PECB
P r o fe s s i o n a l E v a l u a t i o n a n d C e r t i f i c a t i o n B o a r d
TRAINING CATALOGUE INFORMATION SECURITY
RISK MANAGEMENT
BUSINESS CONTINUITY
SERVICE MANAGEMENT
ENVIRONMENTAL MANAGEMENT
QUALITY MANAGEMENT
FOOD SAFETY
OCCUPATIONAL HEALTH & SAFETY
SOCIAL RESPONSIBILITY
SUPPLY CHAIN SECURITY 1
cation Bo
a r d
o i nal s s e f Ev o Pr
ifi
2
rt
a
a n nd o i t a Ce u l
TRAINING CATALOGUE
Professional Evaluation and Certification Board
TABLE OF CONTENTS ABOUT PECB
06
PECB Code of Ethics
07
PECB certification process
08
INFORMATION SECURITY TRAINING
09
Certified ISO 27001 Lead Implementer Certified ISO 27001 Lead Auditor Certified ISO 27001 Foundation Introduction to ISO 27001
RISK MANAGEMENT TRAINING Certified ISO 27005 Risk Manager Certified ISO 27005 Risk Manager with OCTAVE Certified ISO 27005 Risk Manager with EBIOS Certified ISO 27005 Risk Manager with MEHARI Certified ISO 27005 Risk Manager with an introduction to Risk assessment methodologies CERTIFIED ISO 31000 RISK MANAGER Risk assessment with the OCTAVE method Introduction to the OCTAVE method Risk assessment with the EBIOS method Introduction to the EBIOS method Risk assessment with the MEHARI method Introduction to the MEHARI method Introduction to ISO 27005 Introduction to Risk assessment methodologies
SERVICE MANAGEMENT TRAINING Certified ISO 20000 Lead Implementer Certified ISO 20000 Lead Auditor Certified ISO 20000 Foundation Introduction to ISO 20000
BUSINESS CONTINUITY TRAINING Certified ISO 22301 Lead Implementer Certified ISO 22301 Lead Auditor Certified ISO 22301 Foundation Introduction to ISO 22301 CERTIFIED ISO/IEC 24762 DISASTER RECOVERY MANAGER
10 12 14 15
17 18 20 22 24 26 28 29 30 31 32 33 34 35 35
37 38 40 42 44
45 46 48 50 52 53
QUALITY MANAGEMENT TRAINING Certified ISO 9001 Lead Implementer Certified ISO 9001 Lead Auditor Certified ISO 9001 Foundation Introduction to ISO 9001
ENVIRONMENTAL MANAGEMENT TRAINING Certified ISO 14001 Lead Implementer Certified ISO 14001 Lead Auditor Certified ISO 14001 Foundation Introduction to ISO 14001
55 56 58 60 61
63 64 66 68 70
OCCUPATIONAL HEALTH & SAFETY TRAINING 71 Certified OHSAS 18001 Lead Implementer Certified OHSAS 18001 Lead Auditor Certified OHSAS 18001 Foundation Introduction to OHSAS 18001
FOOD SAFETY TRAINING Certified ISO 22000 Lead Implementer Certified ISO 22000 Lead Auditor Certified ISO 22000 Foundation Introduction to ISO 22000
SOCIAL RESPONSIBILITY TRAINING Certified ISO 26000 Lead Implementer Certified ISO 26000 Lead Auditor Certified ISO 26000 Foundation Introduction to ISO 26000
SUPPLY CHAIN SECURITY TRAINING Certified ISO 28000 Lead Implementer Certified ISO 28000 Lead Auditor Certified ISO 28000 Foundation Introduction to ISO 28000
72 74 76 78
79 80 82 84 86
87 88 90 92 94
95 96 98 100 102
About
pecb PECB is a personnel certification body for various standards, including ISO 9001, ISO 14001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001 and ISO/IEC 27005. Our mission is to provide our clients comprehensive personnel examination and certification services. Certification represents the intersection of protection of the public, fairness to candidates, and often, various interests of the profession. Although these may appear to be competing interests, a well-designed certification program will be most effective in meeting these interests when its resources are deployed to enhance validity and reliability. The guidance that follows in our Quality Manual is intended to ensure that PECB develops, maintains and improves a high quality recognized certification program. The purpose of PECB, as stated in its Bylaws, is to develop and promote professional standards for certification and to administer certification programs for individuals who practice in disciplines involving the audit and the implementation of a compliance management system. This principal purpose includes: 1 Establishing the minimum requirements necessary to qualify certified professional 2 Reviewing and verifying the qualifications of applicants 3 Developing and maintaining reliable, valid, and current certification examinations 4 Granting certificates to qualified candidates, maintaining certificant records, and publishing a directory of the holders of valid certificates 5 Establishing requirements for the periodic renewal of certification and determining compliance with those requirements 6 Ascertaining that certificants meet ethical standards in their professional practice 7 Representing its members, where appropriate, in matters of common interest 8 Promoting the benefits of certification to employers, public officials, practitioners in related fields, and the public
Our accreditation and certifications PECB is in the process of accreditation by ANSI to the ISO/IEC 17024 standard (General requirements for bodies operating certification schemes for persons)
PECB is certified to the ISO 9001:2008 standard. The scope of this certification covers all of PECB personnel certification processes, including the development and maintenance of certification schemes, examiners records management and protection, requirements for employees and certification process. This standard demonstrates PECB’s commitment to quality management and customer service.
6
PECB is also certified to the ISO/IEC 27001:2005 standard, the international standard for information security. The scope of this certification covers all processes, systems and technologies that support the entire certification to ensure that best security practices are consistently applied to ensure the confidentiality of all PECB applicants’ and certified individuals’ financial and personal information. PECB is the only personal certification body that is certified to both ISO 9001:2008 and ISO/IEC 27001:2005.
pecb
Code of Ethics Adherence of professionals to PECB code of ethics is a voluntary engagement. However, if a member does not follow this code by engaging in gross misconduct, PECB membership may be terminated and certifications revoked. Not only is it important for PECB certified professionals to adhere to the principles expressed in this Code, each member should encourage and support adherence by other members.
PECB professionals will: 1 Conduct themselves professionally, with honesty, accuracy, fairness, responsibility and independence. 2 A ct at all times solely in the best interest of their employer, their clients, the public, and the profession by acting in accordance with the professional standards and applicable techniques while performing professional services. 3 Maintain their competency in their respective fields and strive to constantly improve their professional skills. 4 Offer only professional services for which they are qualified to perform, and adequately inform clients and consumers about the nature of proposed services, including any relevant concerns or risks. 5 I nform each employer or client of any business interests or affiliations which might influence their judgment or impair their fairness. 6 T reat in a confidential and private manner information acquired during professional and business dealings of any present or former employer or client without its proper consent. 7 Comply with all laws and regulations of the jurisdictions where professional activities are conducted. 8 Respect the intellectual property and contributions of others. 9 N ot intentionally communicate false or falsified information that may compromise the integrity of the evaluation process of a candidate for a professional designation. 10 Not act in any manner that could compromise the reputation of PECB or its certification programs for persons
and will fully cooperate on the inquiry following a claimed infringement of this Code of Ethics.
7
PECB certification process 1. Decide which certification is right for you Each PECB certification has specific education and experience requirements. To determine which certification is right for you, verify all eligibility requirements for the different certifications and your professional needs.
2. Prepare for the exam All certification candidates are responsible for their own study and preparation for the examination. No specific set of courses or curriculum of study is required as part of the certification process. Likewise, the completion of a recognized PECB course or program of study will significantly enhance your chance of passing a PECB certification examination. You can verify the list of recognized organizations that offer PECB official training sessions.
3. Apply and schedule the exam Candidates must complete the easy and secure online application. PECB’ online application is available at www. PECB.org. Candidates will register for a password-protected account where they can then create, manage, update, and submit their application. Applicants can pay the application fees online and upload all required supporting documents to PECB. Applicants will also have the option of mailing the payment (checks) but this will result in delays of the application process. Applicants will then be able to select a date and location for their certification exam. Dates and location can be found at www.PECB.org. You must register at least fifteen (15) days before the exam date.
4. Take the exam Candidates will be required to arrive at least 30 minutes before the beginning of the certification exam. Candidates arriving late will not be given additional time to compensate for the late arrival and may be denied entry to the examination room. All candidates will need to present a valid identity card such as a driver’s license to the proctor and the exam confirmation letter. The duration of the exam varies according to the type of examination taken (see description of the different exams for more details at www.PECB.org).
5. Receive your exam results It takes 4 to 8 weeks for participants to receive their exam results. All results are sent via email. The examination results will not include the exact grade that you had, only a mention of pass or fail. In the case of a failure, the results will be accompanied with the list of domains in which you had a mark lower than the passing grade to provide guidance to prepare yourself to retake the exam.
6. Apply for certification All participants who successfully pass their certification exam (or an equivalent accepted by PECB) are entitled to apply for the PECB credentials they were examined for. Specific educational and professional requirements may be needed for you to be PECB certified. Candidates will need to fill out the online certification application form (that can be accessed via their PECB online profile), including contact details of references who will be contacted to validate the candidate’s professional experience. Once PECB will have validated that, you fulfill all certification requirements, you will be informed by e-mail of our decision and you will receive your certificate by e-mail in electronic format.
7. Maintain your certification Every year, PECB certified professionals would need to provide PECB with the number of hours of auditing and/ or implementation related tasks they have performed with the contact details of individuals who can validate these tasks, as well as paying their yearly certification maintenance fees. In addition, PECB certified professionals need to abide to PECB’s code of ethics. For more information, please visit the FAQ section at www.PECB.org
8
TRAINING CATALOGUE
INFORMATION SECURITY TRAINING ISO/IEC 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
Certified ISO 27001 Lead Implementer Mastering the implementation and management of an Information Security Management System (ISMS) based on ISO 27001 Summary
DAY 1
This five-day intensive course enables the participants to develop the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2005. Participants will also be given a thorough grounding in best practices used to implement information security controls from all areas of ISO 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).
