iso in the sun 2018 program - softqualm in the sun 2018 program.pdf · iso/iec 27001:2013 Ÿ...

ISO in the Sun

SoftQualMTraining

2018Course Program

http://www.ISOintheSun.com


www.ISOintheSun.com

http://www.softqualm.com

https://www.instagram.com/isointhesun/

https://www.instagram.com/isointhesun/

More Courses, Dates, T&Cs, Info and Booking:www.ISOintheSun.com or +34 609 124 289

Welcome to our ISO in the Sun

2018 Course Program

Individual as well as Integrated Management Systems addressing Risk, Information Security, Business Continuity, (IT) Services and other areas are getting ever more important for ever more organisations.

As conformity with the ISO standards and other frameworks increasingly becomes a requirement to do business, management and their staff wonder how to get there.

ISO in the Sun is an ongoing series of courses on Risk, Information Security, Business Continuity, Service, Project and Integrated Management, hosted by in SoftQualMthe beautiful surroundings of Lanzarote in the Canary Islands, Spain.

This is the ideal opportunity to combine your continuing professional education with a break in the sun.

We believe that the success of training courses is greatly enhanced by an enjoyable learning environment.

At the end of training day you can relax at the beach and have dinner outside in one of the many restaurants - just as we do at lunch time - all thanks to the great climate here all year around where Winter doesn’t exist.

We limit courses to ten students as well as running courses even with only one or two students.

You learn from instructors with a wealth of real-world experience. As for myself, I travel the world as consultant, auditor and trainer, and love sharing those experiences that often put things into perspective in my courses.

As an added benefit, students regularly confirm that they save significantly coming here compared to attending similar courses in the typical metropolitan settings.

Our Students come from all kinds of industries and sizes of organisations world-wide, from freelance consultants and auditors, SMEs to Multinationals and EU institutions.

Our courses are usually open and hence held in English yet exams often available in multiple languages. Our trainers are however multi-lingual and we can arrange courses eg in German as well as “in-house” in Lanzarote or for self-study. Simply enquire.

We are scheduling more events all the time, so please follow us on social media and our website or get in touch if interested in other subjects and dates.

We look forward to welcoming you here in Lanzarote

Martin Holzke

SoftQualMTraining

Martin HolzkeFounder of ISO in the Sun







https://www.linkedin.com/company/11011724


Spring 2018 Schedule Overview

SoftQualMTraining

Integrated Management Systems (IMS)

Ÿ ISO Annex SL IMS Lead Auditor12th - 16th March 2018 (5 Days) - € 1750

Information Security

Ÿ ISO 27001 Information Security Management System (ISMS) Lead Auditor19th - 23rd February 2018 (5 Days) - € 1750

Ÿ ISO 27001 Information Security Management System (ISMS) Lead Implementer12th - 16th February 2018 (5 Days) - € 1750

Ÿ ISO 27032 / NIST Framework Cyber Security Resilience19th - 23rd March 2018 (5 Days) - € 1750

Ÿ EU General Data Protection Regulation (GDPR) Data Protection Officer26th February - 2nd March 2018 (5 Days) - € 1750

Business Continuity

Ÿ ISO 22301 Business Continuity Management System (BCMS) Lead Auditor5th - 9th February 2018 (5 Days) - € 1750

Ÿ ISO 22301 Business Continuity Management System (BCMS) Lead Implementer9th - 13th April 2018 (5 Days) - € 1750

Risk Management

Ÿ ISO 31000 Risk Manager26th - 28th March 2018 (3 Days) - € 1100

Ÿ ISO 27005 Information Security Risk Manager4th - 6th April 2018 (3 Days) - € 1100

Quality Management

Ÿ Six Sigma Process Improvement Green Belt9th - 13th April 2018 (5 Days) - € 1750

Service Management

Ÿ ISO 20000 Service Management System (SMS) Lead Auditor9th - 13th April 2018 (5 Days) - € 1750

Ÿ ISO 20000 Service Management System (SMS) Lead Implementer5th - 9th February 2018 (5 Days) - € 1750

Project Management

Ÿ PRINCE2 Foundation19th - 21st March 2018 (3 Days) - € 1300

Ÿ PRINCE2 Practitioner22nd - 23rd March 2018 (2 Days) - € 1100

Ÿ PRINCE2 Foundation + Practitioner19th - 23rd March 2018 (5 Days) - € 2100








Autumn 2018 Schedule Overview

SoftQualMTraining

Integrated Management Systems (IMS)

Ÿ ISO Annex SL IMS Lead Auditor24th - 28th September 2018 (5 Days) - € 1750

Information Security

Ÿ ISO 27001 Information Security Management System (ISMS) Lead Auditor15th - 19th October 2018 (5 Days) - € 1750

Ÿ ISO 27001 Information Security Management System (ISMS) Lead Implementer22nd - 26th October 2018 (5 Days) - € 1750

