ISO in the Sun 2019 Program in the Sun 2019 Program.pdf · Training 2019 Course Program. More...

ISO in the Sun

SoftQualMTraining

2019Course Program

http://www.ISOintheSun.com


www.ISOintheSun.com

https://www.linkedin.com/company/11011724

https://www.facebook.com/ISOintheSun

https://www.twitter.com/ISOintheSun

https://www.instagram.com/isointhesun/

http://pecb.com

More Courses, Dates, T&Cs, Info and Booking:www.ISOintheSun.com or +34 609 124 289

Welcome to our ISO in the Sun

2019 Course Program

Individual as well as Integrated Management Systems addressing Risk, Information Security, Business Continuity, (IT) Services and other areas are getting ever more important for ever more organisations.

As conformity with the ISO standards and other frameworks increasingly becomes a requirement to do business, management and their staff wonder how to get there.

ISO in the Sun is an ongoing series of courses on Risk, Information Security, Business Continuity, Service, Project and Integrated Management, hosted by in SoftQualMthe beautiful surroundings of Lanzarote in the Canary Islands, Spain.

This is the ideal opportunity to combine your continuing professional education with a break in the sun.

We believe that the success of training courses is greatly enhanced by an enjoyable learning environment.

At the end of training day you can relax at the beach and have dinner outside in one of the many restaurants - just as we do at lunch time - all thanks to the great climate here all year around where Winter doesn’t exist.

We limit courses to ten students as well as running courses even with only one or two students.

You learn from instructors with a wealth of real-world experience. As for myself, I travel the world as consultant, auditor and trainer, and love sharing those experiences that often put things into perspective in my courses.

As an added benefit, students regularly confirm that they save significantly coming here compared to attending similar courses in the typical metropolitan settings.

Our Students come from all kinds of industries and sizes of organisations world-wide, from freelance consultants and auditors, SMEs to Multinationals and EU institutions.

Our courses are usually open and hence held in English yet exams often available in multiple languages. Our trainers are however multi-lingual and we can arrange courses eg in German as well as “in-house” in Lanzarote or for self-study. Simply enquire.

We are scheduling more events all the time, so please follow us on social media and our website or get in touch if interested in other subjects and dates.

We look forward to welcoming you here in Lanzarote

Martin Holzke

SoftQualMTraining

Martin HolzkeFounder of ISO in the Sun








Spring 2019 Schedule Overview

SoftQualMTraining

Integrated Management Systems (IMS)

Ÿ ISO Annex SL IMS Lead Auditor8. - 12. April 2019 (5 Days) - € 1750

Information Security

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor18. - 22. February 2019 (5 Days) - € 1750

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer4. - 8. February 2019 (5 Days) - € 1750

Ÿ PECB EU General Data Protection Regulation (GDPR) Data Protection Officer4. - 8. March 2019 (5 Days) - € 1750

Business Continuity

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Auditor1. - 5. April 2019 (5 Days) - € 1750

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Implementer1. - 5. April 2019 (5 Days) - € 1750

Service Management

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Auditor11. - 15. February 2019 (5 Days) - € 1750

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Implementer11. - 15. February 2019 (5 Days) - € 1750

Risk Management

Ÿ PECB ISO 31000 Risk Manager15. - 17. April 2019 (3 Days) - € 1100

Ÿ PECB ISO/IEC 27005 Information Security Risk Manager24. - 26. April 2019 (3 Days) - € 1100

Ÿ Managing Cyber Security Risk and Resilience25. - 29. March 2019 (5 Days) - € 1750

Project Management

Ÿ PRINCE2 Foundation25. - 27. March 2019 (3 Days) - € 1300

Ÿ PRINCE2 Practitioner28. - 29. March 2019 (2 Days) - € 1100

Ÿ PRINCE2 Foundation + Practitioner25. - 29. March 2019 (5 Days) - € 2100








Autumn 2019 Schedule Overview

SoftQualMTraining

Integrated Management Systems (IMS)

Ÿ ISO Annex SL IMS Lead Auditor14. - 18. October 2019 (5 Days) - € 1750

Information Security

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor4. - 8. November 2019 (5 Days) - € 1750

Ÿ PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer21. - 25. October 2019 (5 Days) - € 1750

Ÿ PECB EU General Data Protection Regulation (GDPR) Data Protection Officer18. - 22. November 2019 (5 Days) - € 1750

Business Continuity

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Auditor14. - 18. October 2019 (5 Days) - € 1750

Ÿ PECB ISO 22301 Business Continuity Management System (BCMS) Lead Implementer14. - 18. October 2019 (5 Days) - € 1750

Service Management

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Auditor7. - 11. October 2019 (5 Days) - € 1750

Ÿ PECB ISO/IEC 20000 Service Management System (SMS) Lead Implementer7. - 11. October 2019 (5 Days) - € 1750