Course Agenda
DURATION: 5 DAYS
Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; Initiating an ISMS
PREREQUISITES
• • • • •
Introduction to management systems and the process approach Presentation of the ISO 27000 family standards and regulatory framework Fundamental principles of Information Security Preliminary analysis and determining the level of maturity based upon ISO 21827 Writing a business case and a project plan for the implementation of an ISMS
DAY 2
Planning the implementation of an ISMS based on ISO 27001 • • • • •
Defining the scope of an ISMS Drafting an ISMS and information security policies Selection of the approach and methodology for risk assessment Risk management: identification, analysis and treatment of risk (based on ISO 27005) Drafting the Statement of Applicability
DAY 3
Implementing an ISMS based on ISO 27001 • • • • •
Implementation of a document management framework Design of and implementation of controls Information security training, awareness and communication program Incident management (drawing on guidance from ISO 27035) Operations management of an ISMS
DAY 5
DAY 4
Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO 27001 • Monitoring the ISMS controls • Development of metrics, performance indicators and dashboards in accordance with ISO 27004 • ISO 27001 internal Audit • Management review of an ISMS • Implementation of a Continual improvement program • Preparing for a ISO 27001 certification audit
Certification Exam • 3 hours
• ISO 27001 Foundation
Certification or a basic knowledge of ISO 27001 is recommended
Who should attend? • C ompliance project managers • Information security consultants • Internal and external ISO 27001 auditors • Members of an information security team
Learning objectives • T o understand the implementation of an ISMS • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS • To acquire the necessary expertise to manage a team implementing ISO 27001 This is a PECB official training course
EXAM • The “Certified ISO/IEC 27001 Lead Implementer” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of information security - Domain 2: Information security control best practice based on ISO 27002 - Domain 3: Planning an ISMS based on ISO 27001 - Domain 4: Implementing an ISMS based on ISO 27001 - Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001 - Domain 6: Continual improvement of an ISMS based on ISO 27001 - Domain 7: Preparing for an ISMS certification audit • The “Certified ISO/IEC 27001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Implementer, Certified ISO/IEC 27001 Implementer or Certified ISO/IEC 27001 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
CREDENTIAL
EXAM
PROFESSIONAL EXPERIENCE
ISMS AUDIT EXPERIENCE
ISMS PROJECT EXPERIENCE
OTHER REQUIREMENTS Signing the PECB code of ethics
ISO 27001 Provisional Implementer
ISO 27001 Lead Implementer Exam
None
None
None
ISO 27001 Implementer
ISO 27001 Lead Implementer Exam
Two years One years of information security work experience
None
Project activities totaling 200 hours
ISO 27001 Lead Implementer
ISO 27001 Lead Implementer Exam
Five years Two years of information security work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
Signing the PECB code of ethics
General Information • Certification fees are included in the exam price • A student manual containing over 450 pages of information and practical examples will be distributed to participants • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
11
Certified ISO 27001 Lead Auditor Mastering the Audit of an Information Security Management System (ISMS) based on ISO 27001 Summary
DAY 1
This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with the certification process of the ISO/IEC 27001:2005 standard. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.
Course Agenda
DURATION: 5 DAYS
Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001
PREREQUISITES
• • • •
Normative, regulatory and legal framework related to information security Fundamental principles of information security The ISO 27001 certification process Detailed presentation of the clauses 4 to 8 of ISO27001
DAY 2
Planning and Initiating an ISO 27001 audit • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 27001 certification audit Documenting of an ISMS audit
DAY 3
Conducting an ISO 27001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Drafting test plans • Formulation of audit findings, drafting of nonconformity reports
DAY 4
Concluding and ensuring the follow-up of an ISO 27001 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 27001 audit Evaluation of corrective action plans ISO 27001 Surveillance audit and Audit management program
Certification Exam DAY 5
• 3 hours
12
• ISO 27001 Foundation
Certification or basic knowledge of ISO 27001 is recommended
Who should attend? • Internal auditors • Auditors wanting to perform and lead ISMS certification audits • Members of an information security team • Technical experts wanting to prepare for an Information security audit function Learning objectives • T o acquire expertise to perform an ISO 27001 internal audit following ISO 19011 guidelines • To acquire expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006 • To acquire necessary expertise to manage an ISMS audit team • To understand the operation of an ISO 27001
This is a PECB official training course
EXAM • T he “Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of information security - Domain 2: Information Security Management System (ISMS) - Domain 3: Fundamental audit concepts and principles - Domain 4: Preparation of an ISO 27001 audit - Domain 5: Conducting an ISO 27001 audit - Domain 6: Closing an ISO 27001 audit - Domain 7: Managing an ISO 27001 audit program • The “Certified ISO/IEC 27001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 27001 Lead Auditor Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Auditor, Certified ISO/IEC 27001 Auditor or Certified ISO/IEC 27001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential
CREDENTIAL
EXAM
PROFESSIONAL EXPERIENCE
ISMS AUDIT EXPERIENCE
ISMS PROJECT EXPERIENCE
OTHER REQUIREMENTS Signing the PECB code of ethics
ISO 27001 Provisional Auditor
ISO 27001 Lead Auditor Exam
None
None
None
ISO 27001 Auditor
ISO 27001 Lead AuditorExam
Two years One year of information security work experience
Audit activities totaling 200 hours
None
ISO 27001 Lead Auditor
ISO 27001 Lead Auditor Exam
Five years Two years of information security work experience
Audit activities totaling 300 hours
None
Signing the PECB code of ethics
Signing the PECB code of ethics
General Information • Certification fees are included in the exam price • A student manual containing over 450 pages of information and practical examples will be distributed to participants • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
13
Certified ISO 27001 Foundation Summary This course enables the participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO 27001 and ISO 27002 are linked with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security).
Course Agenda
DAY 2
DAY 1
Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001 • • • • •
Introduction to the ISO 27000 standards family Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO 27001 Implementation phases of the ISO 27001 framework Continual improvement of Information Security
DURATION: 2 DAYS PREREQUISITES None
Implementing controls in information security according to ISO 27002 and Certification Exam
Certified ISO/IEC 27001
• • • •
• 1 hour
Principles and design of information security controls Documentation of a information security control environment Monitoring and reviewing the information security controls Security controls based on ISO 27002 best practices
Who should attend?
EXAM • T he “Certified ISO/IEC 27001 Foundation” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of information security - Domain 2: Information Security Management System (ISMS) • The “Certified ISO/IEC 27001 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour
Certification A certificate of “Certified ISO/IEC 27001 Foundation” will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential Credential
Exam
Professional experience
ISMS Audit experience
ISO 27001 Foundation
ISO 27001 Foundation exam
None
None
ISMS Other project requirements experience None
Foundation exam
Signing the PECB code of ethics
General Information • Certification fees are included in the exam price • A student manual containing over 200 pages of information and practical examples will be distributed to participants • A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants
• M embers of an information security team • Staff involved in the implementation of the ISO 27001 standard • Technicians involved in operations related to an ISMS • Auditors Learning objectives • T o understand the implementation of an Information Security Management System in accordance with ISO27001 • To understand the relationship between an ISMS, including risk management, controls and compliance • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an ISMS This is a PECB official training course
ISO 27001 Introduction Introduction to the implementation of Management System (ISMS) based on ISO 27001
an
Information
Security
Summary This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005. The participant will learn the different components of an ISMS, including the ISMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and Continual improvement.
Course Agenda
DURATION: 1 DAY PREREQUISITES
• I ntroduction to the ISO 27000 standards family Introduction to management systems and the process approach • General requirements: presentation of the clauses 4 to 8 of ISO 27001 • Implementation phases of the ISO 27001 framework • Introduction to risk management according to ISO 27005 • Continual improvement of information security • Conducting an ISO 27001 certification audit
None
Examination and certification
Learning objectives • Understanding the fundamentals of information security • Knowing the interrelationships between ISO 27001 and the other information security standards (ISO 27002, ISO 27003, ISO 27004, and ISO 27005…) • Knowing the key components of an Information Security Management System (ISMS) in accordance with ISO 27001 • Introducing the concepts, approaches, standards, methods and techniques allowing to effectively manage an ISMS • Understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization • Understanding the stages of the ISO27001 certification process
None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants
Who should attend? • IT Professionals wanting to gain a comprehensive knowledge of the main processes of an ISMS • Staff involved in the implementation of the ISO 27001 standard • Expert advisors in IT • Auditors
This is a PECB official training course
"The course material was exceptional. Unlike so many courses, this one didn't simply address vague high-level concepts, but made theory explicit with concrete applicable examples."
Steven T.
Compliance Officer, Fortune 1000 Company
TRAINING CATALOGUE
RISK MANAGEMENT TRAINING ISO/IEC 27005
ISO 31000
provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach
ISO 31000:2009 provides principles and generic guidelines on risk management. ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.
EBIOS
OCTAVE
MEHARI
the methodological approach offered by EBIOS provides a global and consistent view of information systems security (ISS). The method takes into account all technical entities (software, hardware, networks) and non-technical entities (organization, human aspects, physical safety).
OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability EvaluationSM) is a suite of tools, techniques, and methods for risk-based information security strategic assessment and planning.
compliant to ISO/IEC 27005 risk management standard, is suitable for the ISMS process described by ISO 27001, allowing to provide accurate indications for building security plans, based on a complete list of vulnerability control points and an accurate monitoring process in a continual improvement cycle
Certified ISO 27005 Risk Manager Mastering risk assessment and optimal risk management in information security based on ISO 27005 Summary
DAY 1
In this two-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 2 DAYS
Introduction, risk management program, risk identification and assessment according to ISO 27005
PREREQUISITES
• • • •
Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of an information security risk management program Risk identification and assessment
DAY 2
Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •
Risk evaluation and treatment Acceptance of information security risks and management of residual risks Information security risk communication, monitoring and review Certified ISO/IEC 27005 Risk Manager Exam
EXAM • T he “Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam
18
None
Who should attend? • Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants Learning objectives • T o understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with all other requirements
This is a PECB official training course
Certification • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
Credential
Exam
Professional experience
ISO 27005 Foundation
ISO 27005 Foundation exam
None
ISRM Audit experience None
ISMS Other project requirements experience None
Signing the PECB code of ethics
• F or more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 150 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
19
Certified ISO 27005 Risk Manager with OCTAVE Mastering risk evaluation and optimal risk management in information security based on ISO 27005 with the OCTAVE method Summary
DAY 1
In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework and OCTAVE method. The OCTAVE method was developed by the CERT. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 5 DAYS
Introduction, risk management program, risk identification and assessment according to ISO 27005
PREREQUISITES • A basic knowledge of risk management and the OCTAVE method is recommended
• • • •
Who should attend? • Risk managers and IT consultants
Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment
DAY 2
Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •
Risk evaluation, treatment Acceptance of information security risks and management of residual risks Information security risk communication, Information security risk monitoring and review
DAY 3
Start of a risk assessment with OCTAVE • • • •
Presentation of OCTAVE Phase 1 - Process 1 to 3 (Understanding the Organization) Phase 1 - Process 4 (Create threat profiles) Phase 2 - Process 5 (Identification of key components)
DAY 4
Assessment of vulnerabilities and risk, according to OCTAVE • • • •
Phase 2 - Process 5 (Continued) Phase 2 - Process 6 (Evaluation of selected components) Phase 3 - Process 7 (Conducting the risk assessment) Phase 3 - Process 8 (Development of a Protection Strategy)
DAY 5
The OCTAVE Method Implementation approach and conclusion • • • •
Phase 3 – Process 8 (Development of a Protection Strategy – cont.) The OCTAVE Method Implementation Guide Tailoring the evaluation to your organization OCTAVE exam
20
• Persons responsible for information security or conformity • Member of the information security team • Staff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the OCTAVE method
Learning objectives • T o understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To develop the necessary skills to conduct a risk assessment with the OCTAVE method • To master the steps to conduct a risk assessment with the OCTAVE method • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization • To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO27005 • To acquire the competence to effectively advise organizations on the best practices in information security risk management
This is a PECB official training course
Exam • T he “Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam
Certification • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
Credential
Exam
Professional experience
ISO 27005 Risk Manager with OCTAVE
ISO 27005 RM with OCTAVE Exam
Two years One years of risk management work experience
ISRM Audit experience
None
ISMS project experience
Other requirements
Project activities totaling 200 hours
Signing the PECB code of ethics
• F or more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certifications
General Information • Certification fees are included in the exam price • The training material on OCTAVE is only available in English • A copy of the official documentation on OCTAVE published by CERT will be distributed to participants together with a student manual containing over 400 pages of information and practical examples • A participation certificate of 31 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
21
Certified ISO 27005 Risk Manager with EBIOS Mastering risk evaluation and optimal risk management in information security based on ISO 27005 with the EBIOS method Summary
DAY 1
In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework and the EBIOS method. The EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) method was developed by ANSSI in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 5 DAYS
Introduction, risk management program, risk identification and assessment according to ISO 27005
PREREQUISITES • A basic knowledge of risk management and the EBIOS method is recommended
• • • •
Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment
DAY 2
Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •
Risk evaluation and treatment Acceptance of information security risks and management of residual risks Information security risk communication, monitoring and review Certified ISO/IEC 27005 Risk Manager Exam
Who should attend? • Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants • Staff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the EBIOS method Learning objectives
DAY 3
Conduct of a risk assessment with EBIOS • • • •
Presentation of EBIOS Phase 1 - Context establishment Phase 2 – Feared security event analysis Phase 3 – Threat scenarios analysis
DAY 4
Completing a risk assessment with EBIOS • Phase 4 – Risk analysis • Phase 5 - Determination of security controls • Workshop with case studies
DAY 5
Workshop with case studies and EBIOS exam • Workshop with case studies • EBIOS exam
22
• T o understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To master the steps to conduct a risk assessment with the EBIOS method • To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO27005 This is a PECB official training course
Exam • T he “Certified ISO/IEC 27005 Risk Manager” exams and “EBIOS Advanced” fully meets the requirements of the PECB Examination Certification Program (ECP). • The “Certified ISO/IEC 27005 Risk Manager” exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “EBIOS Advanced” exam fully meets the requirements of the PECB Examination Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and techniques of risk management according to EBIOS - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on EBIOS • The exams is available in different languages (the complete list of languages can be found in the examination application form) • Duration of the exams: 2 hours for “Certified ISO/IEC 27005 Risk Manager” and 3 hours for “EBIOS Advanced” • For more information about the exams, refer to PECB section on ISO 27005 Risk Manager Exam
Certification • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 27005 Risk Manager with EBIOS
ISO 27005 RM with with EBIOS
Professional experience Two years One years of risk management work experience
ISRM Audit experience
None
ISMS project experience
Other requirements
Project activities totaling 200 hours
Signing the PECB code of ethics
• For more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification
General Information • Certification fees are included in the exam price • The training material on EBIOS is only available in French and is based on ANSSI official training material • A copy of the official documentation on EBIOS published by ANSSI is given to participants together with a student manual containing over 400 pages of information and practical examples • A participation certificate of 35 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
23
Certified ISO 27005 Risk Manager with MEHARI Mastering the evaluation and optimal management of risk in information security based on the MEHARI method Summary
DAY 1
In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework and MEHARI method. The MEHARI method was developed by “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF) in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 5 DAYS
Introduction, risk management program, risk identification and assessment according to ISO 27005
PREREQUISITES • A basic knowledge of risk management and the MEHARI method is recommended.
• • • •
Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment
DAY 2
Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •
Risk evaluation and treatment Acceptance of information security risks and management of residual risks Information security risk communication, monitoring and review Certified ISO/IEC 27005 Risk Manager Exam
Who should attend? • R isk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the MEHARI method Learning objectives
DAY 3
Start of a risk assessment with MEHARI • • • •
Introduction to MEHARI Assessment and classification issues The value chain for failures Classification of resources
DAY 4
Assessment of vulnerabilities and risk, according to MEHARI • • • •
Assessment of the vulnerabilities Qualities of a security service Measuring the quality of a security service Evaluation and Risk assessment process
DAY 5
Security planning according to MEHARI & Exam • Security plans and procedures • Tools to support the implementation of MEHARI • The “MEHARI advanced” exam
24
• T o understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To develop the necessary skills to conduct a risk assessment with the MEHARI method • To master the steps to conduct a risk assessment with the MEHARI method • To acquire the competence to implement, maintain and manage an ongoing ISRM program according to ISO 27005 This is a PECB official training course
Exam • T he “Certified ISO/IEC 27005 Risk Manager” and the “MEHARI Advanced” exams fully meet the requirements of the PECB Examination Certification Program (ECP). • The “Certified ISO/IEC 27005 Risk Manager” exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “MEHARI Advanced” exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and techniques of risk management according to MEHARI - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on MEHARI • The training " Risk assessment with MEHARI method” including exam is labeled by CLUSIF • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours for each exam • For more information about the exams, refer to PECB section on ISO 27005 Risk Manager Exam
Certification • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 27005 Risk Manager with MEHARI
ISO 27005 RM with EBIOS Exam
Professional experience Two years One years of risk management work experience
ISRM Audit experience
None
ISMS project experience
Other requirements
Project activities totaling 200 hours
Signing the PECB code of ethics
• F or more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification
General Information • Certification fees are included in the exam price • An educational version of the software "Risicare” is given to the participants and a copy of the official MEHARI documentation published by the CLUSIF • A student manual containing over 400 pages of information and practical examples are given to participants • A participation certificate of 35 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
25
Certified ISO 27005 Risk Manager with an introduction to Risk assessment methodologies Mastering risk evaluation and optimal risk management in information security and learning the methods of risk assessment Summary
DAY 1
In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. Participants will learn the different methods of risk assessment used on the market e.g.: CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide. This training fits perfectly in the framework of an ISO/ IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 3 DAYS
Introduction, risk management program, risk identification and assessment according to ISO 27005
PREREQUISITES
• • • •
Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment
DAY 2
Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • Risk evaluation and treatment • Acceptance of information security risks and management of residual risks • Information security risk communication, monitoring and review
DAY 3
Introduction to methods of risk assessment and Certification Exam • • • • • •
Introduction to CRAMM Introduction to EBIOS Introduction to MEHARI Introduction to OCTAVE Introduction to Microsoft Security Risk Management Certified ISO/IEC 27005 Risk Manager Exam
Exam • T he “Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam
None
Who should attend? • R isk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program Learning objectives • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization This is a PECB official training course
Certification • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 27005 Risk Manager
ISO 27005 Risk Manager
Professional experience Two years One years of risk management work experience
ISRM Audit experience
None
ISMS project experience
Other requirements
Project activities totaling 200 hours
Signing the PECB code of ethics
• F or more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 250 pages of information and practical examples are given to participants A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
27
CERTIFIED ISO 31000 RISK MANAGER MASTERING RISK ASSESSMENT BASED ON ISO 31000 Summary
DAY 2
DAY 1
In this two-day intensive course participants develop the competence to master the basic risk management elements using the ISO 31000 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform risk assessments, including risk identification, risk analysis and risk evaluation, as well as preparing and implementing risk treatment.
