Learn ISO 31000 Enterprise Risk Management, and how to leverage the ISO 31000 standard to establish and maintain an ERM program for conducting risk assessments throughout the enterprise.

Then build-out the initial risk program policy right in class! 

A successful risk management initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support. 

And since information security, business continuity/disaster recovery, environmental health and safety, and other critical management systems have the primary purpose of identifying and treating risk, it is essential that your organization establish a common platform and approach for managing risk. 

As the foundation session of CIS risk management training courses, this 3-day risk management training and policy  workshop session provides thorough coverage of the ISO 31000, 31010, 27005, and 23894 standards, as well as setting out advice on the implementation of an ERM initiative. The purpose of the training is to:

• Describe the principles and processes of risk governance and management;
• Provide a thorough overview of the requirements of ISO 31000, ISO 31010, 27005, and 23894;
• Give practical guidance on designing and implementing a suitable enterprise risk management framework;
• Establish a firm program starting point by using ISO standards 31000:2018, 31010, 27005, and 23894 to build out the initial ERM core policy. Soft-copy editable templates are provided in the instructor-led class:
  • Complete ERM Policy (18-Page template provided)
  • ERM Context and Scope Document (10-Page template provided)
  • ERM Risk Assessment and Risk Treatment Methodology Document (18-Page template provided)
  • Procedure for Training and Development Needs Analysis document (8-Page template provided)
  • ERM Program project kick-off document (9-Page template provided)
  • Procedure for Identification of ERM Project Requirements document (4-Page template provided)
  • Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)
• Establish a well-developed risk assessment and risk treatment methodology based upon ISO 31010, ISO 27005 and ISO 23894 best practices
• Leverage ISO best practices to properly identify, analyze, and evaluate risk 
• Leverage ISO best practices to mitigate ant treat risk to align to the organization's pre-determined risk tolerance thresholds (risk acceptance criteria) 
• Establish risk monitoring, communication, and reporting
• Prepare participants for the ISO 31000 CICRA exam #RM101
  

Class details

• Duration: 3 days, 8:30 - 4:30
• CPE Credit: 24
• Materials included with live instructor-led training:
  • Class manual (complete hard copy of class presentation)
  • Hardcopy policy templates
  • Softcopy policy templates
  • 14 days of unlimited access to online practice exams for exam #RM101
  • 1 attempt for the online certification exam #RM101
  • Current-year membership in the CIS Body of Certified Professionals
•  
• Professional Certification: This course fulfills all prerequisite training requirements for certification exam #RM101 for professional ISO certifications:
  • Certified ISO 31000 Internal Controls Risk Analyst (No further training or exam is required beyond what is included with this course)
  • Certified ISO 27001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 27001 Internal Controls Architect (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 27001 Lead Auditor (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 22301 Business Continuity Strategist (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 22301 Business Continuity Manager (Further training and an exam is required beyond what is included with this course)
  • Certified ISO 42001 Lead Implementer (Further training and an exam is required beyond what is included with this course)
• Certificate included with class: Upon course completion, we will provide you with an achievement certificate for 24 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
• Recommended prerequisite training: None
• Catering for participants attending in-person at location. (Not available for remote virtual classroom participants):
  
  • Morning refreshments and snack
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

Recommended Attendance by Position

Recommended participants for this ISO 31000 enterprise risk management certification training include:

• CEO / Managing Director / Policy Approvers / Strategy Decision Makers
• Chief Information Officer (CIO / CISO)
• ISO 9001:2015 Quality Managers
• ISO 14001:2015 EMS Managers
• Information security managers
• Compliance officers
• Revenue protection managers
• IT managers
• Risk manager (s)
• Business Continuity Manager (s)
• Health, Safety, and Environment (HSE) Risk Manager (s)
• Facilities managers
• Operations department heads (business unit managers)
• Auditors

CIS Policy Workshop: ISO 31000 Enterprise Risk Management Content Outline:

1. Introduction to ISO 31000, 31010, 27005 and 23894 risk management
2. Risk management architecture and strategy
3. Risk assessment and risk treatment methodology (Protocol)
4. Risk treatment accreditation, risk monitoring, risk review, and risk communication

Establish a firm program starting point by using ISO 31000 to build out the initial ERM core policy. Throughout the class, our expert instructor will convert ISO standard concepts and requirements into a real ISO-conforming Enterprise Risk Policy. Bring your laptop, and you can work right along with the instructor using electronic (MS Word format) templates we provide in class!* Along with the instructor, you will get your ERM program properly initiated by constructing:

• Complete ISO 31000 ERM Policy (18-Page template provided)
• ISO 31000 ERM Context and Scope Document (10-Page template provided)
• ERM Risk Assessment and Risk Treatment Methodology Document (18-Page ISO 31010/27005 template provided)
• Procedure for Training and Development Needs Analysis document (8-Page template provided)
• ISO 31000 ERM Program project kick-off document (9-Page template provided)
• Procedure for Identification of ERM Project Requirements document (4-Page template provided)
• Procedure for Identification of Statutory, Regulatory, and Contractual Requirements document (1-Page template provided)

* ISO Standards are NOT included in this risk management training, nor provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org. 

