Learn ISO 31000 Enterprise Risk Management, and how to leverage the ISO 31000 standard to establish and maintain an ERM program for conducting risk assessments throughout the enterprise.

Then build-out the initial risk program policy right in class! 

A successful risk management initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support. 

And since information security, business continuity/disaster recovery, environmental health and safety, and other critical management systems have the primary purpose of identifying and treating risk, it is essential that your organization establish a common platform and approach for managing risk. 

As the foundation session of CIS risk management training courses, this 3-day risk management training and policy  workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:

• Describe the principles and processes of risk governance and management;
• Provide a thorough overview of the requirements of ISO 31000:2018, ISO 31010, and 27005;
• Give practical guidance on designing and implementing a suitable enterprise risk management framework;
• Establish a firm program starting point by using ISO standards 31000:2018, 31010, and 27005 to build out the initial ERM core policy. Soft-copy editable templates are provided in the instructor-led class:
  • Complete ERM Policy (18-Page template provided)
  • ERM Context and Scope Document (10-Page template provided)
  • ERM Risk Assessment and Risk Treatment Methodology Document (18-Page template provided)
  • Procedure for Training and Development Needs Analysis document (8-Page template provided)
  • ERM Program project kick-off document (9-Page template provided)
  • Procedure for Identification of ERM Project Requirements document (4-Page template provided)
  • Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
• Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010 and ISO 27005 best practices
• Leverage ISO best practices to properly identify, analyze, and evaluate risk 
• Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria) 
• Establish risk monitoring, communication, and reporting

Class details

• Duration: 3 days, 8:30 - 4:30
• CPE Credit: 24
• Materials included with live instructor-led training:
  • Class manual (complete hardcopy of class presentation)
  • Hardcopy policy templates
  • Softcopy policy templates
  • 14 days of unlimited access to online practice exams for exam #RM101
  • 1 attempt for the online certification exam #RM101
  • Current-year membership in the CIS Body of Certified Professionals
•  
• Professional Certification: This course fulfills all prerequisite training requirements for certification exam #IRM101 for professional ISO certifications:
  • Certified ISO 31000 Internal Controls Risk Analyst
  • Certified ISO 22301 Business Continuity Strategist
  • Certified Business Continuity Manager
• Certificate included with class: Upon course completion, we will provide you with an achievement certificate for 24 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
• Recommended prerequisite training: None
  
• Catering:
  
  • Morning refreshments and snack
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

Recommended Attendance by Position

Recommended participants for this ISO 31000 enterprise risk management certification training include:

• CEO / Managing Director / Policy Approvers / Strategy Decision Makers
• Chief Information Officer (CIO / CISO)
• ISO 9001:2015 Quality Managers
• ISO 14001:2015 EMS Managers
• Information security managers
• Compliance officers
• Revenue protection managers
• IT managers
• Risk manager (s)
• Business Continuity Manager (s)
• Health, Safety, and Environment (HSE) Risk Manager (s)
• Facilities managers
• Operations department heads (business unit managers)
• Auditors

CIS Policy Workshop: ISO 31000 Enterprise Risk Management Content Outline:

1. Introduction to ISO 31000, 31010, and 27005 risk management
   
   • Nature and impact of risk
   • Principles of risk management
   • Review of ISO 31000:2018
   • Achieving the benefits of ERM
2. Risk management architecture and strategy
   
   • Program leadership
     
     • Establishing the risk committee and its charter
   • Program planning and designing
   • Risk context development
   • Creating an ERM Policy and supporting documentation
     
     • Roles & responsibilities
     • Scope
   • Implementing and benchmarking
   • Measuring and monitoring
   • Improving and reporting
3. Risk assessment and risk treatment methodology (Protocol)
   
   • Criteria development
   • Scoping
   • Performing risk assessments
     
     • Risk identification
     • Risk analysis
     • Risk evaluation / Business Impact Assessment
     • Risk treatment evaluation
4. Risk treatment accreditation, risk monitoring, risk review, and risk communication

Establish a firm program starting point by using ISO 31000:2018  to build out the initial ERM core policy. Throughout the class, our expert instructor will convert ISO standard concepts and requirements into a real ISO-conforming Enterprise Risk Policy. Bring your laptop, and you can work right along with the instructor using electronic (MS Word format) templates we provide in class!* Along with the instructor, you will get your ERM program properly initiated by constructing:

• Complete ISO 31000 ERM Policy (18-Page template provided)
• ISO 31000 ERM Context and Scope Document (10-Page template provided)
• ERM Risk Assessment and Risk Treatment Methodology Document (18-Page ISO 31010/27005 template provided)
• Procedure for Training and Development Needs Analysis document (8-Page template provided)
• ISO 31000 ERM Program project kick-off document (9-Page template provided)
• Procedure for Identification of ERM Project Requirements document (4-Page template provided)
• Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)

* ISO Standards are NOT included in this risk management training, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org.