Ÿ ISO 27032 / NIST Framework Cyber Security Resilience19th - 23rd November 2018 (5 Days) - € 1750

Ÿ EU General Data Protection Regulation (GDPR) Data Protection Officer5th - 9th November 2018 (5 Days) - € 1750

Business Continuity

Ÿ ISO 22301 Business Continuity Management System (BCMS) Lead Auditor12th - 16th November 2018 (5 Days) - € 1750

Ÿ ISO 22301 Business Continuity Management System (BCMS) Lead Implementer19th - 23rd November 2018 (5 Days) - € 1750

Risk Management

Ÿ ISO 31000 Risk Manager8th - 10th October 2018 (3 Days) - € 1100

Ÿ ISO 27005 Information Security Risk Manager29th - 31st October 2018 (3 Days) - € 1100

Quality Management

Ÿ ISO 9001 Quality Management System (QMS) Lead Auditor15th - 19th October 2018 (5 Days) - € 1750

Ÿ ISO 9001 Quality Management System (QMS) Lead Implementer24th - 28th September 2018 (5 Days) - € 1750

Ÿ Six Sigma Process Improvement Green Belt19th - 23th November 2018 (5 Days) - € 1750

Service Management

Ÿ ISO 20000 Service Management System (SMS) Lead Auditor12th - 16th November 2018 (5 Days) - € 1750

Ÿ ISO 20000 Service Management System (SMS) Lead Implementer1st - 5th October 2018 (5 Days) - € 1750

Project Management

Ÿ PRINCE2 Foundation5th - 7th November 2018 (3 Days) - € 1300

Ÿ PRINCE2 Practitioner8th - 9th November 2018 (2 Days) - € 1100

Ÿ PRINCE2 Foundation + Practitioner5th - 9th November 2018 (5 Days) - € 2100








ISO Annex SL Integrated Management System (IMS)Lead Auditor

5 Days - € 1750 - 31 CPDs - Costa Teguise, Lanzarote, Canary Islands, Spain

2018 Dates: 12th - 16th March 2018 and 24th - 28th September 2018

This five day course provides an overview to the structure of an Integrated Management System (IMS) based on ISO Annex SL,

and how to audit the same internally or in the context of certification.

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Proposals for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, eg ISO 9001:2015, ISO 14001:2015, ISO 22301:2012, ISO/IEC 27001:2013 etc, or any further applicable requirements, eg PCI-DSS etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2011.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS-AuditingŸ Setting the Scene: ISO Management SystemsŸ The ISO Management System Audit ApproachŸ Audit Methods

Assessing Elements of an IMS Ÿ IMS Element 1: Leadership (Annex SL clause 5)Ÿ IMS Element 2: Context of the Organisation (Annex SL clause 4)Ÿ Audit Methods - Part 1: Document Review, InterviewŸ IMS Element 3: Support (Annex SL clause 7)Ÿ IMS Element 4: Planning (Annex SL clause 6)Ÿ Audit Methods - Part 2: Observation, SamplingŸ IMS Element 5: Operation (Annex SL clause 8)Ÿ IMS Element 6: Performance Evaluation (Annex SL clause 9)Ÿ Audit Methods - Part 3: CorroborationŸ IMS Element 7: Improvement (Annex SL clause 10)Ÿ IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMSŸ Audit PrinciplesŸ Overview of the different Types of AuditsŸ Certification Process per ISO/IEC 17021-1:2015Ÿ Audit Skills

Objectives

Completion of this course will enable students toŸ Describe core processes of an Annex SL based IMSŸ Identify additional specific requirements based on

the chosen IMS scopeŸ Recognise the range of different audit types, criteria

and objectivesŸ Understand applicable audit methods and develop

skills to apply theseŸ Execute audit aspect of the certification processŸ Manage IMS audit teams

Audience

This course is aimed at students tasked with Ÿ Assessing an organisation's processes

as part of implementing an IMSŸ Performing self-assessments, pre-cert or internal

audits of an IMS Ÿ Acting as (lead) auditor on behalf

of a certification body

Prerequisites

General understanding of common business processes.

Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages.

This course has been designed by and SoftQualMpartners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012.

Exam and first year certification fees are included in the course fees.

SoftQualMTraining







https://www.linkedin.com/company/11011724


ISO 27001 Information Security Management System (ISMS)Lead Auditor


2018 Dates: 19th - 23rd February 2018 and 15th - 19th October 2018

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013,


Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2013 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2011, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015.


Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ ISO/IEC 27001:2013 Certification ProcessŸ Information Security Management System (ISMS)Ÿ Clauses of ISO/IEC 27001:2013

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO/IEC 27001:2013 Certification AuditŸ ISMS Documentation AuditŸ Conducting an Opening Meeting

Conducting the AuditŸ Communication during the AuditŸ Audit procedures: Observation, Document Review, Interview,

Sampling, Technical Verification, Corroboration and EvaluationŸ Audit Test PlansŸ Formulation of Audit Findings Ÿ Documenting Nonconformities

Concluding and Follow-up of the AuditŸ Audit DocumentationŸ Quality ReviewŸ Conducting a Closing Meeting and Conclusion of the AuditŸ Evaluation of Corrective Action PlansŸ Surveillance and Re-Certification AuditsŸ Internal Audit Management Program

Objectives

Completion of this course will enable students toŸ Understand the principles of an ISMS conforming to

ISO/IEC 27001:2013Ÿ Perform ISO/IEC 27001:2013 internal auditsŸ Execute ISO/IEC 27001:2013 certification audits on

behalf of a certification body Ÿ Manage ISMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ ISMS certification auditorsŸ Project managers, consultants and information

security team members participating in ISMS auditsŸ IT and information security practitioners moving into

audit roles

Prerequisites


Some past exposure to information or IT security, management systems and audits helpful, but not required.



This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.


SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 27001 Information Security Management System (ISMS)Lead Implementer


2018 Dates: 12th - 16th February 2018 and 22nd - 26th October 2018

This five day course provides an overview to the structure of an Information Security Management System (ISMS) based on ISO/IEC 27001:2013,

and how to implement the same in an organisation, eg for the purpose of certification.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Information Security Management System based on ISO/IEC 27001:2013.

Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002:2013.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 27000 family of standards, eg ISO/IEC 27003 (Implementation), ISO/IEC 27004 (Measurements), ISO/IEC 27005 (Risk Management) etc.


Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ Information Security Management System (ISMS)Ÿ Clauses of ISO/IEC 27001:2013

Planning and Initiating the ISMS Implementation Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the ISMSŸ Development of Information Security PoliciesŸ Risk Management: Approach, Methodology, Identification,

Analysis, Evaluation and Treatment of RiskŸ Drafting the Statement of Applicability

Implementing the ISMSŸ Implementation of a Document Management FrameworkŸ Design of Controls and Writing ProceduresŸ Implementation of Controls based ISO/IEC 27001:2013 Annex AŸ Development of a Communication, Training & Awareness Program Ÿ Incident ManagementŸ Operations Management of the ISMS

Performance Evaluation and Improving the ISMSŸ Monitoring the ISMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of an ISMS conforming to

ISO/IEC 27001:2013, including the relationship between its components, eg risk management, controls, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of an ISMS

Ÿ Advise organisations on ISMS best practices Ÿ Manage teams implementing ISO/IEC 27001:2013

Audience

This course is aimed at students with (future) roles like Ÿ Project managers, consultants and team members

implementing an ISMSŸ (IT) Professionals moving into ISMS operation Ÿ CxO and senior managers of an ISMS scopeŸ Auditors requiring more ISMS implementation insight

Prerequisites


Some past exposure to information or IT security, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 27032 / NIST FrameworkCyber Security Resilience


2018 Dates: 19th - 23rd March 2018 and 19th - 23rd November 2018

This five day course provides an overview to cyber security strategies based on ISO/IEC 27032:2012 and NIST Cyber Security Framework 1.1,

applicable in the context of supporting organisations in setting up Cyber Security Resilience Capabilities.

Overview

The five day course is divided into two parts.

The first part covers the ISO/IEC 27032:2012, which provides guidance for improving cyber security and drawing out the distinctive aspects of the activity and its dependencies on other security domains, such as internet security, network security, application security, and information security as foundation. Using the advice and guidelines from the standard will assist organisations to develop cyber security resilience capabilities against cyber security threats.

The second part covers implementing NIST Cyber Security Framework 1.1. This framework is a set of principles, ideas, etc. that one may use when forming decisions and judgments. It provides a way to organise, conduct, and drive issues about cyber security goals and improvements for organisations. However it does not prescribe any specific risk management process, or specifies any priority of action.


Outline

Cyber Security per ISO/IEC 27032:2012Ÿ Cyber Security Objectives and RolesŸ Difference between Information and Cyber SecurityŸ Cyber Security Governance and CapabilitiesŸ AwarenessŸ Asset and Risk ManagementŸ Secure DevelopmentŸ Network Monitoring and Incident ResponseŸ Server, Application and End-User ControlsŸ Information Sharing and Coordination

NIST Cyber Security Framework 1.1Ÿ OverviewŸ Core Functions and CategoriesŸ Implementations TiersŸ ProfilesŸ Review of Security PracticesŸ Cyber Security ProgramŸ Communication with Stakeholders

Objectives

Completion of this course will enable students toŸ Provide advice and guidance on cyber security issues

to help protect an organisation against cyber security threats

Ÿ Explain the relationship of cyber security to other forms of security, and draw together these domains for the organisation's maximum benefit

Ÿ Define stakeholders and provide a description of their roles with regards to cyber security

Ÿ Understand the framework for resolving cyber security issues through collaboration

Audience


implementing cyber security resilience measures Ÿ (Security) Risk managers Ÿ CxO and senior managersŸ Auditors requiring more cyber security insight

Prerequisites


Some past exposure to cyber, information or IT security helpful, but not required.