Course Agenda
DURATION: 2 DAYS
Introduction, risk management program, risk identification and assessment according to ISO 31000
PREREQUISITES
• • • • •
Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Communication and consultation Establishing context and defining risk criteria Risk identification and assessment
Risk evaluation, treatment, monitoring and review according to ISO 31000 • • • •
Risk evaluation and treatment Risk treatment options Preparing and implementing risk treatment plans Certified ISO 31000 Risk Manager Exam
DAY 3
Introduction to methods of risk assessment and Certification Exam • • • • • •
Introduction to CRAMM Introduction to EBIOS Introduction to MEHARI Introduction to OCTAVE Introduction to Microsoft Security Risk Management Certified ISO/IEC 27005 Risk Manager Exam
Exam • T he “Certified ISO 31000 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and frameworks of risk management - Domain 2: Preparation and implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 31000 • T he “Certified ISO 31000 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 31000 Risk Manager Exam
None Who should attend? • Executive level stakeholders • Appointment holders in the enterprise risk management group • Risk analysts and management officers • Line managers and project managers • Compliance and internal auditors • Independent consultants. Learning objectives • To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 31000 • To understand how to align objectives of the governance frameworks with ISO 31000 • To understand how to improve management system reporting mechanisms • To understand how to define uniform risk criteria and evaluation metrics • To understand the relationship between the information security risk management, the security controls and the compliance with all other requirements This is a PECB official training course
Risk assessment with the OCTAVE method Developing the necessary skills to perform a risk assessment based on the OCTAVE method Summary
DAY 1
In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using OCTAVE method. The OCTAVE method (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was developed by CERT (Computer Emergency Response Team). Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 3 DAYS
Start of a risk assessment with OCTAVE
PREREQUISITES • A basic knowledge of risk management is recommended
• • • •
Standards, frameworks and methodologies in risk management Phase 1 - Process 1 to 3 (Understanding the Organization) Phase 1 - Process 4 (Create profile threats) Phase 2 - Process 5 (identification of key components)
DAY 2
Assessment of vulnerabilities and risk, according to OCTAVE • • • •
Phase 2 - Process 5 (Continued) Phase 2 - Process 6 (Evaluation of selected components) Phase 3 - Process 7 (Conduct the risk assessment) Phase 3 - Process 8 (Development of Protection Strategy)
DAY 3
The OCTAVE Method Implementation approach and conclusion • • • •
Phase 3 – Process 8 (Development of a Protection Strategy – cont.) The OCTAVE Method Implementation Guide Tailoring the evaluation to your organization OCTAVE -S
Exam and certification Not applicable
General Information • A copy of the official documentation on OCTAVE published by CERT is given to participants together with a student manual containing over 250 pages of information and practical examples • A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants
Who should attend? • Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants • Staff participating in the activities of risk assessment with the OCTAVE method Learning objectives • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to the OCTAVE method • To develop the necessary skills to conduct a risk assessment with the OCTAVE method • To master the steps to conduct a risk assessment with the OCTAVE method • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization • To acquire the competence to implement, maintain and manage an ongoing information security risk management program This is a PECB official training course
Introduction to the OCTAVE method Developing the necessary skills to participate in a risk assessment based on the OCTAVE method Summary This training allows learning the stages of conducting a risk assessment with the OCTAVE method. The OCTAVE method (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was developed by CERT (Computer Emergency Response Team). This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 1 DAY
Conduct a risk assessment with OCTAVE
PREREQUISITES None
• • • • • • •
Presentation of OCTAVE Phase 1 - Process 1 to 3 (Understanding the Organization) Phase 1 - Process 4 (Create threat profiles) Phase 2 - Process 5 (Identification of key components) Phase 2 - Process 6 (Evaluation of selected components) Phase 3 - Process 7 (Conduct the risk assessment) Phase 3 - Process 8 (Development of a Protection Strategy)
Exam and certification Not applicable
General Information • A copy of the official documentation on OCTAVE published by CERT is given to participants together with a student manual containing over 100 pages of information and practical examples • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants • ISO 27005 is a Guidance on information security risk management and it is not a certifiable standard for an organization
Who should attend? • R isk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the OCTAVE method Learning objectives • T o learn the stages of conducting a risk assessment with the OCTAVE method • To develop the necessary skills to participate in a risk assessment with the OCTAVE method • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to OCTAVE • To interpret the requirements of ISO 27001 on information security risk management
This is a PECB official training course
30
Risk assessment with the EBIOS method Developing the necessary skills to perform a risk assessment based on the EBIOS method Summary
DAY 3
DAY 2
DAY 1
In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using EBIOS method. The EBIOS method (Expression des Besoins et Identification des Objectifs de Sécurité) was developed by ANSSI in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 3 DAYS
Conduct of a risk assessment with EBIOS
PREREQUISITES • A basic knowledge of risk management is recommended
• • • •
Presentation of EBIOS Phase 1 - Context establishment Phase 2 – Feared security event analysis Phase 3 – Threat scenarios analysis
Completing a risk assessment with EBIOS • Phase 4 – Risk analysis • Phase 5 - Determination of security controls • Workshop with case studies
Workshop with case studies and EBIOS exam • Workshop with case studies • EBIOS exam
Exam and certification • T he “EBIOS Advanced” exam fully meets the requirements of the PECB Examination Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and techniques of risk management according to EBIOS - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on EBIOS • The “ISO 27005 Certified Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam
Certification • A certificate will be issued to participants who successfully pass the exam
General Information • A copy of the official documentation on EBIOS published by ANSSI is given to participants together with a student manual containing over 250 pages of information and practical examples • A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
Who should attend? • R isk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the EBIOS method Learning objectives • T o understand the concepts, approaches, methods and techniques allowing an effective management of risk according to EBIOS method • To develop the necessary skills to conduct a risk assessment with the EBIOS method • To master the steps to conduct a risk assessment with the EBIOS method • To interpret the requirements of ISO 27001 on information security risk management • To acquire the competence to implement, maintain and manage an ongoing ISRM program This is a PECB official training course
Introduction to the EBIOS method Developing the necessary skills to participate in a risk assessment based on the EBIOS method Summary This training allows learning the stages of conducting a risk assessment with the EBIOS method. The EBIOS method (Expression des Besoins et Identification des Objectifs de Sécurité: Expression of Needs and Identification of Security Objectives) was developed by ANSSI in France. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 1 DAY
Conduct a risk assessment with EBIOS
PREREQUISITES None
• • • • • •
Presentation of EBIOS Phase 1 - Context establishment Phase 2 – Feared security event analysis Phase 3 – Threat scenarios analysis Phase 4 – Risk analysis Phase 5 - Determination of security controls
Who should attend?
Not applicable
• Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants • Staff participating in the activities of risk assessment with the EBIOS method
General Information
Learning objectives
Exam and certification
• T he training material on EBIOS is only available in French and is based on ANSSI official training material • A copy of the official documentation on EBIOS published by ANSSI is given to participants together with a student manual containing over 100 pages of information and practical examples • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants
• T o learn the stages of conducting a risk assessment with the EBIOS method • To develop the necessary skills to participate in a risk assessment with the EBIOS method • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to EBIOS • To interpret the requirements of ISO 27001 on information security risk management
This is a PECB official training course
32
Risk assessment with the MEHARI method Developing the necessary skills to perform a risk assessment based on the MEHARI method Summary
DAY 1
This training using MEHARI enables participants to master the basic risk management elements related to information security using the MEHARI method. The MEHARI (MEthode Harmonisée d'Analyse de Risques) method was developed by the “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF). Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda
DURATION: 3 DAYS
Start of a risk assessment with MEHARI
PREREQUISITES • A basic knowledge of risk management is recommended
• • • • •
Standards, frameworks and methodologies in risk management Presentation of MEHARI Assessment and classification issues The value chain for failures Classification of resources
DAY 3
DAY 2
Assessment of vulnerabilities and risk, according MEHARI • • • •
Assessment of the vulnerabilities Qualities of a security service Measuring the quality of a security service Risk evaluation and assessment process
Security planning according to MEHARI & Exam • Security plans and procedures • Tools to support the implementation of MEHARI • The “MEHARI advanced” exam (2 hours)
Exam and certification • T he training " Risk assessment with MEHARI method” including exam is labeled by CLUSIF • Duration: 2 hours
Certification • A certificate will be issued to participants who successfully complete the exam
General Information • A n educational version of the software "Risicare” is given to the participants and a copy of the official MEHARI documentation published by the CLUSIF • The course material and exam are available only in French • A student manual containing over 300 pages of information and practical examples are given to participants • A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants
Who should attend? • R isk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the MEHARI method Learning objectives • T o develop the necessary skills to conduct a risk assessment with the MEHARI method • To master the steps to conduct a risk assessment with the MEHARI method • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to MEHARI • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the other requirements This is a PECB official training course
Introduction to the MEHARI method Developing the necessary skills to participate in a risk assessment based on the MEHARI method Summary This training allows learning the stages of conducting a risk assessment with the MEHARI method. The MEHARI (MEthode Harmonisée d'Analyse de RIsques) method was developed by the “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF). Based on practical exercises and case studies, the participant will be able to perform an optimal risk evaluation and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Course Agenda • • • • • •
Presentation of MEHARI Assessment and classification issues Diagnosis of security services Risk Assessment Definition of security plans Tools to support the implementation of MEHARI
Exam and certification Not applicable
General Information • A n educational version of the software "Risicare” is given to the participants and a copy of the official MEHARI documentation published by the CLUSIF • A student manual containing over 100 pages of information and practical examples are given to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants
DURATION: 1 DAY PREREQUISITES None
Who should attend? • R isk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the MEHARI method Learning objectives • T o develop the necessary skills to participate in a risk assessment with the MEHARI method • To learn the stages of conducting a risk assessment with the MEHARI method • To understand the relationship between the information security management system (including risk management), the security measures and the compliance with the requirements of different stakeholders of an organization
This is a PECB official training course
34
Introduction to ISO 27005 Learning the best practices in risk management based on ISO 27005 Summary This one day course allows participants to familiarize themselves with the fundamentals of risk management related to information using the standard ISO 27005 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO 27001.