Risk Management

Ÿ PECB ISO 31000 Risk Manager25. - 27. November 2019 (3 Days) - € 1100

Ÿ PECB ISO/IEC 27005 Information Security Risk Manager11. - 13. November 2019 (3 Days) - € 1100

Ÿ Managing Cyber Security Risk and Resilience18. - 22. November 2019 (5 Days) - € 1750

Ÿ Third Party Supplier and Vendor Risk Management28. October - 1. November 2019 (5 Days) - € 1750

Project Management

Ÿ PRINCE2 Foundation11. - 13. November 2019 (3 Days) - € 1300

Ÿ PRINCE2 Practitioner14. - 15. November 2019 (2 Days) - € 1100

Ÿ PRINCE2 Foundation + Practitioner11. - 15. November 2019 (5 Days) - € 2100

Technical Courses

Ÿ Installing, Configuring and Managing a Windows Server 2016 Public Key Infrastructure28. October - 1. November 2019 (5 Days) - € 1950








ISO Annex SL Integrated Management System (IMS)Lead Auditor

5 Days - € 1750 - 31 CPDs - Costa Teguise, Lanzarote, Canary Islands, Spain

Next Dates: 8. - 12. April 2019 and 14. - 18. October 2019

This five day course provides an overview to the structure of an Integrated Management System (IMS) based on ISO Annex SL,

and how to audit the same internally or in the context of certification.

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Proposals for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, namely ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2012, ISO/IEC 27001:2013 and ISO 45001:2018, and how to add any further applicable requirements, eg PCI-DSS, SOX, GDPR etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2011.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS-AuditingŸ Setting the Scene: ISO Management SystemsŸ The ISO Management System Audit ApproachŸ Audit Methods

Assessing Elements of an IMS Ÿ IMS Element 1: Leadership (Annex SL clause 5)Ÿ IMS Element 2: Context of the Organisation (Annex SL clause 4)Ÿ Audit Methods - Part 1: Document Review, InterviewŸ IMS Element 3: Support (Annex SL clause 7)Ÿ IMS Element 4: Planning (Annex SL clause 6)Ÿ Audit Methods - Part 2: Observation, SamplingŸ IMS Element 5: Operation (Annex SL clause 8)Ÿ IMS Element 6: Performance Evaluation (Annex SL clause 9)Ÿ Audit Methods - Part 3: CorroborationŸ IMS Element 7: Improvement (Annex SL clause 10)Ÿ IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMSŸ Audit PrinciplesŸ Overview of the different Types of AuditsŸ Certification Process per ISO/IEC 17021-1:2015 et alŸ Audit Skills

Objectives

Completion of this course will enable students toŸ Describe core processes of an Annex SL based IMSŸ Identify additional specific requirements based on

the chosen IMS scopeŸ Recognise the range of different audit types, criteria

and objectivesŸ Understand applicable audit methods and develop

skills to apply theseŸ Execute audit aspect of the certification processŸ Manage IMS audit teams

Audience

This course is aimed at students tasked with Ÿ Assessing an organisation's processes

as part of implementing an IMSŸ Performing self-assessments, pre-cert or internal

audits of an IMS Ÿ Acting as (lead) auditor on behalf

of a certification body

Prerequisites

General understanding of common business processes.

Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages.

This course has been designed by and SoftQualMpartners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012.

Exam and first year certification fees are included in the course fees.

SoftQualMTraining







https://www.linkedin.com/company/11011724


PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor


Next Dates: 18. - 22. February 2019 and 4. - 8. November 2019

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013,


Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2013 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2011, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015.


Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ ISO/IEC 27001:2013 Certification ProcessŸ Information Security Management System (ISMS)Ÿ Clauses of ISO/IEC 27001:2013

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO/IEC 27001:2013 Certification AuditŸ ISMS Documentation AuditŸ Conducting an Opening Meeting

Conducting the AuditŸ Communication during the AuditŸ Audit procedures: Observation, Document Review, Interview,

Sampling, Technical Verification, Corroboration and EvaluationŸ Audit Test PlansŸ Formulation of Audit Findings Ÿ Documenting Nonconformities

Concluding and Follow-up of the AuditŸ Audit DocumentationŸ Quality ReviewŸ Conducting a Closing Meeting and Conclusion of the AuditŸ Evaluation of Corrective Action PlansŸ Surveillance and Re-Certification AuditsŸ Internal Audit Management Program

Objectives

Completion of this course will enable students toŸ Understand the principles of an ISMS conforming to

ISO/IEC 27001:2013Ÿ Perform ISO/IEC 27001:2013 internal auditsŸ Execute ISO/IEC 27001:2013 certification audits on

behalf of a certification body Ÿ Manage ISMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ ISMS certification auditorsŸ Project managers, consultants and information

security team members participating in ISMS auditsŸ IT and information security practitioners moving into

audit roles

Prerequisites


Some past exposure to information or IT security, management systems and audits helpful, but not required.



