Risk and Compliance Week (LIVE IN ATLANTA)

Learn ISO 31000 Enterprise Risk Management, and how to leverage the ISO 31000 standard to establish and maintain an ERM program for conducting risk assessments throughout the enterprise.

Then build-out the initial risk program policy right in class! 

A successful risk management initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support. 

And since information security, business continuity/disaster recovery, environmental health and safety, and other critical management systems have the primary purpose of identifying and treating risk, it is essential that your organization establish a common platform and approach for managing risk. 

As the foundation session of CIS risk management training courses, this 3-day risk management training and policy  workshop session provides thorough coverage of the ISO 31000, 31010, 27005, and 23894 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:

• Describe the principles and processes of risk governance and management;
• Provide a thorough overview of the requirements of ISO 31000, ISO 31010, 27005, and 23894;
• Give practical guidance on designing and implementing a suitable enterprise risk management framework;
• Establish a firm program starting point by using ISO standards 31000:2018, 31010, 27005, and 23894 to build out the initial ERM core policy. Soft-copy editable templates are provided in the instructor-led class:
  • Complete ERM Policy (18-Page template provided)
  • ERM Context and Scope Document (10-Page template provided)
  • ERM Risk Assessment and Risk Treatment Methodology Document (18-Page template provided)
  • Procedure for Training and Development Needs Analysis document (8-Page template provided)
  • ERM Program project kick-off document (9-Page template provided)
  • Procedure for Identification of ERM Project Requirements document (4-Page template provided)
  • Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
• Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010, ISO 27005 and ISO 23894 best practices
• Leverage ISO best practices to properly identify, analyze, and evaluate risk 
• Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria) 
• Establish risk monitoring, communication, and reporting
• Prepare participants for the ISO 31000 CICRA exam #RM101
  

Class details

• Duration: 3 days, 8:30 - 4:30
• CPE Credit: 24
• Materials included with live instructor-led training:
  • Class manual (complete hard copy of class presentation)
  • Hardcopy policy templates
  • Softcopy policy templates
  • 14 days of unlimited access to online practice exams for exam #RM101
  • 1 attempt for the online certification exam #RM101
  • Current-year membership in the CIS Body of Certified Professionals
•  
• Professional Certification: This course fulfills all prerequisite training requirements for certification exam #RM101 for professional ISO certifications:
  • Certified ISO 31000 Internal Controls Risk Analyst (No further training or exam is required beyond what is included with this course)
  • Certified ISO 27001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 27001 Internal Controls Architect (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 27001 Lead Auditor (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 22301 Business Continuity Strategist (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 22301 Business Continuity Manager (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 42001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
• Certificate included with class: Upon course completion, we will provide you with an achievement certificate for 24 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
• Recommended prerequisite training: None
• Catering for participants attending in-person at location. (Not available for remote virtual classroom participants):
  
  • Morning refreshments and snack
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

Recommended Attendance by Position

Recommended participants for this ISO 31000 enterprise risk management certification training include:

• CEO / Managing Director / Policy Approvers / Strategy Decision Makers
• Chief Information Officer (CIO / CISO)
• ISO 9001:2015 Quality Managers
• ISO 14001:2015 EMS Managers
• Information security managers
• Compliance officers
• Revenue protection managers
• IT managers
• Risk manager (s)
• Business Continuity Manager (s)
• Health, Safety, and Environment (HSE) Risk Manager (s)
• Facilities managers
• Operations department heads (business unit managers)
• Auditors

CIS Policy Workshop: ISO 31000 Enterprise Risk Management Content Outline:

1. Introduction to ISO 31000, 31010, 27005 and 23894 risk management
   
   • Nature and impact of risk
   • Principles of risk management
   • Review of ISO 31000
   • Achieving the benefits of ERM
2. Risk management architecture and strategy
   
   • Program leadership
     
     • Establishing the risk committee and its charter
   • Program planning and designing
   • Risk context development
   • Creating an ERM Policy and supporting documentation
     
     • Roles & responsibilities
     • Scope
   • Implementing and benchmarking
   • Measuring and monitoring
   • Improving and reporting
3. Risk assessment and risk treatment methodology (Protocol)
   
   • Criteria development
   • Scoping
   • Performing risk assessments
     
     • Risk identification
     • Risk analysis
     • Risk evaluation / Business Impact Assessment
     • Risk treatment evaluation
4. Risk treatment accreditation, risk monitoring, risk review, and risk communication