This course has been designed by and SoftQualMpartners, who also mark the exam and issue the Cyber Security Professional certification in accordance with ISO/IEC 17024:2012.


SoftQualMTraining







http://www.softqualm.com


EU General Data Protection Regulation (GDPR)Data Protection Officer


2018 Dates: 26th February - 2nd March 2018 and 5th - 9th November 2018

This five day course provides an overview to the requirements of the GDPR in force and applicable as of 25th May 2018,

and how to implement the same in an organisation dealing with data subjects in the European Union.

Overview

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.


Outline

Introduction to GDPR EssentialsŸ Fundamental Principles of the GDPRŸ Initiating the GDPR ImplementationŸ Understanding the OrganisationŸ Clarifying the Data Protection ObjectivesŸ Analysis of the Existing System

Planning the Implementation of the GDPR Ÿ Leadership and Project ApprovalŸ Data Protection PolicyŸ Definition of the Organizational StructureŸ Data ClassificationŸ Risk Assessment under the GDPR

Deploying the GDPRŸ Privacy Impact Assessment (PIA)Ÿ Design of Security Controls and Drafting of Specific PoliciesŸ Implementation of ControlsŸ Definition of the Document Management ProcessŸ Communication, Training and Awareness Plan

Monitoring and Improving the GDPR complianceŸ Operations and Incident ManagementŸ Monitoring, Measurement, Analysis and EvaluationŸ Internal Audit Ÿ Data Breaches and Corrective ActionsŸ Continual Improvement

Objectives

Completion of this course will enable students toŸ Gain a comprehensive understanding of the

concepts and approaches of the GDPRŸ Understand the new requirements that the GDPR

brings for EU and non-EU organisations and when it is necessary to implement them

Ÿ Manage a team implementing the GDPRŸ Gain the knowledge and skills required to advise

organisations how to manage personal data

Audience

This course is aimed at students with (future) roles like Ÿ Project managers, consultants, advisors and team

members implementing the GDPRŸ Data Protection Officers and senior managers

responsible for the personal data protectionŸ Members of information security, incident

management and business continuity teams

Prerequisites


Some past exposure to data protection helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 22301 Business Continuity Management System (BCMS)Lead Auditor


2018 Dates: 5th - 9th February 2018 and 12th - 16th November 2018

This five day course provides an overview to the structure of a Business Continuity Management System (BCMS) based on ISO 22301:2012,


Overview

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2012 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2011, as well as understanding the certification process according to ISO/IEC 17021-1:2015.


Outline

Introduction to BCMS Concepts per ISO 22301:2012Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Business ContinuityŸ ISO 22301:2012 Certification ProcessŸ Business Continuity Management System (BCMS)Ÿ Clauses of ISO 22301:2012

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO 22301:2012 Certification AuditŸ BCMS Documentation AuditŸ Conducting an Opening Meeting




Objectives

Completion of this course will enable students toŸ Understand the principles of a BCMS conforming to

ISO 22301:2012Ÿ Perform ISO 22301:2012 internal auditsŸ Execute ISO 22301:2012 certification audits on

behalf of a certification body Ÿ Manage BCMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ BCMS certification auditorsŸ Project managers, consultants and business

continuity team members participating in BCMS audits

Ÿ Business continuity practitioners moving into audit roles

Prerequisites


Some past exposure to business continuity, management systems and audits helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 22301 Business Continuity Management System (BCMS)Lead Implementer


2018 Dates: 9th - 13th April 2018 and 19th - 23rd November 2018

This five day course provides an overview to the structure of a Business Continuity Management System (BCMS) based on ISO 22301:2012,


Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2012.

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.


Outline

Introduction to BCMS Concepts per ISO 22301:2012Ÿ Normative, Regulatory and Legal FrameworkŸ ISO 22301:2012 Certification ProcessŸ Business Continuity Management System (BCMS)Ÿ Clauses of ISO 22301:2012

Planning and Initiating the BCMS Implementation Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the BCMSŸ Development of Business Continuity PoliciesŸ Business Impact Analysis (BIA) and Risk Assessment

Implementing the BCMSŸ Implementation of a Document Management FrameworkŸ Design of Business Continuity Processes and Writing ProceduresŸ Implementation of Business Continuity ProcessesŸ Development of a Communication, Training & Awareness Program Ÿ Incident and Emergency ManagementŸ Operations Management of the BCMS

Performance Evaluation and Improving the BCMSŸ Monitoring the BCMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of a BCMS conforming to

ISO 22301:2012, including the relationship between its components, eg risk management, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS

Ÿ Advise organisations on BCMS best practices Ÿ Manage teams implementing ISO 22301:2012

Audience


implementing a BCMSŸ (IT) Professionals moving into BCMS operationŸ CxO and senior managers of a BCMS scopeŸ Auditors requiring more BCMS implementation insight

Prerequisites


Some past exposure to business continuity, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 31000 Risk Manager3 Days - € 1100 - 21 CPDs - Costa Teguise, Lanzarote, Canary Islands, Spain

2018 Dates: 26th - 28th March 2018 and 8th - 10th October 2018

This three day course provides an overview to the generic principles of risk management based on ISO 31000:2009,

and how to apply the same across an organisation, eg for operational or financial risk, the various risk-based management systems like IMS, QMS, EMS, SMS, BCMS, ISMS etc.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2009.