This program is required for the following professional certification: Certified ISO 31000 Internal Controls Risk Analyst

Preparing for Certified Information Security's professional certification exam #RM101 is serious business. This is where we can help. If you first successfully complete:

• All prerequisite course training; and
• All RM101 online practice exams

Certified Information Security guarantees your success in passing CIS exam #RM101.

If you do not pass exam #RM101 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.

Unlocking Business Success with ISO 42001 and Artificial Intelligence

In today's rapidly evolving technological landscape, businesses are constantly seeking ways to stay ahead of the curve. One of the most promising avenues for achieving this is through the implementation of Artificial Intelligence (AI). However, with great power comes great responsibility. This is where ISO 42001 comes into play. This international standard provides a comprehensive framework for managing AI systems, ensuring they are used responsibly and effectively to drive business success. Artificial Intelligence has the potential to revolutionize the way businesses operate. From automating routine tasks to providing deep insights through data analysis, AI can significantly enhance efficiency and productivity.

Understanding ISO 42001

ISO 42001, officially known as ISO/IEC 42001:2023, is the world's first AI management system standard. It specifies the requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. This standard is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems.

The significance of ISO 42001 lies in its comprehensive approach to managing AI. It addresses the unique challenges posed by AI, such as ethical considerations, transparency, and continuous learning. By providing a structured way to manage risks and opportunities associated with AI, ISO 42001 helps organizations balance innovation with governance.

Implementing ISO 42001 for Responsible AI Use

While the benefits of AI are undeniable, it is crucial to implement AI systems responsibly. ISO 42001 provides a robust framework for achieving this. Here are some key aspects of the standard:

• Risk Management: ISO 42001 requires organizations to implement processes for identifying, analyzing, evaluating, and monitoring risks associated with AI systems. This ensures that potential issues are addressed proactively, minimizing the impact on business operations.
  • *Note: ISO 42001 requires implementing a risk-based approach to responsible and ethical development, implementation, and management of artificial intelligence. Accordingly, the ISO 42001 Lead Implementer certification is a stacking credential that requires current CIS certification as an ISO 31000 Certified Internal Controls Risk Analyst (CICRA) as a prerequisite for ISO 42001 Lead Implementer certification eligibility. Getting trained and certified in ISO 31000 and ISO 23894 risk management is highly necessary to make the most of learning how to responsibly and ethically develop, implement, and manage artificial intelligence. 
• Ethical Considerations: The standard emphasizes the importance of ethical AI use. Organizations must ensure that their AI systems are transparent, fair, and accountable. This includes addressing biases in AI algorithms and ensuring that AI decisions can be explained and justified.
• Continuous Improvement: ISO 42001 promotes a culture of continuous improvement. Organizations are required to monitor the performance of their AI systems and implement corrective actions as needed. This ensures that AI systems remain effective and relevant in a rapidly changing technological landscape.

What about the NIST AI Risk Management Framework 1.0? Which one should we use?

Both! ISO 42001 is the international standard for overall AI program governance and management, while the ISO 31000, ISO 23894, and NIST AI RMF 1.0 risk frameworks provide guidance for managing AI risk within an ISO 42001 AI Management System. The standards and frameworks don't compete; they work together for more fulsome, comprehensive, responsible, and trustworthy AI management and integration throughout your organization and its business processes.

The purpose of the 2-day course is to:

• Provide thorough coverage of ISO 42001 requirements and recommendations for AI strategy, governance, roles and responsibilities, risk management, assessment, monitoring, review, and improvement;
• Understand how to integrate AI risk management into overall Enterprise Risk Management;
• Professional Certification: This course fulfills prerequisite training requirements for certification exam #AIMS101 and #AIMS102 for professional certification.
  • Prerequisite requirement for the Lead Implementer and Lead Auditor credential: Please note that the Certified ISO 42001 Lead Implementer and Lead Auditor certifications are stacking credentials that require current CIS Certified ISO 31000 Internal Controls Risk Analyst (CICRA) certification as a prerequisite for certification eligibility. 

Upon completion of this training and certificate program, participants will:

• Be equipped with knowledge and skills required to plan, implement, manage, monitor, assess, and improve policy and program in line with the ISO 42001 and related standards of best practice;
• Expand your AI management competency; and
• Be prepared to integrate a robust and certifiable 42001 AI Management System.

Register for a class (in-person or virtual) and get started today!

