, information security also deals with non-IT elements, eg verbal handling of sensitive information in public. Indeed, an ISMS could be implemented in an organisation without a single computer - admittedly a rare scenario today.

No, business continuity is about keeping an organisation going in a disruptive situation. This might include IT or not, but most commonly includes dealing with staff and location issues, especially in the context of natural disaster, medical emergencies, major (sports) events etc.

SoftQualMTraining








General Information

Lanzarote, Spain

The Canary Islands are designated as special territory within the EU, which is not part of the EU VAT Area and hence no EU VAT is due nor any EU VAT number issued.

For full terms and conditions please see our website www.ISOintheSun.com.

NIF B76345255Calle Ángel Guerra 25, Apto 21

Prices listed in this brochure include courseware, exam fees and Canarian-style lunches.

Under Canarian tax rules however, fees are subject to 7% IGIC for clients based in the Canary Islands as well as for students attending in private, i.e. not being delegated and paid for by a company, regardless of their location.

35572 Tías

Courses are invoiced eight weeks before the course to be paid latest two weeks prior to start of the course. We reserve the right to cancel unpaid bookings. Bookings are taken until two weeks before the course.

Terms & Conditions

ISO in the Sun SoftQualM is operated by SoftQualM Tías SL

SoftQualMTraining

Ÿ via our website www.ISOintheSun.com

Ÿ per email to [email protected]

Ÿ or call +34 609 124 289

Booking and Infos

For booking, infos or other enquiries please contact us








mailto:[email protected]



General Information

Hotel Lanzalot PlayaAvda Mancomunidad, 9

Lanzarote

Lanzarote is the most northerly of the Canary Islands. Though being part of Spain, the Canary Islands are located some 80 km off the coast of Morocco on the Northwest of Africa, almost 2000 km South of Madrid.

ISO in the Sun courses take place in

Location

Website: https://hotellancelot.com/en/

35500 Arrecife

SoftQualMTraining

Logistics

Lanzarote being a popular tourist destination, there are direct flights from many airports around Europe by a pretty much endless list of airlines. We personally regularly fly Iberia, Ryanair, EasyJet, Condor and Jet2 to just name some.

We will be more than happy to help source suitable flights and accommodation, whether you come just for the course or want to combine your visit with a break, whether on your own or with family.

If you come from overseas, it is probably best to fly into Madrid (or Barcelona) and connect short-haul, eg with any of the above airlines.

If you like to hire a car, we can recommend www.cabreramedina.com/EN. Reserve online for pickup at the airport. They also have a station not far from the Lanzelot Playa.

The Lanzelot Playa (Details above) offers a good range of accommodation. Alternatively, there are plenty other hotels in close proximity. Public Transport and airport transfers are available throughout.







http://www.cabreramedina.com/EN

https://hotellancelot.com/en/

ISO in the Sun 2020 Program in the Sun 2020 Program.pdf · 5 Days - € 1750 - 31 CPDs - Costa...

Documents

Transcript of ISO in the Sun 2020 Program in the Sun 2020 Program.pdf · 5 Days - € 1750 - 31 CPDs - Costa...