Establish a firm program starting point by using ISO 31000 to build out the initial ERM core policy. Throughout the class, our expert instructor will convert ISO standard concepts and requirements into a real ISO-conforming Enterprise Risk Policy. Bring your laptop, and you can work right along with the instructor using electronic (MS Word format) templates we provide in class!* Along with the instructor, you will get your ERM program properly initiated by constructing:

• Complete ISO 31000 ERM Policy (18-Page template provided)
• ISO 31000 ERM Context and Scope Document (10-Page template provided)
• ERM Risk Assessment and Risk Treatment Methodology Document (18-Page ISO 31010/27005 template provided)
• Procedure for Training and Development Needs Analysis document (8-Page template provided)
• ISO 31000 ERM Program project kick-off document (9-Page template provided)
• Procedure for Identification of ERM Project Requirements document (4-Page template provided)
• Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)

* ISO Standards are NOT included in this risk management training, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org. 

This program is required for the following professional certification: Certified ISO 31000 Internal Controls Risk Analyst

Preparing for Certified Information Security's professional certification exam #RM101 is serious business. This is where we can help. If you first successfully complete:

• All prerequisite course training; and
• All RM101 online practice exams

Certified Information Security guarantees your success in passing CIS exam #RM101.

If you do not pass exam #RM101 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.

Get trained and certified in establishing, managing, operating, and auditing an ISO 37301 Compliance Management System

Every day, organizations face the ever-increasing need to manage and fulfil regulatory and industry requirements to allow them to conduct business. "Compliance" is no longer simply a legal concern isolated to a legal compliance unit. After all, how the organization operates determines its ability to comply with external stakeholder requirements. This means that compliance requirements permeate all business activities - from procurement, to human resource management, to information management, to manufacturing processes, to environmental management - and on and on. Since complying with one requirement can impact compliance with another requirement, compliance with all of the various requirements in total gets quite complicated. Compliance must be very carefully designed, managed, and monitored - throughout the organization. 

Managing compliance is inexorably linked to managing risk.

Whether fulfilling legal filing and reporting requirements, protecting health and safety, or maintaining quality in manufacturing, we are inevitably managing risk - the uncertainty of successful achieving our objectives. Governmental regulation, industry standards of best practice, and even normal service contracts all exist primarily to ensure the organization manages risk appropriately within externally mandated tolerances. Today, organizations need a mature and well-structured approach to integrating compliance and risk management throughout the enterprise. Not coincidentally, this results in good governance.

What is the ISO 37301 standard?

Developed and published by the International Organization for Standardization in 2021, this standard provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an effective and responsive risk-based compliance management system within an organization. The guidelines on compliance management systems are applicable to all types of organizations. The extent of the application of these guidelines depends on the size, structure, nature and complexity of the organization. ISO 37301 is based on the principles of good governance, proportionality, transparency and sustainability.

Compliance management goes beyond the mere satisfaction of legal requirements. Compliance is also related to meeting the needs and expectations of a wide range of stakeholders. Therefore, making sound choices and setting priorities appropriately is an important part of effective compliance management. The standard takes a risk-based approach to compliance management. As a result, it aligns with ISO 31000 Risk Management – Principles and guidelines, which according to ISO, “provides principles, framework and a process for managing risk.” In conjunction with ISO Standard 31000 (Enterprise Risk Management), This standard is used to establish a formal enterprise wide management system for Governance, Risk, and Compliance (GRC) that will effectively and measurably  improve organizational performance. Since such a program is designed and operated to well-recognized international standards of best practices for GRC, the organization also achieves greater confidence and respect among stakeholders including investors, lenders, regulators, suppliers, customers, and trading partners just to name a few.

ISO 37301 integrates risk assessments, the risk management process, and compliance management. By following ISO risk management practices, organizations embed compliance within the risk-based process. This is an important characteristic of effective compliance management, because it breaks down silos and allows the organization to focus on root-cause risks. This streamlines the compliance process, making it easier to meet the obligations of not only government entities, but the host organization’s own internal code of ethics and its social responsibility objectives. 

How do we get started?

Running an organization requires leadership and teamwork across the entire organization - not just a piece of it. Likewise, establishing, managing, and integrating effective GRC throughout the enterprise requires the same leadership and team members to be trained to support effective GRC together.