Course Agenda • • • • • • •
Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implement a risk management program Risk assessment (identification and estimation) Risk assessment and Risk treatment Acceptance of risk and management of residual risks Communicating, monitoring and controlling risk
Exam and certification Not applicable
General Information • A student manual containing over 100 pages of information and practical examples are given to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants
DURATION: 1 DAYS PREREQUISITES None
Who should attend? • I T professionals wishing to obtain a comprehensive understanding of risk management within an organization • Staff implementing or seeking to comply with ISO 27001 or involved in a RM program • Member of the information security team Learning objectives • T o understand the basics of the implementation, management and maintenance of an ongoing risk management program • To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the other requirements This is a PECB official training course
Introduction to Risk assessment methodologies Learning the different methodologies in risk management Summary This one day course allows participants to learn about the different methods of risk estimation, most used on the market, as CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide. The methods discussed are compatible with the principles of ISO 27005 and within the framework of an implementation process of ISO 27001. Participants will see different stages of conducting a risk assessment based on each of the methodologies presented.
Course Agenda • • • • • • •
Concepts and definitions related to risk management according to ISO 27005 Standards, frameworks and methodologies in risk management Introduction to CRAMM Introduction to EBIOS Introduction to MEHARI Introduction to OCTAVE Introduction to Microsoft Security Risk Management
Exam and certification Not applicable
General Information • A student manual containing over 100 pages of information and practical examples are given to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants
DURATION: 1 DAY PREREQUISITES None Who should attend? • I T professionals wishing to obtain a comprehensive understanding of risk management within an organization • Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program • Member of the information security team Learning objectives • T o understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization • To become familiar with the most used risk management methods on the market as CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide This is a PECB official training course
36
TRAINING CATALOGUE
SERVICE MANAGEMENT TRAINING ISO/IEC 20000-1 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.
Certified ISO 20000 Lead Implementer Mastering the implementation and management of an Service Management System (SMS) based on ISO 20000 Summary
DAY 1
This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Service Management System as specified in ISO/IEC 20000-1. Also, the participant will gain a thorough understanding of in best practices for planning and implementing Service Management processes starting from the six fields of ISO 20000: planning and implementing new and changed services, service delivery process, relationship management processes, problem resolution process, control processes and release processes. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 20000-2 (Guidelines for the Implementation of an SMS) and ITIL.
Course Agenda
DURATION: 5 DAYS
Introduction to Service Management System (SMS) concepts as required by ISO 20000 Initiating an SMS
PREREQUISITES
• P resentation of the ISO 20000 family of standards and comparison with ITIL V2 and V3 • Fundamental principles of Service Management System • Preliminary analysis and establishment of the maturity level of an existing SMS • Writing a business case and a project plan for the implementation of an SMS
DAY 2
Planning an SMS based on ISO 20000 • • • •
Definition of the scope of an SMS Definition of an SMS policy and objectives Documentation of the processes and procedures and SLAs Budgeting and accounting for IT services
DAY 3
Implementing an SMS based on ISO 20000 • • • •
Change, configuration, release, capacity and availability management Service continuity and security management Incident and problem management Operations management of an SMS
DAY 4
Controlling, monitoring, measuring and improving an SMS certification audit of an SMS in accordance with ISO 20000 • • • • •
Controlling and monitoring an SMS Development of metrics, performance indicators and dashboards ISO 20000 internal Audit and Management review Implementation of a continual improvement program Preparing for an ISO 20000 certification audit
DAY 5
Certification Exam
38
• I SO 20000 Foundation Certification or basic knowledge of ISO 20000 and ITIL is recommended
Who should attend? • P roject managers or consultants wanting to implement of an Service Management System (SMS) • ISO 20000 auditors who wish to fully understand the SMS implementation process • Persons responsible for the SMS conformity in an organization • Technical experts wanting to prepare for an SMS function
Learning objectives • T o understand the implementation of an Service Management System in accordance with ISO 20000 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques allowing an effective management of an Service Management System • To know the interrelationships between ISO/IEC 20000-1, ISO/ IEC 20000-2 and ITIL • To acquire expertise to support an organization in implementing, managing and maintaining an Service Management System (SMS) as specified in ISO/IEC 20000 • To acquire the necessary expertise to manage a team in implementing the ISO 20000 standard
This is a PECB official training course
Exam • T he “Certified ISO/IEC 20000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of SMS - Domain 2: Information Technology Service Best Practice based on ISO 20000-2 - Domain 3: Planning an SMS based on ISO 20000 - Domain 4: Implementing an SMS based on ISO 20000 - Domain 5: Performance evaluation, monitoring and measurement of an SMS based on ISO 20000 - Domain 6: Continual improvement of an SMS based on ISO 20000 - Domain 7: Preparing for an ISO 20000-1 certification audit • The “Certified ISO/IEC 20000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 20000 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 20000 Provisional Implementer, Certified ISO/IEC 20000 Implementer or Certified ISO/IEC 20000 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Professional experience
SMS Audit experience
SMS project experience
Other requirements
Credential
Exam
ISO 20000 Provisional Implementer
ISO 20000 Lead Implementer Exam
None
None
None
Signing the PECB code of ethics
ISO 20000 Implementer
ISO 20000 Lead Implementer Exam
Two years One years of ITSM work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
ISO 20000 Lead Implementer
ISO 20000 Lead Implementer Exam
Five years Two years of ITSM work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
• F or more information about ISO 20000 certifications and PECB certification process, refer to PECB section on ISO 20000 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
39
Certified ISO 20000 Lead Auditor Mastering the Audit of an Service Management System (SMS) based on ISO 20000 Summary
DAY 1
This five day intensive course enables participants to develop the necessary expertise to audit an Service Management System (SMS) based on ISO 20000 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit
Course Agenda
DURATION: 5 DAYS
Introduction to Service Management System (SMS) concepts as required by ISO 20000
PREREQUISITES
• • • •
Fundamental principles of Information Technology Service ISO 20000 certification process Service Management System (SMS) Detailed presentation of the clauses 4 to 9 of ISO 20000-1
DAY 2
Planning and Initiating an ISO 20000 audit • • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 20000 certification audit SMS Documentation audit Conducting an opening meeting
• I SO 20000 Foundation Certification or basic knowledge of ISO 20000 and ITIL is recommended
Who should attend? • I nternal auditors and expert advisors in IT service management • Auditors wanting to perform and lead Service Management System (SMS) certification audits • Project managers or consultants wanting to master the SMS audit process • Persons responsible for the Information Technology Service conformity in an organization • Technical experts wanting to prepare for an SMS audit function Learning objectives
DAY 3
Conducting an ISO 20000 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities
DAY 4
Concluding and ensuring the follow-up of an ISO 20000 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 20000 audit Evaluation of corrective action plans ISO 20000 Surveillance and internal audit management program
DAY 5
Certification Exam
40
• T o acquire the expertise to perform an ISO 20000 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 20000 certification audit following ISO 19011 guidelines and ISO 17021 specifications • To acquire the necessary expertise to manage an SMS audit team • To understand the operation of an ISO 20000 conformant service management system • To know the interrelationships between ISO/IEC 20000-1,ISO/ IEC 20000-2 and ITIL This is a PECB official training course
Exam • T he “Certified ISO/IEC 20000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of IT Service Management - Domain 2: Service Management System (SMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 20000-1 audit - Domain 5: Conducting of an ISO 20000-1 audit - Domain 6: Closing an ISO 20000-1 audit - Domain 7: Managing an ISO 20000-1 audit program • The “Certified ISO/IEC 20000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 20000 Lead Auditor Exam)
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 20000 Provisional Auditor, Certified ISO/IEC 20000 Auditor or Certified ISO/IEC 20000 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.
Professional experience
SMS Audit experience
SMS project experience
ISO 20000 Lead Auditor Exam
None
None
None
Signing the PECB code of ethics
ISO 20000 Auditor
ISO 20000 Lead Auditor Exam
Two years One years of ITSM work experience
Audit activities totaling 200 hours
None
Signing the PECB code of ethics
ISO 20000 Lead Auditor
ISO 20000 Lead Auditor Exam
Five years Two years of ITSM work experience
Audit activities totaling 300 hours
None
Signing the PECB code of ethics
Credential
Exam
ISO 20000 Provisional Auditor
Other requirements
• F or more information about ISO 20000 certifications and PECB certification process, refer to PECB section on ISO 20000 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
41
Certified ISO 20000 Foundation Become acquainted with the best practices for implementing and managing an Service Management System (SMS) based on ISO 20000 Summary
DAY 1
This course enables participants to learn about the best practices for implementing and managing an Service Management System as specified in ISO/IEC 20000-1, as well as the best practices for implementing the Service Management processes starting from the ISO 20000: planning and implementing new and changed services, service delivery process, relationship management process, problem resolution process, control processes and release processes.