This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.


SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer


Next Dates: 4. - 8. February 2019 and 21. - 25. October 2019

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013,

and how to implement the same in an organisation, eg for the purpose of certification.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Information Security Management System based on ISO/IEC 27001:2013.

Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002:2013.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 27000 family of standards, eg ISO/IEC 27003 (Implementation), ISO/IEC 27004 (Measurements), ISO/IEC 27005 (Risk Management) etc.


Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ Information Security Management System (ISMS)Ÿ Clauses of ISO/IEC 27001:2013

Planning and Initiating the ISMS Implementation Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the ISMSŸ Development of Information Security PoliciesŸ Risk Management: Approach, Methodology, Identification,

Analysis, Evaluation and Treatment of RiskŸ Drafting the Statement of Applicability

Implementing the ISMSŸ Implementation of a Document Management FrameworkŸ Design of Controls and Writing ProceduresŸ Implementation of Controls based ISO/IEC 27001:2013 Annex AŸ Development of a Communication, Training & Awareness Program Ÿ Incident ManagementŸ Operations Management of the ISMS

Performance Evaluation and Improving the ISMSŸ Monitoring the ISMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of an ISMS conforming to

ISO/IEC 27001:2013, including the relationship between its components, eg risk management, controls, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of an ISMS

Ÿ Advise organisations on ISMS best practices Ÿ Manage teams implementing ISO/IEC 27001:2013

Audience

This course is aimed at students with (future) roles like Ÿ Project managers, consultants and team members

implementing an ISMSŸ (IT) Professionals moving into ISMS operation Ÿ CxO and senior managers of an ISMS scopeŸ Auditors requiring more ISMS implementation insight

Prerequisites


Some past exposure to information or IT security, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB EU General Data Protection Regulation (GDPR)Data Protection Officer


Next Dates: 4. - 8. March 2019 and 18. - 22. November 2019

This five day course provides an overview to the requirements of the GDPR in force and applicable since of 25. May 2018,

and how to implement the same in an organisation dealing with data subjects in the European Union.

Overview

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.


Outline

Introduction to GDPR EssentialsŸ Fundamental Principles of the GDPRŸ Initiating the GDPR ImplementationŸ Understanding the OrganisationŸ Clarifying the Data Protection ObjectivesŸ Analysis of the Existing System

Planning the Implementation of the GDPR Ÿ Leadership and Project ApprovalŸ Data Protection PolicyŸ Definition of the Organizational StructureŸ Data ClassificationŸ Risk Assessment under the GDPR

Deploying the GDPRŸ Privacy Impact Assessment (PIA)Ÿ Design of Security Controls and Drafting of Specific PoliciesŸ Implementation of ControlsŸ Definition of the Document Management ProcessŸ Communication, Training and Awareness Plan

Monitoring and Improving the GDPR complianceŸ Operations and Incident ManagementŸ Monitoring, Measurement, Analysis and EvaluationŸ Internal Audit Ÿ Data Breaches and Corrective ActionsŸ Continual Improvement

Objectives

Completion of this course will enable students toŸ Gain a comprehensive understanding of the

concepts and approaches of the GDPRŸ Understand the new requirements that the GDPR

brings for EU and non-EU organisations and when it is necessary to implement them

Ÿ Manage a team implementing the GDPRŸ Gain the knowledge and skills required to advise

organisations how to manage personal data

Audience

This course is aimed at students with (future) roles like Ÿ Project managers, consultants, advisors and team

members implementing the GDPRŸ Data Protection Officers and senior managers

responsible for the personal data protectionŸ Members of information security, incident

management and business continuity teams

Prerequisites


Some past exposure to data protection helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO 22301 Business Continuity Management System (BCMS) Lead Auditor



This five day course provides an overview to the structure of a Business Continuity Management System (BCMS) based on ISO 22301:2012,


Overview

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2012 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2011, as well as understanding the certification process according to ISO/IEC 17021-1:2015.


Outline

Introduction to BCMS Concepts per ISO 22301:2012Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Business ContinuityŸ ISO 22301:2012 Certification ProcessŸ Business Continuity Management System (BCMS)Ÿ Clauses of ISO 22301:2012

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO 22301:2012 Certification AuditŸ BCMS Documentation AuditŸ Conducting an Opening Meeting




Objectives

Completion of this course will enable students toŸ Understand the principles of a BCMS conforming to

ISO 22301:2012Ÿ Perform ISO 22301:2012 internal auditsŸ Execute ISO 22301:2012 certification audits on

behalf of a certification body Ÿ Manage BCMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ BCMS certification auditorsŸ Project managers, consultants and business

continuity team members participating in BCMS audits

Ÿ Business continuity practitioners moving into audit roles

Prerequisites


Some past exposure to business continuity, management systems and audits helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO 22301 Business Continuity Management System (BCMS) Lead Implementer



This five day course provides an overview to the structure of a Business Continuity Management System (BCMS) based on ISO 22301:2012,

and how to implement the same in an organisation, eg for the purpose of certification.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2012.