It’s convenient! Certified Information Security provides the training and credentialing you need to become recognized as an authority in information security governance and risk management.  You choose the method of delivery: online through our secure website, or in-person at a publicly available course or privately at your facility.  We take care of the rest – from administration, to record keeping, to providing certificates of completion and certification.

Online students have the additional convenience of taking courses whenever they want. Our program allows users to start and stop without losing their place or data.  Learning and certifying expertise has never been so easy! Get details

 My guarantee to you. 

Allen Keele, CEO of Certified Information Security

Preparing for Certified Information Security's professional certification exam #RM101 is serious business. This is where I can help you. If you first successfully complete:

• All prerequisite course training; and
• All RM101 online practice exams

Certified Information Security guarantees your success in passing CIS exam #RM101.

If you do not pass exam #RM101 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.

CIS Policy Workshop Series: ISO 22301 Business Continuity Management

Get a thorough understanding of the ISO 22301 standard for business continuity and disaster recovery management, how to leverage the ISO 22301 standard to establish and maintain a business continuity management system (BCMS) program. Then build-out the initial ISO 22301-conforming business continuity management program policy right in class!

Business Continuity Management

No two organizations are exactly alike. Even within the same industry and sector, every organization has unique goals, objectives, stakeholders, business processes, and risk tolerance. In order to craft incident response that best fits your organization's needs, you need to establish a system for ongoing understanding and management of those needs. Trying to develop business continuity and contingency procedures before determining what your organization needs the levels of risk it will tolerate, and the organization that will manage business continuity is akin to trying to author a book without first determining a plot. The foundation for business continuity management is established and documented in a business continuity management policy, and this class helps you create or improve that policy.

This 2-day ISO 22301 business continuity strategy and policy workshop provides participants with a solid understanding of business continuity management. It is based on industry best practice and guidelines for business continuity and reviews the ISO 22301 Standard for business continuity management. Practical exercises and instructor-led discussions will help students understand the benefits of business continuity management in an organization.

This business continuity training will:

Recommended Attendance by Position

Recommended participants by role for this business continuity training include:

• Policy Approvers / Strategy Decision Makers
• Chief Information Officer (CIO / CISO)
• Business continuity managers and team members
• ISO 14001 EMS Managers
• Information security managers
• Compliance officers
• Revenue protection managers
• IT managers
• Risk managers
• Operations department heads (business unit managers)
• Auditors

CIS Policy Workshop: ISO 22301 Business Continuity Management

Business Continuity Training Topics:

1. Business Continuity and Disaster Recovery Management, and ISO 22301
   • Principles of business continuity management, disaster recovery, and incident response
   • Review of ISO 22301
   • Achieving the benefits of Business Continuity and Disaster Recovery
2. Business Continuity Management
   • Planning and designing
   • Implementing and benchmarking
   • Measuring and monitoring
   • Learning and reporting
3. Establish a firm program starting point by using ISO 22301 to build out the initial business continuity core policy. Throughout the class, our expert instructor will convert ISO 22301 concepts and requirements into a real ISO 22301-conforming business continuity policy. Bring your laptop, and you can work right along with the instructor using electronic (MS Word format) templates we provide in class!* Along with the instructor, you will get your Business Continuity program properly initiated by constructing:
   • Complete ISO 22301-conforming BRM Policy (29-Page template provided)
   • Procedure for Training and Development Needs Analysis document (8-Page template provided)
   • BCM Program project kick-off document (9-Page template provided)

* ISO Standards are NOT included in this course, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org.

It’s convenient! Certified Information Security provides the training and credentialing you need to become recognized as an authority in information security governance and risk management.  You choose the method of delivery: online through our secure website, or in-person at a publicly available course or privately at your facility.  We take care of the rest – from administration, to record keeping, to providing certificates of completion and certification.

Online students have the additional convenience of taking courses whenever they want. Our program allows users to start and stop without losing their place or data.  Learning and certifying expertise has never been so easy! 

Get details