Updates from August, 2012

  • ISO 22301 Lead Auditor Training coverage 

    Course Overview

    If you wish to become an auditor for business continuity, this is an essential learning curriculum. This five-day intensive course prepares delegates for the qualification process for ISO 22301: 2012 and trains them on how to conduct audits for Certification Bodies. Whether you wish to become an implementer, internal audit, join a certification body or join a consulting organization you would be required to conduct a management audit – which is what you learn in this course. It also empowers you to give practical help and information to those who are working towards and maintain compliance and certification requirements.

    Training Coverage – ISO 22301  
    1.    Introduction to ISO 22301 business continuity management systems and the process approach
    2.    Components of PDCA in ISO 22301
    3.    Scope of ISO 22301
    4.    Normative references and terms & definitions applied to ISO 22301
    5.    Context of the organization (Understanding the organization, Needs & expectations of interested parties,
    6.    Legal requirements, risk appetite and Scope of BCMS)
    7.    Leadership (Top management commitment, BC policy, roles, responsibilities and authorities)
    8.    Planning ( Risk and opportunities, BC objectives)
    9.    Support ( BCMS Resources, Competence, Awareness, Communication, Document controls)
    10.    Operation (BIA, RA with Introduction to ISO 31000, BCM Strategy, BC procedures, Incident response
    11.    structure, Warning & communication, BCP, Exercising & testing)
    12.    Performance evaluation (BCM measurement & monitoring, Internal audit, Management reviews)
    13.    Improvement (Nonconformity & corrective action, Continual improvement)
    14.    Similarities and differences between ISO 22301 and BS 25999
    15.    Audit Process and Planning
    16.    Checklist
    17.    Opening Meeting
    18.    Audit techniques
    19.    Raising Non-conformities
    20.    Audit Reporting and Audit Follow Up Actions
    21.    Closing Meeting
    22.    Case study and exercises on various BCM elements and auditing practices for effective implementation

    Call or write to us at training@www.coralesecure.com to know more.

     

     
  • ISO 20000 – 2011 Implementation training coverage 

    “The requirements…of ISO/IEC 20000 include the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider. … ISO/IEC 20000 requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service management system (SMS).”

    ISO/IEC 20000-1: 2011

    We cover the following topics in detail in conducting the implementation training:

    Identify business drivers for ITIL – ISO 20000 implementation;

    Identify and define a service catalog;

    Learn to define and endorse an ITSM policy.

    Learn to distinguish between service management system (SMS) and service management processes.

    Learn to implement all 5 core processes as follows:

    ISO 20000 Clause 4 Service management system general requirements

    ISO 20000 Clause 5 Design and transition of new or changed services

    ISO 20000 Clause 6 Service delivery processes

    ISO 20000 Clause 7 Relationship processes

    ISO 20000 Clause 8 Resolution processes

    ISO 20000 Clause 9 Control processes

    Detail interpretation on individual clause requirement and how to approach their implementation.

    Learn to design and implement individual ITSM processes:

    1. Service level management (ISO 20000 – Clause 6.1)
    2. Service reporting (ISO 20000 – Clause 6.2)
    3. Service continuity and availability management (ISO 20000 – Clause 6.3)
    4. Budgeting and accounting for services (ISO 20000 – Clause 6.4)
    5. Capacity management (ISO 20000 – Clause 6.5)
    6. Information security management (ISO 20000 – Clause 6.6)
    7. Business relationship management (ISO 20000 – Clause 7.1)
    8. Supplier management – External (ISO 20000 – Clause 7.2)
    9. Incident and service request management (ISO 20000 – Clause 8.1)
    10. Problem management (ISO 20000 – Clause 8.3)
    11. Configuration management (ISO 20000 – Clause 9.1)
    12. Change management (ISO 20000 – Clause 9.2)
    13. Release & Deployment management process (ISO 20000 – Clause 9.3)
    14. Design and transition of new or changed services Clause  (ISO 20000 – Clause 5)

    Each learning session has ready to use templates, that enables fast track learning and onward implementation when delegates take the learning back post training.

    Coral offers online, in-house, and public courses. Call or write to us at roadmap@www.coralesecure.com for further questions/clarifications/fees.