The generic character of ISO 31000:2009 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2009 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2011, ISO 22301:2012, ISO/IEC 27001:2013, SOX, revenue assurance, program and project management, data protection, GDPR etc.


Outline

Introduction to Risk Management per ISO 31000:2009Ÿ Concepts and Definitions relating to Risk ManagementŸ Risk Management Standards, Frameworks and MethodologiesŸ Implementation of a Risk Management FrameworkŸ Understanding an Organisation and its Context

Elements of the Risk Management Framework Ÿ Risk IdentificationŸ Risk Analysis and Risk EvaluationŸ Risk TreatmentŸ Risk Acceptance and Residual Risk ManagementŸ Risk Communication and ConsultationŸ Risk Monitoring and Review

Examples of Risk Assessment MethodologiesŸ Overview to IEC 31010:2009Ÿ Brainstorming, DELPHIŸ Hazard Analysis using HAZOP and HACCPŸ Scenario AnalysisŸ Fault and Failure Analysis using FTA, FMEA and FMECA Ÿ Cause and Effect Diagram

Objectives

Completion of this course will enable students toŸ Understand concepts, approaches, methods, tools

and techniques for effective risk management according to ISO 31000:2009

Ÿ Understand the relationship between risk management and requirements of interested parties

Ÿ Implement, maintain and manage an ongoing risk management program

Ÿ Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like Ÿ Risk managers and Business process ownersŸ Project managers, consultants and team members

implementing and operating management systemsŸ Regulatory compliance managersŸ Auditors requiring more risk management insight

Prerequisites


Some past exposure to risk management and / or management systems helpful, but not required.


The course ends with a two hour written essay-style exam on the last day available in multiple languages.



SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 27005 Information SecurityRisk Manager


2018 Dates: 4th - 6th April 2018 and 29th - 31st October 2018

This three day course provides an overview to the principles of risk management in information security based on ISO/IEC 27005:2011,

and how to apply the same across an organisation, eg for the context of certification to ISO/IEC 27001:2013.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2011.

ISO/IEC 27005:2011 builds onto the generic risk management principles set out in ISO 31000:2009, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.


Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2011Ÿ Concepts and Definitions relating to Risk ManagementŸ Risk Management Standards, Frameworks and MethodologiesŸ Implementation of a Risk Management FrameworkŸ Understanding an Organisation and its Context

Elements of the Risk Management Framework Ÿ Risk IdentificationŸ Risk Analysis and Risk EvaluationŸ Risk TreatmentŸ Risk Acceptance and Residual Risk ManagementŸ Risk Communication and ConsultationŸ Risk Monitoring and Review

Examples of Risk Assessment MethodologiesŸ Operational Critical Threat, Asset and Vulnerability Evaluation

(OCTAVE)Ÿ Harmonised Risk Analysis Method (MEHARI)Ÿ Expression of Needs and Identification of Security Objectives

(EBIOS)Ÿ Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students toŸ Understand concepts, approaches, methods, tools

and techniques for effective information security risk management according to ISO/IEC 27005:2011

Ÿ Understand the relationship between risk management, controls and ISO/IEC 27001:2013

Ÿ Implement, maintain and manage an ongoing information security risk management program

Ÿ Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like Ÿ Risk managers and Information security officersŸ Project managers, consultants and team members

implementing and operating information security management systems

Ÿ Auditors requiring more risk management insight

Prerequisites


Some past exposure to risk management and / or management systems helpful, but not required.


The course ends with a two hour written essay-style exam on the last day available in multiple languages.



SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 9001 Quality Management System (QMS)Lead Auditor


2018 Dates: 15th - 19th October 2018

This five day course provides an overview to the structure of an Quality Management System (QMS) based on ISO 9001:2015,


Overview

This five day course enables participants to develop the necessary expertise to audit a Quality Management System against ISO 9001:2015 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.



Outline

Introduction to QMS Concepts per ISO 9001:2015Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ ISO 9001:2015 Certification ProcessŸ Quality Management System (QMS)Ÿ Clauses of ISO 9001:2015

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO 9001:2015 Certification AuditŸ QMS Documentation AuditŸ Conducting an Opening Meeting




Objectives

Completion of this course will enable students toŸ Understand the principles of a QMS conforming to

ISO 9001:2015Ÿ Perform ISO 9001:2015 internal auditsŸ Execute ISO 9001:2015 certification audits on behalf

of a certification body Ÿ Manage QMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ QMS certification auditorsŸ Project managers, consultants and QM team

members participating in QMS auditsŸ Quality management practitioners moving into audit

roles

Prerequisites


Some past exposure to quality or other management systems and audits helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 9001 Quality Management System (QMS)Lead Implementer


2018 Dates: 24th - 28th September 2018

This five day course provides an overview to the structure of an Quality Management System (QMS) based on ISO 9001:2015,


Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Quality Management System based on ISO 9001:2015.