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.


Outline

Introduction to BCMS Concepts per ISO 22301:2012Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Business ContinuityŸ ISO 22301:2012 Certification ProcessŸ Business Continuity Management System (BCMS)Ÿ Clauses of ISO 22301:2012

Planning and Initiating the BCMS Implementation Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the BCMSŸ Development of Business Continuity PoliciesŸ Business Impact Analysis (BIA) and Risk Assessment

Implementing the BCMSŸ Implementation of a Document Management FrameworkŸ Design of Business Continuity Processes and Writing ProceduresŸ Implementation of Business Continuity ProcessesŸ Development of a Communication, Training & Awareness Program Ÿ Incident and Emergency ManagementŸ Operations Management of the BCMS

Performance Evaluation and Improving the BCMSŸ Monitoring the BCMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of a BCMS conforming to

ISO 22301:2012, including the relationship between its components, eg risk management, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS

Ÿ Advise organisations on BCMS best practices Ÿ Manage teams implementing ISO 22301:2012

Audience


implementing a BCMSŸ (IT) Professionals moving into BCMS operationŸ CxO and senior managers of a BCMS scopeŸ Auditors requiring more BCMS implementation insight

Prerequisites


Some past exposure to business continuity, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO/IEC 20000 Service Management System (SMS) Lead Auditor



This five day course provides an overview to the structure of a Service Management System (SMS) based on ISO/IEC 20000-1:2018,


Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2011, as well as understanding the certification process according to ISO/IEC 17021-1:2015.


Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Service ManagementŸ ISO/IEC 20000-1:2018 Certification ProcessŸ Service Management System (SMS)Ÿ Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO/IEC 20000-1:2018 Certification AuditŸ SMS Documentation AuditŸ Conducting an Opening Meeting




Objectives

Completion of this course will enable students toŸ Understand the principles of a SMS conforming to

ISO/IEC 20000-1:2018Ÿ Perform ISO/IEC 20000-1:2018 internal auditsŸ Execute ISO/IEC 20000-1:2018 certification audits on

behalf of a certification body Ÿ Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ SMS certification auditorsŸ Project managers, consultants and service

management team members participating in SMS audits

Ÿ IT and service management practitioners moving into audit roles

Prerequisites


Some past exposure to service management, management systems and / or audits helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO/IEC 20000 Service Management System (SMS) Lead Implementer



This five day course provides an overview to the structure of a Service Management System (SMS) based on ISO/IEC 20000-1:2011,and how to implement the same in an organisation, eg for the purpose of certification.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2018.

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.


Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Service Management Ÿ Comparison with ITIL V2 and V3Ÿ ISO/IEC 20000-1:2018 Certification ProcessŸ Service Management System (SMS)Ÿ Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the SMS Implementation Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the SMSŸ Development of Service Management Policies

Implementing the SMSŸ Catalogue, Asset, Configuration and Relationship ManagementŸ Budget, Demand and Capacity ManagementŸ Change, Release and Deployment ManagementŸ Incident and Problem ManagementŸ Service Availability and Continuity ManagementŸ Information Security ManagementŸ Operations Management of the SMS

Performance Evaluation and Improving the SMSŸ Monitoring the SMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of a SMS conforming to

ISO/IEC 20000-1:2018, including the relationship between its components, eg risk management, controls, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS

Ÿ Advise organisations on SMS best practices Ÿ Manage teams implementing ISO/IEC 20000-1:2018

Audience


implementing a SMS or extending from ITIL etcŸ (IT) Professionals moving into SMS operationŸ CxO and senior managers of a SMS scopeŸ Auditors requiring more SMS implementation insight

Prerequisites


Some past exposure to information or IT security, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO 31000 Risk Manager3 Days - € 1100 - 21 CPDs - Costa Teguise, Lanzarote, Canary Islands, Spain

Next Dates: 15. - 17. April 2019 and 25. - 27. November 2019

This three day course provides an overview to the generic principles of risk management based on ISO 31000:2018,

and how to apply the same across an organisation, eg for operational or financial risk, the various risk-based management systems like IMS, QMS, EMS, SMS, BCMS, ISMS, OH&SMS etc.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2012, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.