     
  • ISO 27001-2013 Training coverage 

    Information asset = anything that has a value to the organization (ISO 27001 term 3.1). Course is in line with ISO 27001 – 2013 standard requirements, and combines theory, implementation, and audit.

    You will learn the following from the experts (not exhaustive):

    • Context establishment – determination of ISMS in the context of organization business objective;
    • Determination of internal and external requirements/expectations from ISMS.
    • Scope determination – which team of the organization is mission critical (And which is perhaps not) ;
    • Asset identification – note most organizations are struggling to identify their own assets; Defining of asset is ‘anything that is valuable to he organization.
    • Impact identification – also called as a CIA rating, you will learn which assets are on top of business priority and requires protection at any cost. Also what can go wrong to those assets if not protected.
    • Risk analysis – threat (what can go wrong), vulnerability (who loopholes are present in the system), and likelihood analysis;
    • Quantitative and qualitative risk assessment approaches.
    • Interpretation of ISO 27001 114 controls; Controls include technical, procedural, physical, procedure.
    • ISMS Measurements – how to define and monitor the performance of key security controls;
    • Key checks for Internal audits; Learn core 6 areas of audits that give confidence of ISMS implementation.
    • Certification body questions – what an auditor of a certification body looks for before recommending an organisation for certification

    Each learning session has ready to use templates, that enables fast track learning and onward implementation when delegates take the learning back post training.

    Coral offers online, in-house, and public courses. Call or write to us at roadmap@www.coralesecure.com for further questions/clarifications/fees.

     
  • ISO 22301 – 2012 Implementation Training coverage 

    ‘Societal’ Business Continuity Management System (BCMS) = “Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders,reputation, brand and value-creating activities”.

    ISO 22301 Term 3.4

     You will learn the following from the experts (not exhaustive):

    • Identification of mission critical activities – using formal criteria you will identify organization into revenue generating services, essential infrastructure and delayed start services.
    • Business Impact Analysis – you will learn to define for each service maximum tolerable period of disruption, recovery time objective (RTO), recovery point objective (RPO), minimum business continuity objectives (MBCO).
    • Risk Assessment – a threat-vulnerability-probability analysis will help you to understand areas of strengths and weaknesses of the organization including identification of single point of failures.
    • Strategy Formulation – you would define possible strategies for the continuity of the business including working from home, working from alternate site, within the state, country and/or out of country.
    • Resource identification – for each identified service you would need to define the requirements of continuity.
    • Documentation and planning strategy – You will learn a combination of event driven and outcome driven planning and documentation strategy.
    • Testing strategies – which test you should perform for which specific events/services and their reason for doing  so;
    • Detail interpretation of the ISO 22301 standard
    • Key checks for Internal audits; Learn key areas of audits that give confidence of BCMS implementation to the stakeholders.
    • Certification body questions – what an auditor of a certification body looks for before recommending an organization for certification

    Each learning session has ready to use templates, that enables fast track learning and onward implementation when delegates take the learning back post training.

    Coral offers online, in-house, and public courses. Call or write to us at roadmap@www.coralesecure.com for further questions/clarifications/fees.

     
  • ISMS ISO 27001 – 2013 Lead Auditor Training coverage 

    Essential Skills/learnings in the ISMS – ISO 27001 Lead Auditor includes the following:

    • Understanding the audit process – you will learn how an auditor approaches the audit including organizations size, number of locations, people, network/application architecture;
    • Understanding the ISO 27001 management framework – this covers the clause 4,5,6,7, 8,9,10 – we call them management system controls;
    • Understanding ISO 27001 control framework – this covers clause A.5 to A.18, – we call them detail ISO 27001 14 domains, 35 control objectives, and 114 controls;
    • Audit Life cycle Skills – ability to interpret the requirement of the standard, prepare checklist, ask relevant questions and document the response. one of the most important skill is to document and report ‘non-conformity’ famously called as NC, including the difference of reporting ‘minor’ and ‘major’ NC.
    • Audit judgment skills – learn to verify ‘intent, implementation and effectiveness’ of  the controls. This covers both the management framework as well as the control framework.
    • Lots of case studies including decision making situations.

    Essentially you learn to be a better judge of the security control framework and is an essential skill for any individual seeking a career in information security.

    Last but not the least your luck of a good trainer is one of the most crucial ones on the the training day!