Course Agenda
DURATION: 2 DAYS
Introduction to Service Management System (SMS) concepts as required by ISO 20000
PREREQUISITES
• • • • • • •
Introduction to the ISO 20000 family of standards Introduction to management systems and the process approach Fundamental principles in Service Management General requirements presentation of ISO/IEC 20000-1 clauses Implementation phases of the ISO/IEC 20000 framework Continual improvement of IT management Conducting an ISO/IEC 20000-1 certification audit
DAY 2
Implementing the Service Management processes based on ISO 20000 and Certification Exam • • • • • •
Planning and implementing change management Supplier management Relationship management Problem management Release management Certified ISO/IEC 20000 Foundation exam
Exam • T he “Certified ISO/IEC 20000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental principles and concepts of Information Technology Service - Domain 2: Service Management System (SMS) • The “Certified ISO/IEC 20000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 20000 Foundation Exam)
42
None
Who should attend? • M embers of an Information Technology Service team • IT Professionals wanting to gain a comprehensive knowledge of the main processes of an SMS • Staff involved in the implementation of the ISO 20000 standard • Auditors Learning objectives • T o understand the implementation of an SMS in accordance with ISO 20000 • To understand the relationship between the SMS, including the management processes and compliance with the other requirements • To know the interrelationships between ISO/IEC 20000-1, ISO/ IEC 20000-2 and ITIL • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an SMS
This is a PECB official training course
Certification • A certificate of Certified ISO/IEC 20000 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 20000 Foundation
ISO 20000 Foundation exam
Professional experience
SMS Audit experience
SMS project experience
None
None
None
Other requirements Signing the PECB code of ethics
• F or more information about ISO 20000 certifications and PECB certification process, refer to PECB section on ISO 20000 Foundation Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development )will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
43
Introduction to ISO 20000 Introduction to the implementation of an Service Management System (SMS) based on ISO 20000 Summary This one-day training enables participants to be familiar with the basic concepts of implementation and management of an Service Management System (SMS) as specified in ISO/IEC 20000-1. The participant will learn the different components of an SMS, including the SMS policy, measuring performance, management’s commitment, internal audit, management review and continual improvement.
Course Agenda
DURATION: 1 DAY
• • • • • •
PREREQUISITES
Introduction to the ISO 20000 family of standards Introduction to management systems and the process approach Presentation of main processes of an SMS Implementation phases of the ISO 20000 framework Continuous improvement of IT management Conducting an ISO 20000 certification audit
Exam None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development)will be issued to participants
None
Who should attend? • I T Professionals wanting to gain a comprehensive knowledge of the main processes of an SMS • Staff involved in the implementation of the ISO 20000 standard • Expert advisors in IT and auditors • Managers responsible for implementing an SMS Learning objectives • T o understand the fundamentals of IT management • To know the interrelationships between ISO/IEC 20000-1 and ISO/IEC 20000-2 • To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of an SMS in accordance with ISO 20000 • To understand the stages of the ISO 20000 certification process
This is a PECB official training course
44
TRAINING CATALOGUE
BUSINESS CONTINUITY TRAINING BUSINESS CONTINUITY TRAINING The emerging ISO standard, ISO 22301, "Societal security -- Preparedness and Continuity Management Systems -- Requirements", specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS). ISO/DIS 22301 adopts the same ‘Plan-Do-Check-Act’ cycle as BS25999 (and many other Management Systems). However, it also draws on a number of other national standards and some of the terminology used is different to the British Standard
ISO/IEC 24762 provides guidelines on the provision of information and communications technology disaster recovery (ICT DR) services as part of business continuity management, applicable to both “in-house” and “outsourced” ICT DR service providers of physical facilities and services
Certified ISO 22301 Lead Implementer Mastering the implementation and management of a Business Continuity Management System (BCMS) based on ISO 22301 Summary This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301:2010. Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).
Course Agenda
DAY 1
Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301; Initiating a BCMS • Introduction to management systems and the process approach • Presentation of the standards ISO 22301, ISO/PAS 22399, ISO 27031, BS 25999 and regulatory framework • Fundamental principles of Business continuity • Preliminary analysis and determining the level of maturity of the existing BCMS based upon ISO 21827 • Writing a business case and a project plan for the implementation of a BCMS
DAY 2
Planning a BCMS based on ISO 22301 • Definition of the scope of a BCMS • Development of a BCMS and business continuity policies • Business impact analysis (BIA) and risk assessment
DAY 3
Implementing a BCMS based on ISO 22301 • • • • •
Implementation of a document management framework Design and implementation of business continuity processes and writing procedures Development of a training & awareness program and communicating about the BCMS Incident management and emergency management Operations management of a BCMS
DAY 4
Controlling , monitoring and measuring e a BCMS and the certification audit of a BCMS in accordance with ISO 22301 • • • • •
Monitoring BCMS processes Development of metrics, performance indicators and dashboards Internal Audit and management review of a BCMS Implementation of a continual improvement program Preparing for an ISO 22301 certification audit
DAY 5
Certification Exam
46
DURATION: 5 DAYS PREREQUISITES
• I SO 22301 Foundation Certification or basic knowledge of ISO 27031 or BS 25999 and business continuity concepts is recommended
Who should attend?
• P roject managers or consultants wanting to prepare and to support an organization in the implementation of a Business Continuity Management System (BCMS) • Business continuity auditors who wish to fully understand the implementation of a Business Continuity Management System • Persons responsible for the business continuity or conformity in an organization • Members of an business continuity team • Expert advisors in business continuity • Member of an organization that want to prepare for an business continuity function or for a BCMS project management function
Learning objectives • T o understand the implementation of a BCMS in accordance with ISO 22301, ISO 27031 or BS 25999 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a BCMS • To understand the relationship between the components of a BCMS and the compliance with the other requirements • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO22301 or BS 25999 • To acquire the necessary expertise to manage a team implementing ISO22301 or BS 25999
This is a PECB official training course
Exam • T he “Certified ISO 22301 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of business continuity - Domain 2: Business continuity Control Best Practice - Domain 3: Planning a BCMS based on ISO 22301 - Domain 4: Implementing a BCMS based on ISO 22301 - Domain 5: Performance evaluation, monitoring and measurement of a BCMS based on ISO 22301 - Domain 6: Continual improvement of a BCMS based on ISO 22301 - Domain 7: Preparing for a BCMS certification audit • The “Certified ISO 22301 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 22301 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Implementer, Certified ISO 22301 Implementer or Certified ISO 22301 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 22301 Provisional Implementer
ISO 22301 Lead Implementer Exam
Professional experience
BCMS Audit experience
BCMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 22301 Implementer
ISO 22301 Lead Implementer Exam
Two years One years of Business Continuity work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
ISO 22301 Lead Implementer
ISO 22301 Lead Implementer Exam
Five years Two years of Business Continuity work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
• F or more information about ISO 22301 certifications and PECB certification process, refer to PECB section on ISO 22301 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
47
Certified ISO 22301 Lead Auditor Mastering the Audit of a Business Continuity Management System (BCMS) based on ISO 22301 Summary
This five-day intensive course enables participants to develop the needed expertise to audit a Business Continuity Management System (BCMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. This training is compatible with BS 25999 audit (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).
Course Agenda
DAY 1
Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301 • P resentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework • Fundamental principles of business continuity • ISO 22301 certification process • Business Continuity Management System (BCMS) • Detailed presentation of the clauses 4 to 8 of ISO22301
DAY 2
Planning and Initiating an ISO 22301 audit • • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 22301 certification audit BCMS documentation audit Conducting an opening meeting
DAY 3
Conducting an ISO 22301 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting of nonconformities
DAY 4
Concluding and ensuring the follow-up of an ISO 22301 audit • • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 22301 audit Evaluation of corrective action plans ISO 22301 surveillance audit ISO 22301 internal Audit management program and second party audits
DAY 5
Certification Exam 48
DURATION: 5 DAYS PREREQUISITES
• I SO 22301 Foundation Certification or basic knowledge of BS 25999 or ISO 27031 and business continuity concepts is recommended
Who should attend? • I nternal auditors and auditors wanting to perform and lead BCMS certification audits • Project managers or consultants wanting to master the BCMS audit process • Persons responsible for the Business continuity or conformity in an organization • Members of an business continuity team • Expert advisors in information technology • Technical experts wanting to prepare for an Business continuity audit function
Learning objectives • T o acquire the expertise to perform an ISO 22301 or BS 25999 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 22301 or BS 25999 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 • To acquire the expertise necessary to manage a BCMS audit team • To understand the operation of the BCMS in accordance with ISO22301, ISO 27031 or BS 25999 • To understand the relationship between a Business Continuity Management System, including risk management, controls and compliance with the other requirements
This is a PECB official training course
Exam • T he “Certified ISO 22301 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of business continuity - Domain 2: Business Continuity Management System (BCMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 22301 audit - Domain 5: Conducting of an ISO 22301 audit - Domain 6: Closing an ISO 22301 audit - Domain 7: Managing an ISO 22301 audit program • The “Certified ISO 22301 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 22301 Lead Auditor Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Auditor, Certified ISO 22301 Auditor or Certified ISO 22301 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors. • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.
Credential
Exam
ISO 22301 Provisional Auditor
ISO 22301 Lead Auditor Exam
Professional experience
BCMS Audit experience
BCMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 22301 Auditor
ISO 22301 Lead Auditor Exam
Two years Audit activities One year of totaling Business Continuity 200 hours work experience
None
Signing the PECB code of ethics
ISO 22301 Lead Auditor
ISO 22301 Lead Auditor Exam
Five years Audit activities Two years of totaling Business Continuity 300 hours work experience
None
Signing the PECB code of ethics
• F or more information about ISO 22301 certifications and PECB certification process, refer to PECB section on ISO 22301 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
49
Certified ISO 22301 Foundation Become acquainted with the best practices for implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301 Summary
DAY 2
DAY 1
This course enables the participants to learn about the best practices for implementing and managing a Business Continuity Management System (BCMS) as specified in ISO 22301:2010, as well as the best practices for implementing the business continuity processes based on the ISO/PAS 22399. This training is fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).
