Browse by subject matter. Links to full content details and certifications are included.
Policy Workshop: ISO 31000 Enterprise Risk Management (3 days)
As the foundation session of our risk management training courses (including information security and business continuity), this 3-day risk management strategy training and policy workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:
- Describe the principles and processes of risk management;
- Provide a thorough overview of the requirements of ISO 31000, ISO 31010, and 27005;
- Give practical guidance on designing and implementing a suitable enterprise risk management framework;
- Establish a firm program starting point by using ISO standards 31000, 31010, and 27005 to build out the initial ERM core policy
- Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010 and ISO 27005 best practices; and
- Provides pre-requisite training for professional certification as an ISO 31000 Certified Internal Controls Risk Analyst™ (CICRA™).
Executive Overview of ISO 31000 Enterprise Risk Oversight and Strategy (1-Day)
Board members and C-suite executives learn how ISO 31000 ERM can be leveraged to establish better corporate governance, as well as to provide required risk assessments and risk controls for ISO 9001 Quality Management, ISO 14001 Environmental Management, ISO 27001 Information Security, ISO 22301 Business Continuity/Disaster Recovery, ISO 37001 Anti-Bribery and Anti-Corruption, ISO 45001 OHS, and other ISO organizational management systems.
- Learn ISO leadership requirements for board oversight and C-suite executives
- Learn how to properly scope the risk management program
- Establish formal roles and responsibilities to manage operational risk throughout the enterprise
- Establish risk context criteria for risk acceptance, risk evaluation, and business impact
CIS Policy Workshop: ISO 37301 Compliance Management (2 days)
Get trained and certified in establishing, managing, operating, and auditing an ISO 37301 Compliance Management System
Every day, organizations face the ever-increasing need to manage and fulfil regulatory and industry requirements to allow them to conduct business. "Compliance" is no longer simply a legal concern isolated to a legal compliance unit. After all, how the organization operates determines its ability to comply with external stakeholder requirements. This means that compliance requirements permeate all business activities - from procurement, to human resource management, to information management, to manufacturing processes, to environmental management - and on and on. Since complying with one requirement can impact compliance with another requirement, compliance with all of the various requirements in total gets quite complicated. Compliance must be very carefully designed, managed, and monitored - throughout the organization.
Upon completion of this training and certificate program, you will:
- Understand the principles and processes of risk governance and management;
- Get a thorough overview of the requirements of ISO 37301:2021;
- Get practical guidance on designing and implementing a suitable compliance management framework;
- Establish a firm program starting point by using ISO standard 37301 to build out the initial Compliance Management core policy. Soft-copy editable templates are provided in the instructor-led class:
- Complete ISO 37301 Compliance Management System Policy
- Procedure for Training and Development Needs Analysis document
- ERM Program project kick-off document
- Leverage ISO best practices to properly manage and monitor compliance requirements
- Leverage ISO best practices to implement controls to ensure compliance with stakeholder requirements
- Establish compliance monitoring, communication, and reporting
Policy Workshop: ISO 27001 Information Security Management (2 days)
This 2-day ISO 27001 training and certification workshop provides thorough coverage of the ISO 27000 standards, as well as setting out advice on the implementation of an information security initiative. The purpose of the course is to:
- Describe the principles and processes of information security governance and management;
- Provide thorough coverage of the requirements of ISO 27001;
- Give practical guidance on designing a suitable framework;
- Give practical advice on implementing information security management;
- Prepare you for your ISO 27001 certification exams required for Certified Internal Controls Architect (CICA) professional credentialing;
- Establish a firm program starting point by using ISO 27001, ISO 27002, and 27003 to build out the initial Information Security Management core policy; and
- Partially satisfy the pre-requisite training necessary for professional certification as an ISO 27001 Certified Internal Controls Architect (CICA™).
ISO 27001 Lead Auditor (1 day)
Based upon the ISO 27001 related auditing standards ISO 27007:2011 and 19011:2011, this one-day course will provide an intensive overview of how to manage an internal audit of an organization's risk management program in along with its corresponding information security management system. It will also provide valuable guidance on conducting the internal audits, on establishing and validating the competence of ISMS auditors, and prepare you for your ISO 27001 lead auditor certification exams required for the well-recognized ISO 27001 Lead Auditor professional certification.
This course is applicable to those needing to understand or conduct internal or external audits of a risk management system supporting an ISMS, or how to manage an ISO 27001 ISMS audit program. This is the only ISO 27001 Lead Auditor training and professional examination program to incorporate ISO's 27007 standard as core content within its program. Building upon the foundation understanding of the ISO 27005 risk management framework and ISO 27001 framework validated by the Certified Internal Controls Architect credential , the ISO 27001 Lead Auditor certification certifies your ability to audit the formal structure, governance, and policy of an ISO 27001 conforming Information Security Management System (ISMS). Furthermore, the ISO 27001 Lead Auditor certification ensures that you are qualified to assure strategic objectives according to core ISO 27001, 27002, 27003, and 27005 best practices. This IRMCB course partially satisfies the prerequisite training necessary for certification as an ISO 27001 Lead Auditor.