Outline

Introduction to Risk Management per ISO 31000:2018Ÿ Concepts and Definitions relating to Risk ManagementŸ Risk Management Standards, Frameworks and MethodologiesŸ Implementation of a Risk Management FrameworkŸ Understanding an Organisation and its Context

Elements of the Risk Management Framework Ÿ Risk IdentificationŸ Risk Analysis and Risk EvaluationŸ Risk TreatmentŸ Risk Acceptance and Residual Risk ManagementŸ Risk Communication and ConsultationŸ Risk Monitoring and Review

Examples of Risk Assessment MethodologiesŸ Overview to IEC 31010:2009Ÿ Brainstorming, DELPHIŸ Hazard Analysis using HAZOP and HACCPŸ Scenario AnalysisŸ Fault and Failure Analysis using FTA, FMEA and FMECA Ÿ Cause and Effect Diagram

Objectives

Completion of this course will enable students toŸ Understand concepts, approaches, methods, tools

and techniques for effective risk management according to ISO 31000:2018

Ÿ Understand the relationship between risk management and requirements of interested parties

Ÿ Implement, maintain and manage an ongoing risk management program

Ÿ Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like Ÿ Risk managers and Business process ownersŸ Project managers, consultants and team members

implementing and operating management systemsŸ Regulatory compliance managersŸ Auditors requiring more risk management insight

Prerequisites


Some past exposure to risk management and / or management systems helpful, but not required.


The course ends with a two hour written essay-style exam on the last day available in multiple languages.



SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PECB ISO/IEC 27005 Information SecurityRisk Manager


Next Dates: 24. - 26. April 2019 and 11. - 13. November 2019

This three day course provides an overview to the principles of risk management in information security based on ISO/IEC 27005:2018,

and how to apply the same across an organisation, eg for the context of certification to ISO/IEC 27001:2013.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2018.

ISO/IEC 27005:2018 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.


Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2018Ÿ Concepts and Definitions relating to Risk ManagementŸ Risk Management Standards, Frameworks and MethodologiesŸ Implementation of a Risk Management FrameworkŸ Understanding an Organisation and its Context

Elements of the Risk Management Framework Ÿ Risk IdentificationŸ Risk Analysis and Risk EvaluationŸ Risk TreatmentŸ Risk Acceptance and Residual Risk ManagementŸ Risk Communication and ConsultationŸ Risk Monitoring and Review

Examples of Risk Assessment MethodologiesŸ Operational Critical Threat, Asset and Vulnerability Evaluation

(OCTAVE)Ÿ Harmonised Risk Analysis Method (MEHARI)Ÿ Expression of Needs and Identification of Security Objectives

(EBIOS)Ÿ Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students toŸ Understand concepts, approaches, methods, tools

and techniques for effective information security risk management according to ISO/IEC 27005:2018

Ÿ Understand the relationship between risk management, controls and ISO/IEC 27001:2013

Ÿ Implement, maintain and manage an ongoing information security risk management program

Ÿ Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like Ÿ Risk managers and Information security officersŸ Project managers, consultants and team members

implementing and operating information security management systems

Ÿ Auditors requiring more risk management insight

Prerequisites




The course ends with a two hour written essay-style exam on the last day available in multiple languages.



SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


Managing Cyber Security Risk and Resilience5 Days - € 1750 - 31 CPDs - Costa Teguise, Lanzarote, Canary Islands, Spain

Next Dates: 18. - 22. November 2019

This five day course provides an overview to cyber security strategies based on a wide range of available best practice approaches,

applicable in the context of supporting organisations in setting up cyber security resilience capabilities.

Overview

The five day course builds on knowledge of information security management practices to equip participants with the know-how to manage cyber security risk and resilience to meet compliance objectives in organisations of any size.

Information security risk management and a resilient approach to cyber security focus the organization on managing risk to critical assets by optimizing both protection and continuity strategies. Although a daunting challenge, improving an organization's capabilities does not always require significant additional financial investment.

The course consists of a mix of presentation, discussion and drawing on real live case studies.

Outline

Part One: Cyber Security RiskŸ The current landscape of cyber security standards, best practice

and guidance documentsŸ NCSC (UK) 10 Steps to Cyber Security and Cyber EssentialsŸ CIS Top 20 Critical Controls for effective Cyber DefenceŸ NIST Cyber Security FrameworkŸ TCCYBERŸ HITRUST CSFŸ Standards of Good Practice for Information Security Ÿ The IT Capability Maturity FrameworkŸ Payment Card Industry Standard (PCI – DSS)Ÿ The Cyber Risk Framework of the World Economic Forum, and

the European Union Agency for Network and Information Security (ENISA)

Ÿ Information security risk management as the core competence of cyber security management

Ÿ Key requirements (outcomes) of an effective cyber security risk management strategy

Ÿ The role and the importance of people, processes and technology in cyber security

Ÿ Using Cyber security and IT governance best practice frameworks such as COBIT 5

Part Two: Cyber ResilienceŸ Essentials of Cyber Resilience (The Cyber Resilience Lifecycle)Ÿ Essentials of building a Cyber-Resilient OrganisationŸ How ISO22301 is essential to achieving cyber resilience in the

event of a cyber security attack

Objectives

Completion of this course will enable students toŸ Provide advice and guidance on cyber security and

resilience issues to help protect an organisation against cyber security threats

Ÿ Explain the relationship of cyber security and resilience to other forms of security, and draw together these domains for the organisation's maximum benefit

Ÿ Define stakeholders and provide a description of their roles with regards to cyber security

Ÿ Investigate and detect cybercrimeŸ Understand the framework for resolving cyber

security issues through collaboration

Audience


implementing cyber security resilience measures Ÿ (Security) Risk managers Ÿ CxO and senior managersŸ Auditors requiring more cyber security insight

Prerequisites


Some past exposure to business risk, cyber, information or IT security helpful, but not required.