Participants will also gain a thorough understanding of best practices of Quality Management Systems to consequently improve an organisation’s customer satisfaction and overall performance and effectiveness.

This training incorporates project management practices and consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to QMS Concepts per ISO 9001:2015Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ Quality Management System (QMS)Ÿ Clauses of ISO 9001:2015

Planning and Initiating the QMS Implementation Ÿ Understanding the Organisation Ÿ Clarifying the Quality ObjectivesŸ Leadership and CommitmentŸ Defining the Scope of the QMSŸ Development of QMS PoliciesŸ Risk AssessmentŸ Planning for Changes

Implementing the QMSŸ Resource ManagementŸ Awareness and CommunicationŸ Document ManagementŸ Operational ControlŸ Product Requirements, Design and Purchasing ProcessŸ Production and Service Provision

Performance Evaluation and Improving the ISMSŸ Monitoring the QMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of a QMS conforming to

ISO 9001:2015, including the relationship between its components, eg requirements of interested parties, risk management, product life cycle and interpret them context-specific

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a QMS

Ÿ Advise organisations on QMS best practices Ÿ Manage teams implementing ISO 9001:2015

Audience


implementing a QMSŸ Professionals moving into QMS operation Ÿ CxO and senior managers of a QMS scopeŸ Auditors requiring more QMS implementation insight

Prerequisites


Some past exposure to quality, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


Six Sigma Process ImprovementGreen Belt


2018 Dates: 9th - 13th April 2018 and 19th - 23rd November 2018

This five day course provides an overview how to implement Six Sigma projects in an organisation based on best practice.

Overview

This five day course enables participants to develop the technical knowledge and skills of a Six Sigma Green Belt, necessary to support an organisation in implementing and managing Six Sigma process improvement projects.

This training consists of a mix of presentation, discussion and exercises based on real-world examples combined with experimental learning and hands-first calculations for deeper understanding prior to use of statistical tools.

Outline

Six Sigma Green Belt IntroŸ Six Sigma OverviewŸ Project Stakeholders

Define PhaseŸ D1 Project SelectionŸ D2 Scope ProjectsŸ D3 Develop Charter

Measure Phase Ÿ M1 Detailed Process MapsŸ M2 Data AnalysisŸ M3 Data Management PlansŸ M4 Algebra Review & Summary StatisticsŸ M5 Graphical DisplaysŸ M6 Time Based Displays

Analyze PhaseŸ A1 Value Add AnalysisŸ A2 Stratification AnalysisŸ A3 Root Cause Analysis

Improve and Control PhaseŸ I1 Process ImprovementŸ I2 Project ValidationŸ C1 Control MethodsŸ C2 Control ChartsŸ C3 Sustainability

Objectives

Completion of this course will enable students toŸ Understand fundamental principles of process

improvementŸ Use DMAIC methodologyŸ Leverage the GRES methodology for problem-solvingŸ Verify using statistical and common sense methodsŸ Learn how to shift processes, reduce variation,

stabilize processes, and improve their capabilitiesŸ Facilitate Green Belt process improvement projects

Audience

This course is aimed at students with (future) roles like Ÿ Managers or consultants involved with and

committed to process improvementsŸ Individuals seeking to improve business, production,

or service processesŸ Six Sigma project team leaders / team membersŸ Expert advisors implementing of Six Sigma projects

Prerequisites


Some past exposure to quality, process improvement and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 20000 Service Management System (SMS)Lead Auditor


2018 Dates: 9th - 13th April 2018 and 12th - 16th November 2018

This five day course provides an overview to the structure of a Service Management System (SMS) based on ISO/IEC 20000-1:2011,


Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2011 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.



Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2011Ÿ Normative, Regulatory and Legal FrameworkŸ Fundamental Principles of Information SecurityŸ ISO/IEC 20000-1:2011 Certification ProcessŸ Service Management System (SMS)Ÿ Clauses of ISO/IEC 20000-1:2011

Planning and Initiating the Audit Ÿ Fundamental Audit Concepts and PrinciplesŸ Audit Approach based on Evidence and RiskŸ Preparation of an ISO/IEC 20000-1:2011 Certification AuditŸ SMS Documentation AuditŸ Conducting an Opening Meeting




Objectives

Completion of this course will enable students toŸ Understand the principles of a SMS conforming to

ISO/IEC 20000-1:2011Ÿ Perform ISO/IEC 20000-1:2011 internal auditsŸ Execute ISO/IEC 20000-1:2011 certification audits on

behalf of a certification body Ÿ Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like Ÿ Internal auditorsŸ SMS certification auditorsŸ Project managers, consultants and service

management team members participating in SMS audits

Ÿ IT and service management practitioners moving into audit roles

Prerequisites


Some past exposure to service management, management systems and / or audits helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


ISO 20000 Service Management System (SMS) Lead Implementer


2018 Dates: 5th - 9th February 2018 and 1st - 5th October 2018

This five day course provides an overview to the structure of a Service Management System (SMS) based on ISO/IEC 20000-1:2011,and how to implement the same in an organisation, eg for the purpose of certification.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2011.