NIST Cybersecurity Framework (CSF)
The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States and around the world can assess and improve their ability to prevent, detect, and respond to cyber attacks. The framework has been translated to many languages, and is used by the governments of Japan and Israel, among others.
An Accessible and Powerful Framework
The NIST CSF is now the go-to playbook for countless organizations for building a robust data protection strategy. It’s structured along five core functions — Identify, Protect, Detect, Respond and Recover — each of which captures and curates the essential goals and actions that should be prioritized across the cybersecurity lifecycle.
Policy Workshop: ISO 22301 Business Continuity Management (2 days)
This 2-day ISO 22301 business continuity training and policy workshop provides participants with a solid understanding of business continuity management. It is based on industry best practice and guidelines for business continuity and reviews the ISO 22301 Standard for business continuity management. Practical exercises and instructor-led discussions will help students understand the benefits of business continuity management in an organization.
This business continuity training will:
- Describe the principles and processes of business continuity management and governance;
- Provide thorough coverage of the requirements of ISO 22301;
- Give practical guidance on designing a suitable framework and business continuity management strategy;
- Give practical advice on setting up and operating business continuity management;
- Partially satisfy the prerequisite training for eligibility to be certified as an ISO 22301 Certified Business Continuity Strategist™ (CBCS™); and
- Establish a firm program starting point by using ISO 22301 to build out the initial Business Continuity Management core policy.
Deploy, Exercise, and Certify Business Continuity Management (2 days)
Building upon the foundation understanding of the ISO 22301 Business Continuity Management System (BCMS) platform learned in "Policy Workshop: ISO 22301 Business Continuity Management", this IRMCB course provides participants with the knowledge, methods, and skills to put the previous course's strategy into practice. It is based on industry best practice and guidelines for business continuity based upon the ISO 22301 and 22313 standards. Again, practical exercises and instructor-led discussions will help students understand the techniques to deploy, test, and maintain business continuity management in an organization. This course will partially satisfy the prerequisite training necessary for eligibility for certification as an ISO 22301 Certified Business Continuity Administrator™ (CBCA™) or ISO 22301 Certified Business Continuity Manager™ (CBCM™).
Certified ISO 37001 Anti-Bribery & Corruption Manager (5 days)
This five-day workshop will enable participants to:
- Plan, deploy, manage, and manage Anti-bribery Management System in accordance with ISO 37001
- Understand the approaches, methods, measures and techniques required for the effective management of Anti-bribery Management System
- Identifying risk and opportunities associated with an organization
- Support an organization in establishing, implementing, managing and maintaining the Anti-bribery Management System as specified in ISO 37001
- Advise organizations on the anti-bribery good practices
- Prepare an organization for an ISO 37001 audit
- Become eligible for professional certification as a Certified ISO 37001 Anti-Bribery & Corruption Manager™
Fraud Prevention and Detection (3 days)
This three-day workshop will enable participants to:
- Assess an organization's current capabilities to properly prevent, detect, investigate, and recover losses resulting from internal fraud or abuse;
- Detect a wide variety internal fraud and corruption, including (but not limited to) purchasing and acquisition fraud, payroll fraud, check fraud, reporting fraud, and abuse of company assets;
- Effectively investigate suspicions of internal fraud or abuse to support recovery of losses, possible termination or disciplinary proceedings, or even potential prosecution; and
- Partially satisfy the prerequisite training necessary to be eligible for certification as a Certified Fraud Control Associate™, Certified Fraud Control Professional™, or Certified Fraud Control Manager™.
Fraud Investigation and Interviewing (2 days)
This two-day workshop will give participants the knowledge and skills you need to effectively interview and interrogate witnesses, conspirators, and perpetrators potentially involved with incidents of fraud or abuse. Set into a practical workshop format, important concepts are reinforced through your in-class analysis of real videotaped interviews from actual investigations of two cases of internal employee fraud. This session partially satisfies the prerequisite training necessary to be eligible for certification as a Certified Fraud Control Associate™, Certified Fraud Control Professional™, or Certified Fraud Control Manager ™.
CIS Policy Workshop: ISO 45001 Occupational Health and Safety Management
Learn ISO Risk Management, and how to leverage ISO 31000 and ISO 31010 to facilitate OH&S hazard analysis and risk assessments
Since occupational health and safety has a primary purpose of identifying and treating risk, it is essential that your organization establish a consistent methodology for assessing and managing risk. This 2-day risk assessment workshop session provides thorough coverage of the ISO 31000 and 31010 standards, as well as setting out advice on the implementations of an ISO risk assessments.