Class details

• Duration: 2 days, 8:30 - 4:30
• CPE Credit: 16
• Professional Certification: This course fulfills prerequisite training requirements for professional certification as a Certified ISO 42001 Lead Implementer and Lead Auditor.
        
  • Attendance of this training is a prerequisite requirement for the ISO Lead Implementer and Lead Auditor credentials
• Materials included with live instructor-led training:
  • Class manual (complete hard copy of class presentation)
  • 14 days of unlimited access to online practice exams for exams #AIMS101 and #AIMS102
  • 1 attempt for the online certification exams #AIMS101 and #AIMS102
    
• Certificate of Achievement included with class: Upon course completion, we will provide you with an online digital achievement certificate for 16 continuing professional education (CPE) credits that can be used to fulfill requirements for maintaining a variety of professional credentials for fraud examination, accounting, auditing, and information security.
• Recommended prerequisite training: None
• Catering:
  
  • Morning refreshments and snack for live in-person participants
  • Lunch
  • Afternoon refreshments
• Hotel and/or Travel: Not included

* ISO standards are not provided in class, but are available as a separate purchase directly from ISO.

Get trained and certified in planning, implementing, managing, monitoring, and improving an AI Management system in conformance with ISO 42001 requirements.

ISO 42001 is an international standard that focuses on the governance of Artificial Intelligence Management Systems (AIMS). It aims to ensure that AI systems are developed, deployed, and maintained in an ethical, transparent, and trustworthy manner.

 This course introduces and explains ISO 42001 clauses and Annexes covering various aspects of AI management, including:

• Clause 4: Context of the organization
• Clause 5: Leadership
• Clause 6: Planning
  • ISO 42001 requires conducting AI risk assessments, but how the risk assessments are conducted is described in separate risk management standards and related training. Formal risk assessment methodology is fully explained in training recommended as a prerequisite for this course, "CIS Policy Workshop: ISO 31000 Enterprise Risk Management."
• Clause 7: Support
• Clause 8: Operation
• Clause 9: Performance evaluation
• Clause 10: Improvement
• Annex A: Management guide for AI system development, including a list of required controls.
• Annex B: Implementation guidance for the AI controls listed in Annex A, including data management processes.
• Annex C: AI-related organizational objectives and risk sources.
• Annex D: Domain- and sector-specific standards.

This course provides the skills and knowledge necessary to plan, develop, implement, and manage an AI risk management program in conformance with the ISO 42001 AI Management System framework.

ISO 42001 requires (clause 7.2) competency development and validation for key AI roles described in ISO 42001's Annex B, Clause 3.2. These roles, namely AI Producer, AI Developer or Provider, and AI User, each carry specific responsibilities critical for AIMS implementation.

• AI Provider: As the initiating force behind an AI system's development, the AI Provider is responsible for setting ethical development standards, managing associated risks, and ensuring compliance with AIMS principles.
• AI Developer or Producer: This role involves the technical aspects of AI system development, maintenance, and deployment. Adhering to ethical guidelines, ensuring system robustness, and collaborating with AI Providers for continual improvement are key responsibilities.
• AI User: Utilizing the AI system within its intended and ethical boundaries is the main responsibility of an AI User. This role involves monitoring for biases, reporting issues, and providing feedback for system enhancements.

Other key roles requiring this training can be found throughout the ISO 42001 framework, including:

• Leadership and Governance: Top management is responsible for setting the overall direction for responsible AI development, including policies related to ethics, transparency, and accountability. 
• AI System Management: Designated individuals or teams should manage the entire AI system lifecycle, from concept to deployment, including risk assessments and mitigation strategies. 
• Compliance Officers: Responsible for ensuring that AI practices align with ISO 42001 standards, monitoring compliance, and managing risks associated with AI development and use. 
• Data Scientists and Developers: Play a key role in designing, developing, and implementing AI systems while adhering to ethical guidelines and mitigating potential biases. 
• Stakeholder Engagement: Engaging with stakeholders, including customers, users, and regulatory bodies, to understand their concerns and incorporate feedback into AI development processes. 
• Risk Management Teams: Conduct thorough risk assessments to identify potential risks associated with AI systems, including safety, privacy, and ethical concerns, and develop mitigation plans. 
• Audit and Review Teams: Perform regular audits to ensure compliance with ISO 42001 standards and identify areas for improvement.

Professional Certification:This course fulfills prerequisite training requirements for the certification ISO 42001 Lead Implementer  and Lead Auditor certification eligibility.

	AND
Learn more		Learn more

Preparing for Certified Information Security's professional certification exam #AIMS101 and #AIMS102 is serious business. This is where we can help. If you first successfully complete:

• All prerequisite course training; and
• All AIMS101 and AIMS102 online practice exams

Certified Information Security guarantees your success in passing CIS exams #AIMS101 and #AIMS102.

If you do not pass exam #AIMS101 and #AIMS102 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.