Course Agenda
DURATION: 2 DAYS
Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301
PREREQUISITES None
• P resentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework • Introduction to management systems and the process approach • Fundamental principles in business continuity • General requirements: presentation of the clauses 4 to 8 of ISO 22301
Implementing controls in business continuity according to ISO 22301and Certification Exam • • • • •
Business impact analysis (BIA) and risk management Implementation phases of the ISO 22301 framework Continual improvement of business continuity Conducting an ISO 22301 certification audit ISO 22301 Foundation Exam
Exam • T he “Certified ISO 22301 Foundation” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of business continuity - Domain 2: Business Continuity Management System (BCMS) • The “Certified ISO 22301 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 22301 Foundation Exam
Who should attend? • M embers of an business continuity team • IT Professionals wanting to gain a comprehensive knowledge of the main processes of a BCMS • Staff involved in the implementation of the ISO 22301 standard • Auditors and technicians involved in operations related to a BCMS Learning objectives • T o Understand the implementation of a BCMS in accordance with ISO 22301, ISO 27031 or BS 25999 • To Understand the relationship between a BCMS, including risk management, controls and compliance with the requirements of different stakeholders of the organization • To Know the concepts, approaches, standards, methods and techniques allowing to effectively manage a BCMS This is a PECB official training course
50
Certification • A certificate of Certified ISO 22301 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 22301 Foundation
ISO 22301 Foundation exam
Professional experience
BCMS Audit experience
BCMS project experience
None
None
None
Other requirements Signing the PECB code of ethics
• For more information about ISO 22301 certifications and PECB certification process, refer to PECB section on ISO 22301 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development)will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
51
Introduction to ISO 22301 Introduction to the implementation of a Business Continuity Management System (BCMS) based on ISO 22301 Summary This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a Business Continuity Management System (BCMS) as specified in ISO 22301:2010, as well as the best practices for implementing the business continuity processes based on the ISO/PAS 22399. The participant will learn the different components of a BCMS, including the BCMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and continual improvement. This training is fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).
Course Agenda • P resentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework • Introduction to management systems and the process approach • General requirements: presentation of the clauses 4 to 8 of ISO 22301 • Implementation phases of the ISO 22301 framework • Business impact analysis (BIA) and risk management • Continual improvement of business continuity • ISO 22301 certification audit
Exam None
DURATION: 1 DAY PREREQUISITES None
Who should attend? • I T Professionals wanting to gain a comprehensive knowledge of the main processes of a BCMS • Staff involved in the implementation of the ISO 22301 standard • IT Expert advisors • Auditors and managers responsible for implementing a BCMS Learning objectives
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) will be issued to participants
• T o understand the fundamentals of business continuity • To know the interrelationships between ISO 22301, ISO 27031 and the other business continuity standards as BS 25999 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a BCMS • To understand the stages of the ISO22301 or BS 25999 certification process This is a PECB official training course
52
CERTIFIED ISO/IEC 24762 DISASTER RECOVERY MANAGER MASTERING DISASTER RECOVERY BASED ON ISO/IEC 24762 Summary
DAY 1
In this two-day intensive course participants develop the competence to master the basic disaster recovery principles and techniques using the ISO/IEC 24762 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform disaster recoveries, including selection of recovery sites, outsources services and continuous improvement.
Course Agenda
DURATION: 2 DAYS
Disaster recovery main elements and disaster recovery facilities according to ISO/IEC 24762
PREREQUISITES None
• • • • • • •
Asset management and site-related issues Vendor management and outsourcing arrangements Activation and deactivation of DRP Training, education and testing Physical access controls and security Environmental controls Telecommunications, power supply, cable management and fire protection
DAY 2
Outsourcing, recovery sites and continuous improvements according to ISO/IEC 24762 • • • • • •
Types and proximity of services Activation of subscribed services Organization testing and emergency response plan Infrastructure, manpower and support Performance measurement Risk mitigation
Exam • T he “Certified ISO/IEC 24762 Disaster Recovery Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental concepts, approaches, methods and frameworks of disaster recovery - Domain 2: Preparation and implementation of a disaster recovery program - Domain 3: Testing, measurement and improvement of a disaster recovery program • The “Certified ISO/IEC 24762 Disaster Recovery Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO/IEC 24762 Disaster Recovery Manager Exam
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of disaster recovery mechanisms. • Disaster recovery auditors who wish to fully understand the implementation of a disaster recovery plan • Persons responsible for the disaster recovery or conformity in an organization • Members of a disaster recovery team • Expert advisors in disaster recovery Learning objectives • T o understand the concepts, approaches, methods and techniques for effective disaster recovery management according to ISO/IEC 24762 • To understand issues related to sites, facilities and location in disaster recovery • To understand the importance of outsourcing in disaster recovery • To understand how to measure and improve disaster recovery mechanisms This is a PECB official training course
"I never performed an audit before going to this class. On the first day, the trainer said that at the end of the course, we'd be able to perform and lead audits, from audit planning to audit conclusion and follow-up on audit findings. He wasn't lying! The course and exercises clearly addressed all stages of an audit in a methodical way, and I was able to join an audit team the following weeks." Ben D.
Consultant and Auditor, Large International Consulting Firm
TRAINING CATALOGUE
QUALITY MANAGEMENT TRAINING ISO 9001 specifies requirements for a quality management system where an organization • n eeds to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and • aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. All requirements of ISO 9001:2008 are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.
Certified ISO 9001 Lead Implementer Mastering the implementation and management of a Quality Management System (QMS) based on ISO 9001 Summary This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Quality Management System (QMS) based on ISO 9001:2008. Participants will also gain a thorough understanding of best practices used to implement quality processes based on requirements from ISO 9001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 9004 guidance’s (Managing for the sustained success of an organization -- A quality management approach).
Course Agenda
DAY 1
Introduction to Quality Management System (QMS) concepts as required by ISO 9001 • • • •
Introduction to management systems and the process approach Fundamental principles of Quality Presentation of the ISO 9000 family standard Understanding the requirements of ISO 9001:2008 clause-by-clause, - Quality Management System - Management responsibility - Resource management - Product/Service realization - Measurement, analysis and improvement
DAY 2
Initiating a QMS project based on ISO 9001 • • • • •
Selection of the approach and implementation methodology Identification and analysis of customer needs and requirements Writing a business case and a project plan for the implementation of a QMS Implementation of a document management framework Drafting a QMS (quality manual, procedures, records)
DAY 3
Implementing a QMS based on ISO 9001 • Development of a training & awareness program and communicating about the Quality • Resource management processes (human resources, infrastructure and work environment) • Product realization processes • Purchasing process • Operations management of a QMS
DAY 4
Controlling, monitoring and measuring a QMS and the certification audit of a QMS in accordance with ISO 9001 • • • • • •
Controlling and monitoring a QMS Measurement of customer satisfaction ISO 9001 internal Audit Management review of a QMS Implementation of a continual improvement program Preparing for a ISO 9001 certification audit
DAY 5
Certification Exam 56
DURATION: 5 DAYS PREREQUISITES • I SO 9001 Foundation Certification or a basic knowledge of ISO 9001 is recommended
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of a Quality Management System (QMS) • Quality executives • ISO 9001 auditors who wish to fully understand the Quality Management System implementation process • Persons responsible for the Quality or conformity in an organization • Members of an quality team • Expert advisors in Quality Management Systems • Technical experts wanting to prepare for an quality function or for a QMS project management function
Learning objectives • T o understand the implementation of a Quality Management System in accordance with ISO 9001 • T o gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Quality Management System • T o understand the relationship between the components of a Quality Management System and the compliance with the requirements of different stakeholders of an organization • T o acquire necessary expertise to support an organization in implementing, managing and maintaining a QMS as specified in ISO9001 and ISO 9004 • T o acquire necessary expertise to manage a team implementing ISO 9001 • T o develop knowledge and skills required to advise organizations on best practices in the management of quality • T o improve the capacity for analysis and decision making in the context of quality management • To prepare an organization for an ISO9001 audit
This is a PECB official training course
Exam • T he “Certified ISO 9001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Quality - Domain 2: Quality Management System Best Practice based on ISO 9001 - Domain 3: Planning a QMS based on ISO 9001 - Domain 4: Implementing a QMS based on ISO 9001 - Domain 5: Performance evaluation, monitoring and measurement of a QMS based on ISO 9001 - Domain 6: Continual improvement of a QMS based on ISO 9001 - Domain 7: Preparing for a QMS certification audit • The “Certified ISO 9001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 9001 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 9001 Provisional Implementer, Certified ISO 9001 Implementer or Certified ISO 9001 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 9001 Provisional Implementer
ISO 9001 Lead Implementer Exam
ISO 9001 I mplementer
ISO 9001 Lead Implementer Exam
ISO 9001 Lead Implementer
ISO 9001 Lead Implementer Exam
Professional experience
QMS Audit experience
QMS project experience
None
None
None
Signing the PECB code of ethics
Two years One years of quality management work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
Five years Two years of quality management work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
Other requirements
• F or more information about ISO 9001 certifications and PECB certification process, refer to PECB section on ISO 9001 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
57
Certified ISO 9001 Lead Auditor Mastering the Audit of a Quality Management System (QMS) based on ISO 9001 Summary
DAY 1
This five-day intensive course enables participants to develop the needed expertise to audit a Quality Management System (QMS) based on ISO 9001 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.the. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit
Course Agenda
DURATION: 5 DAYS
Introduction to Quality Management System (QMS) concepts as required by ISO 9001
PREREQUISITES
• • • • •
Normative, regulatory and legal framework related to Quality Fundamental principles of Quality ISO 9001 certification process Quality Management System (QMS) Detailed presentation of the clauses 4 to 8 of ISO 9001
DAY 2
Planning and Initiating an ISO 9001 audit • • • • •
Fundamental audit concepts and principles Audit approach based on evidence Preparation of an ISO 9001 certification audit QMS documentation audit Conducting an opening meeting
DAY 3
Conducting an ISO 9001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities
DAY 4
Concluding and ensuring the follow-up of an ISO 9001 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 9001 audit Evaluation of corrective action plans ISO 9001 Surveillance audit and Internal Audit management program
DAY 5
Certification Exam
58
•
I SO 9001 Foundation Certification or basic knowledge of ISO 9001 is recommended
Who should attend? • Internal auditors • Auditors wanting to perform and lead Quality Management System (QMS) certification audits • Project managers or consultants wanting to master the QMS audit process • Persons responsible for the Quality or conformity in an organization • Expert advisors in Quality Management Systems • Technical experts wanting to prepare for a Quality audit function
Learning objectives • T o acquire expertise to perform an ISO9001 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO9001 certification audit following ISO 19011 guidelines and ISO 17021 specifications • To acquire the expertise necessary to manage a QMS audit team • To understand the relationship between a QMS and compliance with the requirements of different stakeholders of the organization • To improve the ability to analyze the internal and external environment of an organization, and audit decision-making in the context of a QMS
This is a PECB official training course
Exam • T he “Certified ISO 9001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Quality - Domain 2: Quality Management System (QMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 9001 audit - Domain 5: Conducting of an ISO 9001 audit - Domain 6: Closing an ISO 9001 audit - Domain 7: Managing an ISO 9001 audit program • The “Certified ISO 9001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 9001 Lead Auditor Exams
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 9001 Provisional Auditor, Certified ISO 9001 Auditor or Certified ISO 9001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.