Designed to follow our 3-day ISO 31000 Enterprise Risk Management program, this 2-day ISO 29600 Compliance Management policy and strategy workshop continues our compliance risk assessment training to provide thorough coverage of the ISO 37301 standard, as well as setting out advice on the implementation of compliance initiative. Certified Information Security provides the training and credentialing you and your management team need to become recognized as authorities in planning, deploying, managing, and auditing risk and compliance management according to well-recognized and respected international ISO standards that fulfills the expectations and requirements of its regulators, customers, suppliers, and investors. This is the only Compliance Management System training that provides a complete policy template toolkit at no extra charge (available as a separate purchase for online customers).

Upon completion of this training and certificate program, you will: 

• Understand the principles and processes of compliance risk governance and management;
• Get a thorough overview of the requirements of ISO 37301;
• Get practical guidance on designing and implementing a suitable compliance management framework;
• Establish a firm program starting point by using the 37301 standard to build out the initial Compliance Management core policy. Soft-copy editable templates are provided in the instructor-led class:
  • Complete 37301 Compliance Management System Policy 
  • Procedure for Training and Development Needs Analysis document 
  • Compliance Program project kick-off document 
• Leverage ISO best practices to properly manage and monitor compliance requirements 
• Leverage ISO best practices to implement controls to ensure compliance with stakeholder requirements
• Establish compliance monitoring, communication, and reporting 

Class details

• Duration = 2 days, 8:30 - 4:30
• CPE Credit = 16
• Materials included with live instructor-led training
  • Class manual (complete hardcopy of class presentation)
  • Hardcopy policy templates
  • Softcopy policy templates
  • 14 days of unlimited access to online practice exams for exam #CCP101
  • 1 attempt for the online certification exam #CCP101
  • Current-year membership in the CIS Body of Certified Professionals
• Catering for participants attending in-person at location. (Not available for remote virtual classroom participants):: 
  • Morning refreshments and snack
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

 * ISO Standards are NOT included in this risk management training, nor provided in class. ISO standards are available for purchase at www.iso.org.

Recommended participants for this compliance management certification training include:

• Organization Leadership
  • CEO / Managing Director / Chief Operations Officer
  • Chief Information Officer (CIO / CISO)
• Compliance officers
• ISO 27001 Information security manager
• Designated GDPR Data Protection Officer (DPO)
• ISO 9001 Quality managers
• AS 9100 Quality managers
• ISO 14001 EMS managers
• ISO 22000 Food safety managers
• Health, Safety, and Environment (HSE) Risk Manager (s)
• Fraud control / security managers / investigators
• Trade union negotiators and liaisons
• Revenue protection managers
• IT managers
• Risk manager (s)
• Business Continuity Manager (s)
• Facilities managers
• Operations auditors

CIS Policy Workshop: ISO 37301 Compliance Management Content

1. Introduction to compliance management
   
   • Nature and impact of compliance
   • Principles of compliance
   • Review of ISO 37301
   • Achieving the benefits of Governance, Risk, and Compliance (GRC)
2. Compliance management architecture and strategy
   
   • Program leadership
   • Program planning and designing
   • Compliance context development
   • Creating a Compliance Policy and supporting documentation
     
     • Roles & responsibilities
     • Scope
   • Implementing and benchmarking
   • Measuring and monitoring
   • Improving and reporting
3. Compliance processes and controls (Protocol)
   
   • Operational planning and control
   • Establishing controls and procedures
   • Outsourced processes
4. Compliance monitoring, review, improvement, and accreditation 

Policy templates are included with live training

Establish a firm program starting point by using ISO 37301 to build out the initial compliance core policy. Throughout the class, our expert instructor will convert ISO standard concepts and requirements into a real ISO-conforming Compliance Policy.  Along with the instructor, you will get your compliance program properly initiated by constructing:

• Complete Compliance Policy conforming to the ISO 37301 standard
• Procedure for Training and Development Needs Analysis document 
• Compliance Program project kick-off document

* ISO Standards are NOT included in this risk management training, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org. 

Certified ISO 37301 Compliance Professional

Preparing for Certified Information Security's professional certification exam #CCP101 is serious business. This is where we can help. If you first successfully complete:

• All prerequisite course training; and
• All CCP101 online practice exams

Certified Information Security guarantees your success in passing CIS exam #CCP101.

If you do not pass exam #CCP101 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.