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.


Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2011Ÿ Normative, Regulatory and Legal FrameworkŸ Comparison with ITIL V2 and V3Ÿ Fundamental Principles of Information SecurityŸ ISO/IEC 20000-1:2011 Certification ProcessŸ Service Management System (SMS)Ÿ Clauses of ISO/IEC 20000-1:2011

Planning and Initiating the SMS Implementation Ÿ Gap Analysis, Business Case and Project PlanŸ Defining Scope and Objectives of the SMSŸ Documentation of Processes, Procedures and SLAsŸ Budgeting and Accounting for Services

Implementing the SMSŸ Change, Configuration, Release, Capacity and Availability

ManagementŸ Service Continuity and Security ManagementŸ Incident and Problem ManagementŸ Operations Management of the SMS

Performance Evaluation and Improving the SMSŸ Monitoring the SMS with Metrics, Performance Indicators etcŸ Internal Audit, Management Review and Corrective ActionsŸ Implementation of a Continual Improvement ProgramŸ Preparing for the Certification Audit

Objectives

Completion of this course will enable students toŸ Understand the principles of a SMS conforming to

ISO/IEC 20000-1:2011, including the relationship between its components, eg risk management, controls, requirements of interested parties

Ÿ Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS

Ÿ Advise organisations on SMS best practices Ÿ Manage teams implementing ISO/IEC 20000-1:2011

Audience


implementing a SMS or extending from ITIL etcŸ (IT) Professionals moving into SMS operationŸ CxO and senior managers of a SMS scopeŸ Auditors requiring more SMS implementation insight

Prerequisites


Some past exposure to information or IT security, management systems and / or project management helpful, but not required.





SoftQualMTraining







http://www.pecb.com

http://www.pecb.com


PRINCE2 Project ManagementFoundation


2018 Dates: 19th - 21st March 2018 and 5th - 7th November 2018

This three day course provides an overview to the basics of PRINCE2 Project Management.

This course can be combined with the PRINCE2 Practitioner course at a special rate of € 2100 for both courses.

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.


Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1Ÿ Introduction PRINCE2Ÿ PRINCE2 Process ModelŸ Starting Up a ProjectŸ OrganisationŸ Business Case

Day 2Ÿ Initiating a ProjectŸ QualityŸ PlansŸ RiskŸ ChangeŸ Controlling a StageŸ Managing Product DeliveryŸ Progress

Day 3Ÿ Managing a Stage BoundaryŸ Closing a ProjectŸ Tailoring PRINCE2 to the Project Environment Ÿ PRINCE2 Foundation Exam

Objectives

Completion of this course will enable students toŸ Understand basics of PRINCE2 Project ManagementŸ Know the basic differences between the PRINCE2

Principles, Themes and ProcessesŸ Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like Ÿ Project managersŸ Consultants and team members managing or

supporting a project using PRINCE2Ÿ CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.


The course is delivered by Trainers of BPMO Solutions BV, a PRINCE2 Accredited Training Organisation. See www.bpmo-solutions.com for full details.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees.

SoftQualMTraining







http://www.bpmo-solutions.com



PRINCE2 Project ManagementPractitioner


2018 Dates: 22nd - 23rd March 2018 and 8th - 9th November 2018

This two day course teaches how to use the PRINCE2 Project Management method in real-life.

This course can be combined with the PRINCE2 Foundation course at a special rate of € 2100 for both courses.

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.


Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1Ÿ Summary of the PRINCE2 MethodŸ Analysis of the 'Managing Successful Project with PRINCE2' BookŸ PRINCE2 Test Exam 1

Day 2Ÿ Review and Analysis of PRINCE2 Test Exam 2Ÿ PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students toŸ To understand PRINCE2 Project Management method

in enough detail Ÿ Successfully participate in the PRINCE2 Practitioner

exam

Audience

This course is aimed at students with (future) roles like Ÿ Project managersŸ Consultants and team members managing or

supporting a project using PRINCE2Ÿ CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam.

Preferably attend the PRINCE2 Foundation course using BPMO's training materials.


The course is delivered by Trainers of BPMO Solutions BV, a PRINCE2 Accredited Training Organisation. See www.bpmo-solutions.com for full details.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees.

SoftQualMTraining










Frequently Asked Questions

Should I attend Lead Auditor or Lead Implementer?