The course ends with a three hour written essay-style exam in English on the last day.

This course has been designed by and SoftQualMpartners, who also mark the exam and issue the Cyber Security Professional certification in accordance with ISO/IEC 17024:2012.


SoftQualMTraining









Third Party Supplier and Vendor Risk Management5 Days - € 1750 - 31 CPDs - Costa Teguise, Lanzarote, Canary Islands, Spain

Next Dates: 28. October - 1. November 2019

This five day course provides an overview to principles of third party supplier and vendor security risk assessment and management

and how to implement the respective function in an organisation.

Overview

This five day course enables participants to develop the necessary expertise to support organisations implementing and effectively managing third-party supplier and vendor risk.

Hardly a day goes by without hearing about yet another organisation's data being compromised after hackers gained access to it through a third party supplier or vendor. Each incident highlights that in addition to in-house information security, organisations now also need to ensure that their third party suppliers and vendors' (cyber) security standards meet or exceed their own.

The course consists of a mix of presentation, discussion and drawing on real live case studies.

Outline

Introduction to Outsourcing EssentialsŸ Fundamentals of effective OutsourcingŸ Understanding the OrganisationŸ Clarifying Outsourcing ObjectivesŸ Analysis of existing Outsourcing

Planning the Implementation of OutsourcingŸ Risk Management FrameworkŸ Third-Party Supplier and Vendor Risk GovernanceŸ Outsourcing PolicyŸ Business ContinuityŸ Internal AuditŸ Communication, Training and Awareness, Documentation

Implementation of Outsourcing Process ActivitiesŸ Pre-outsourcing AnalysisŸ The Outsourcing Contractual PhaseŸ Information System and Data SecurityŸ Access, Information and Audit RightsŸ Due Diligence and Risk Assessment of Outsourcing ArrangementŸ Oversight of the Outsourcing Arrangement and Exit strategy

Monitoring and Control of Outsourcing ArrangementsŸ Inventory and Risk-based Segmentation of Service ProvidersŸ Establishment of Management Control GroupsŸ Periodic Reviews, Reporting Policies and ProceduresŸ Performing Information Security Control Assessments

Cloud OutsourcingŸ Essentials on Outsourcing to Cloud Service Providers

Objectives

Completion of this course will enable students toŸ Understand best practice for establishing,

implementing, operating, monitoring, reviewing, maintaining and improving third party supplier and vendor security controls to protect outsourced information assets

Ÿ Gain a comprehensive understanding of the concepts and approaches of effective risk-based outsourcing

Ÿ Manage a team implementing outsourcingŸ Gain knowledge and skills required to advise

organisations on how to implement effective risk-based outsourcing

Audience


implementing third-party supplier and vendor risk management

Ÿ CxO and senior managersŸ Procurement Professionals / Auditors requiring third

party supplier and vendor risk management insight

Prerequisites




The course ends with a three hour written essay-style exam in English on the last day.

This course has been designed by and SoftQualMpartners, who also mark the exam and issue the Third Party Risk Management Professional certification in accordance with ISO/IEC 17024:2012.


SoftQualMTraining









PRINCE2 Project ManagementFoundation



This three day course provides an overview to the basics of PRINCE2 Project Management.

This course can be combined with the PRINCE2 Practitioner course at a special rate of € 2100 for both courses.

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.


Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1Ÿ Introduction PRINCE2Ÿ PRINCE2 Process ModelŸ Starting Up a ProjectŸ OrganisationŸ Business Case

Day 2Ÿ Initiating a ProjectŸ QualityŸ PlansŸ RiskŸ ChangeŸ Controlling a StageŸ Managing Product DeliveryŸ Progress

Day 3Ÿ Managing a Stage BoundaryŸ Closing a ProjectŸ Tailoring PRINCE2 to the Project Environment Ÿ PRINCE2 Foundation Exam

Objectives

Completion of this course will enable students toŸ Understand basics of PRINCE2 Project ManagementŸ Know the basic differences between the PRINCE2

Principles, Themes and ProcessesŸ Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like Ÿ Project managersŸ Consultants and team members managing or

supporting a project using PRINCE2Ÿ CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.


The course is delivered by Trainers of BPMO Solutions BV, a PRINCE2 Accredited Training Organisation. See www.bpmo-solutions.com for full details.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees.