While the Lead Implementer courses focus on putting a management system in place, the Lead Auditor courses teach the skills how to evaluate the effectiveness of such a management system, whether through self-assessment, internal audit or certification. Both start with an overview to the management system standard, but the Lead Implementer courses naturally dive deeper into the detail.

So, choose depending on your job role.

Having said that, we find that many students eventually attend both. Why that? Implementers often get involved in internal audit, and hence also need audit skills. Likewise, many auditors find it helpful to gain a deeper understanding of detailed implementation of the management system.

How do I best qualify as Lead Auditor for multiple management system standards?

While you could attend multiple of the individual Lead Auditor courses, you would notice significant repetitions. We would hence rather recommend the Annex SL IMS Lead Auditor course in that case, which teaches auditor skills as well as introducing a range of management system standards.

Will I gain from attending multiple Lead Implementer courses or are they rather repetitive?

Yes. Unlike the Lead Auditor courses, the Lead Implementer courses significantly differ from each other. While implementation strategies are similar, the required processes vary widely from standard to standard.

Do the courses include practice exams?

Unless specifically stated, no.

Most exams are essay-based, i.e. students are presented with a number of questions to be answered free text.

Exercises during the courses are very similar to the exam questions, hence closely participating in those exercises has proven to be the best exam preparation.

Is Information Security not merely IT Security?

No, information security affects all aspects of an organisation. No doubt, IT is a major factor in most places these days, and IT Security hence mostly is a significant part of information security. However, information security also deals with non-IT elements, eg verbal handling of sensitive information in public. Indeed, an ISMS could be implemented in an organisation without a single computer - admittedly a rare scenario today.

Is Business Continuity merely an IT subject?

No, business continuity is about keeping an organisation going in a disruptive situation. This might include IT or not, but most commonly includes dealing with staff and location issues, especially in the context of natural disaster, medical emergencies, major (sports) events etc.

Is ISO/IEC 20000 not merely ITIL?

No, ISO/IEC 20000 applies to any kind of service, not just IT services as relevant to ITIL. While often applied to IT service organisations, other service providers, eg in hospitality, print etc. start to discover ISO/IEC 20000 as a helpful management system in their context.

Which of Risk Management course is right for me?

While the ISO 27005 Risk Manager course is information security centric, ISO 31000 Risk Manager course casts the net wider looking at risk management in a generic manner thus making it also relevant and applicable for a wide range of other management systems and business activities, including being helpful to satisfy the requirements of a risk-based approach in the latest revisions of ISO 9001 and ISO 14001.

SoftQualMTraining








General Information

Location

ISO in the Sun courses take place in

Galeon PlayaAvda del JablilloCosta TeguiseLanzarote

Website: www.galeonplaya.com/en/index.html

Lanzarote is the most northerly of the Canary Islands. Though being part of Spain, the Canary Islands are located some 80 km off the coast of Morocco on the Northwest of Africa, almost 2000 km South of Madrid.

SoftQualMTraining

Logistics

We will be more than happy to help source suitable flights and accommodation, whether you come just for the course or want to combine your visit with a break, whether on your own or with family.

Lanzarote being a popular tourist destination, there are direct flights from many airports around Europe by a pretty much endless list of airlines. We personally regularly fly Iberia, Ryanair, EasyJet, Condor and Jet2 to just name some.

If you come from overseas, it is probably best to fly into Madrid (or Barcelona) and connect short-haul, eg with any of the above airlines.

The Galeon Playa (Details above) offers a good range of accommodation. Alternatively, there are plenty other hotels in close proximity. Airport transfers are available throughout.

If you like to hire a car, we can recommend www.cabreramedina.com/EN. Reserve online for pickup at the airport. They also have a station next to the Galeon Playa.







http://www.cabreramedina.com/EN

http://www.galeonplaya.com/en/index.html


General Information

Terms & Conditions

ISO in the Sun is operated by

SoftQualM Martin Holzke NIF Y3750235FCalle Ángel Guerra 25, Apto 2135572 TíasLanzaroteSpain

Prices listed in this brochure include courseware, exam fees and Canarian-style lunches.

Courses are invoiced eight weeks before the course to be paid latest two weeks prior to course start. We reserve the right to cancel unpaid bookings.

The Canary Islands are designated as special territory within the EU, which is not part of the EU VAT Area and hence no EU VAT is due nor any EU VAT number issued.

Under Canarian tax rules however, fees are subject to 7% IGIC for clients based in the Canary Islands as well as for students attending in private, i.e. not being delegated and paid for by a company, regardless of their location.

For full terms and conditions please see our website www.SoftQualM.com.

SoftQualMTraining

Booking and Infos

For booking, infos or other enquiries please contact us

Ÿ via our website www.ISOintheSun.com

Ÿ per email to [email protected]

Ÿ or call +34 609 124 289








mailto:[email protected]

iso in the sun 2018 program - softqualm in the sun 2018 program.pdf · iso/iec 27001:2013 Ÿ...

Documents