SoftQualMTraining







http://www.bpmo-solutions.com



PRINCE2 Project ManagementPractitioner



This two day course teaches how to use the PRINCE2 Project Management method in real-life.

This course can be combined with the PRINCE2 Foundation course at a special rate of € 2100 for both courses.

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.


Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1Ÿ Summary of the PRINCE2 MethodŸ Analysis of the 'Managing Successful Project with PRINCE2' BookŸ PRINCE2 Test Exam 1

Day 2Ÿ Review and Analysis of PRINCE2 Test Exam 2Ÿ PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students toŸ To understand PRINCE2 Project Management method

in enough detail Ÿ Successfully participate in the PRINCE2 Practitioner

exam

Audience

This course is aimed at students with (future) roles like Ÿ Project managersŸ Consultants and team members managing or

supporting a project using PRINCE2Ÿ CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam.

Preferably attend the PRINCE2 Foundation course using BPMO's training materials.


The course is delivered by Trainers of BPMO Solutions BV, a PRINCE2 Accredited Training Organisation. See www.bpmo-solutions.com for full details.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees.

SoftQualMTraining










Installing, Configuring and Managing a Windows Server 2016 Public Key Infrastructure


Next Dates: 28. October - 1. November 2019

This five day course provides an overview to concepts of a Public Key Infrastructure (PKI) and demonstrates with hands-on labs

how to implement Active Directory Certificate Services in a Windows Server 2016 environment.

Overview

This five day course starts with the basics of a Public Key Infrastructure (PKI) and ends with more advanced topics. This intensive technical course is intended for anyone who is interested in implementing, configuring and managing Active Directory Certificate Services.

The course has a balance between the theoretical and practical part and contains exercises with real world examples. Total lab time of the course is more than 50%.

Contents

Ÿ Understanding CryptographyŸ Designing a Public Key InfrastructureŸ Installing and Configuring Active Directory Certificate ServicesŸ Certificate TemplatesŸ Certificate EnrollmentŸ Key Archival and RecoveryŸ Backup and Restore Certificate AuthorityŸ Backup and Clean-up Certificate Authority DatabaseŸ Network Device Enrollment ServiceŸ Implementing Code SigningŸ Implementing an SMTP Exit ModuleŸ Installing and Configuring an Online Certificate Status ProtocolŸ Use OpenSSL to Generate Certificate RequestsŸ Use of SSL to Secure RDP ConnectionsŸ Implementing IEEE 802.1x for Wired Networks using a Cisco

Catalyst SwitchŸ Implementing IEEE 802.1x for Wireless Networks using Cisco

Wireless Access PointŸ Implementing Smart Card for Multi-Factor Authentication (Athena)Ÿ Implementing Virtual Smart Cards using Trusted Platform ModuleŸ Deploying Multi-protocol Security Keys for Multi-Factor

Authentication (YubiKey4)Ÿ Implementing Key AttestationŸ Securing BitLocker USB drives with virtual smart cardsŸ Implementing Least-Privilege Administrative ModelsŸ Protecting a Certificate Authority Keys using a Hardware Security

Module (YubiHSM2)Ÿ Installing and Configuring Certificate Enrollment Policy Web Service

Order and focus of the hands-on labs can be adjusted based on interests of the participants.

Objectives

Completion of this course will enable students toŸ Understand the basics of a Public Key Infrastructure

(PKI)Ÿ Implement, configure and manage Windows Server

2016 Active Directory Certificate ServicesŸ Gain knowledge and skills required to advise

organisations on how to implement Windows Server 2016 Active Directory Certificate Services

Audience

This course is aimed at students with (future) roles like Ÿ Windows System Engineers (MCSA, MCSE)Ÿ Security Engineers, PKI consultants

Prerequisites

Knowledge of Windows 7 or Windows 10, Windows Server 2012 or Windows Server 2016, Active Directory, Network Infrastructure Roles, and Group Policies. Experience on how to create users, groups, group policies, installation of roles and features.

An understanding of previous Microsoft Active Directory Certificate Services helpful, but not required.

Participants are required to bring their own computer (min. 16 GB RAM, 60 GB of free disk space) with VMware Professional 14 (licensed or trial version) installed. Virtual machines required will be supplied.

Minimum of three students are required to run this course.


The course ends with an assessment on the last day.

This course has been designed by and SoftQualMpartners, who also assess and issue the Active Directory Certificate Services Professional certification in accordance with ISO/IEC 17024:2012.

Assessment and first year certification fees are included in the course fees.

SoftQualMTraining









Frequently Asked Questions

Should I attend Lead Auditor or Lead Implementer?

While the Lead Implementer courses focus on putting a management system in place, the Lead Auditor courses teach the skills how to evaluate the effectiveness of such a management system, whether through self-assessment, internal audit or certification. Both start with an overview to the management system standard, but the Lead Implementer courses naturally dive deeper into the detail.

So, choose depending on your job role.

Having said that, we find that many students eventually attend both. Why that? Implementers often get involved in internal audit, and hence also need audit skills. Likewise, many auditors find it helpful to gain a deeper understanding of detailed implementation of the management system.

How do I best qualify as Lead Auditor for multiple management system standards?

While you could attend multiple of the individual Lead Auditor courses, you would notice significant repetitions. We would hence rather recommend the Annex SL IMS Lead Auditor course in that case, which teaches auditor skills as well as introducing a range of management system standards.

Will I gain from attending multiple Lead Implementer courses or are they rather repetitive?

Yes. Unlike the Lead Auditor courses, the Lead Implementer courses significantly differ from each other. While implementation strategies are similar, the required processes vary widely from standard to standard.

Do the courses include practice exams?

Unless specifically stated, no.

Most exams are essay-based, i.e. students are presented with a number of questions to be answered free text.

Exercises during the courses are very similar to the exam questions, hence closely participating in those exercises has proven to be the best exam preparation.

Is Information Security not merely IT Security?

No, information security affects all aspects of an organisation. No doubt, IT is a major factor in most places these days, and IT Security hence mostly is a significant part of information security. However, information security also deals with non-IT elements, eg verbal handling of sensitive information in public. Indeed, an ISMS could be implemented in an organisation without a single computer - admittedly a rare scenario today.

Is Business Continuity merely an IT subject?

No, business continuity is about keeping an organisation going in a disruptive situation. This might include IT or not, but most commonly includes dealing with staff and location issues, especially in the context of natural disaster, medical emergencies, major (sports) events etc.

Is ISO/IEC 20000 not merely ITIL?

No, ISO/IEC 20000 applies to any kind of service, not just IT services as relevant to ITIL. While often applied to IT service organisations, other service providers, eg in hospitality, print etc. start to discover ISO/IEC 20000 as a helpful management system in their context.

Which of Risk Management course is right for me?

While the ISO/IEC 27005 Risk Manager course is information security centric, ISO 31000 Risk Manager course casts the net wider looking at risk management in a generic manner thus making it also relevant and applicable for a wide range of other management systems and business activities, including being helpful to satisfy the requirements of a risk-based approach in the latest revisions of ISO 9001, ISO 14001 and ISO 45001.

SoftQualMTraining








General Information

Location

ISO in the Sun courses take place in

Galeon PlayaAvda del JablilloCosta TeguiseLanzarote

Website: www.galeonplaya.com/en/index.html

Lanzarote is the most northerly of the Canary Islands. Though being part of Spain, the Canary Islands are located some 80 km off the coast of Morocco on the Northwest of Africa, almost 2000 km South of Madrid.

SoftQualMTraining

Logistics

We will be more than happy to help source suitable flights and accommodation, whether you come just for the course or want to combine your visit with a break, whether on your own or with family.

Lanzarote being a popular tourist destination, there are direct flights from many airports around Europe by a pretty much endless list of airlines. We personally regularly fly Iberia, Ryanair, EasyJet, Condor and Jet2 to just name some.

If you come from overseas, it is probably best to fly into Madrid (or Barcelona) and connect short-haul, eg with any of the above airlines.

The Galeon Playa (Details above) offers a good range of accommodation. Alternatively, there are plenty other hotels in close proximity. Airport transfers are available throughout.

If you like to hire a car, we can recommend www.cabreramedina.com/EN. Reserve online for pickup at the airport. They also have a station next to the Galeon Playa.







http://www.cabreramedina.com/EN

http://www.galeonplaya.com/en/index.html


General Information

Terms & Conditions

ISO in the Sun SoftQualM is operated by Martin Holzke NIF Y3750235FCalle Ángel Guerra 25, Apto 2135572 TíasLanzarote, Spain

Prices listed in this brochure include courseware, exam fees and Canarian-style lunches.

Courses are invoiced eight weeks before the course to be paid latest two weeks prior to start of the course. We reserve the right to cancel unpaid bookings. Bookings are taken until two weeks before the course.

The Canary Islands are designated as special territory within the EU, which is not part of the EU VAT Area and hence no EU VAT is due nor any EU VAT number issued.

Under Canarian tax rules however, fees are subject to 7% IGIC for clients based in the Canary Islands as well as for students attending in private, i.e. not being delegated and paid for by a company, regardless of their location.

For full terms and conditions please see our website www.ISOintheSun.com.

SoftQualMTraining

Booking and Infos

For booking, infos or other enquiries please contact us

Ÿ via our website www.ISOintheSun.com

Ÿ per email to [email protected]

Ÿ or call +34 609 124 289








mailto:[email protected]


ISO in the Sun 2019 Program in the Sun 2019 Program.pdf · Training 2019 Course Program. More...

Documents

Transcript of ISO in the Sun 2019 Program in the Sun 2019 Program.pdf · Training 2019 Course Program. More...