Credential
Exam
ISO 9001 Provisional Auditor
ISO 9001 Lead Auditor Exam
ISO 9001 I Auditor
ISO 9001 Lead Auditor Exam
ISO 9001 Lead Auditor
ISO 9001 Lead Auditor Exam
Professional experience
QMS Audit experience
QMS project experience
None
None
None
Signing the PECB code of ethics
Two years Audit activities One year of totaling quality management 200 hours work experience
None
Signing the PECB code of ethics
Five years Audit activities Two years of totaling quality management 300 hours work experience
None
Signing the PECB code of ethics
Other requirements
• F or more information about ISO 9001 certifications and PECB certification process, refer to PECB section on ISO 9001 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
59
Certified ISO 9001 Foundation Become acquainted with the best practices for implementing and managing a Quality Management System (QMS) based on ISO 9001 Summary
DAY 2
DAY 1
This course enables the participants to learn about the best practices for implementing and managing a Quality Management System (QMS) as specified in ISO 9001:2008, as well as ISO 9004:2009 (Managing for the sustained success of an organization -- A quality management approach). The participant will learn the different components of a QMS, including the QMS quality manual, required procedures, records, measuring performance, management’s commitment, internal audit, management review and continual improvement.
Course Agenda
DURATION: 2 DAYS
Introduction to Quality Management System (QMS) concepts as required by ISO 9001
PREREQUISITES
• • • •
Introduction to the ISO 9000 family of standards Introduction to management systems and the process approach Fundamental principles of Quality Management General requirements: presentation of the clauses 4 to 8 of ISO 9001
Who should attend?
Implementing requirements from ISO 9001:2008 and Certification Exam • • • •
Implementation phases of the ISO 9001 framework Continual improvement of Quality Conducting an ISO 9001 certification audit Certification Exam
• A certificate of Certified ISO 9001 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential Exam
ISO 9001 Foundation
ISO 9001 Foundation exam
• Members of an Quality team • Professionals wanting to gain a comprehensive knowledge of the main processes of a Quality Management System (QMS) • Staff involved in the implementation or operations related to ISO 9001 • Auditors Learning objectives
Certification
Credential
None
Professional experience
QMS Audit experience
QMS project experience
None
None
None
Other requirements Signing the PECB code of ethics
• F or more information about ISO 9001 certifications and PECB certification process, refer to PECB section on ISO 9001 Foundation Certification
General Information • Certification fees are included in the exam price • A student manual containing over 200 pages of information and practical examples will be distributed to participants • A participation certificate of 14 CPD (Continuing Professional Development) will be issued to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
• T o understand the implementation of a QMS in accordance with ISO9001 • To understand the relationship between a QMS and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a QMS • To acquire the necessary knowledge to contribute in implementing a QMS as specified in ISO9001 This is a PECB official training course
Introduction to ISO 9001 Introduction to the implementation of a Quality Management System (QMS) based on ISO 9001 Summary This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a Quality Management System (QMS) as specified in ISO 9001:2008. The participant will learn the different components of a QMS, including the QMS quality manual, required procedures, records, measuring performance, management’s commitment, internal audit, management review and continual improvement.
Course Agenda
DURATION: 1 DAY PREREQUISITES
• • • • • •
Introduction to the ISO 9000 family of standards Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO 9001 Implementation phases of the ISO 9001 framework Continual improvement of Quality Conducting an ISO 9001 certification audit
Exam and certification None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • Participation certificate of 7 CPD (Continuing Professional Development) will be issued to participants
None
Who should attend? • P rofessionals wanting to gain a comprehensive knowledge of the main processes of a Quality Management System (QMS) • Staff involved in the implementation of the ISO 9001 standard • Managers responsible for implementing a QMS • Auditors Learning objectives • T o understand the fundamentals of Quality Management • To know the interrelationships between ISO9001 and the other Quality standards • To know the key components of a Quality Management System (QMS) in accordance with ISO 9001 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a QMS • To understand the stages of the ISO 9001 certification process This is a PECB official training course
"The trainer had several years of practical experience and you could tell. He brilliantly mastered the course material and illustrated the course theory with real-life examples that made complex concepts it so clear. One of the greatest speaker I've met." Clara S.
Quality Manager, Fortune 1000 company
TRAINING CATALOGUE
ENVIRONMENTAL MANAGEMENT TRAINING ISO 14001 specifies requirements for an environmental management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and other requirements to which the organization subscribes, and information about significant environmental aspects. It applies to those environmental aspects that the organization identifies as those which it can control and those which it can influence. It does not itself state specific environmental performance criteria.
Certified ISO 14001 Lead Implementer Mastering the implementation and management of an Environmental Management System (EMS) based on ISO 14001 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Environmental Management System (EMS) based on ISO 14001:2004. Participants will also gain a thorough understanding of best practices used to implement requirements of Environmental Management System of ISO 14001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 14004 (Environmental management systems -- General guidelines on principles, systems and support techniques) and ISO 10012 (Measurement management systems -- Requirements for measurement processes and measuring equipment)
Course Agenda
DURATION: 5 DAYS
Introduction to Environmental Management System (EMS) concepts as required by ISO 14001
PREREQUISITES • ISO 14001 Foundation
• • • • •
Introduction to management systems and the process approach Presentation of ISO 14001:2004 structure and requirements ISO 14001:2004 Application / Fundamental principles Identification and evaluation of environmental aspects/impacts and their significance Writing a business case and a project plan for the implementation of an EMS
DAY 2
Initiating an EMS based on ISO 14001 • • • •
Selection of the approach and implementation methodology Definition of environment policy and objectives Identification and analysis of customer needs and requirements Writing a business case and a project plan for the implementation of a EMS
Certification or a basic knowledge of ISO 14001 is recommended
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of an EMS • ISO 14001 auditors who wish to fully understand the EMS implementation process • Persons responsible for the Environmental conformity in an organization • Environmental expert advisors • Technical experts wanting to prepare for an environmental function or for an EMS project management function
Learning objectives
DAY 3
Implementing an EMS based on ISO 14001 • • • • •
Implementation of a document management framework Development of a training & awareness program and communicating about Environment Resource management processes (HR, infrastructure and work environment) Product / Service realization processes /Purchasing process Operational management of an EMS
DAY 4
Controlling, monitoring, measuring and improving an EMS and the certification audit of an EMS in accordance with ISO 14001 • Controlling and monitoring an EMS • Development of metrics, performance indicators and dashboards in accordance with IS 14001 • ISO 14001 Internal Audit and management review • Implementation of a continual improvement program • Preparing for an ISO 14001 certification audit
DAY 5
Certification Exam 64
• T o gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective implementation and management of an EMS based on ISO 14001 • To understand the relationship between the components of an EMS and compliance with the other requirements • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an EMS as specified in ISO14001 • To acquire the necessary expertise to manage a team implementing ISO14001
This is a PECB official training course
Exam • T he “Certified ISO 14001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Environmental Management System - Domain 2: Environmental Control Best Practices based on ISO 14004 - Domain 3: Planning an EMS based on ISO 14001 - Domain 4: Implementing an EMS based on ISO 14001 - Domain 5: Performance evaluation, monitoring and measurement of an EMS based on ISO 14001 - Domain 6: Continual improvement of an EMS based on ISO 14001 - Domain 7: Preparing for an EMS certification audit • The “Certified ISO 14001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 14001 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 14001 Certified Provisional Implementer, Certified ISO 14001 Implementer or Certified ISO 14001 Lead Implementer depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 14001 Provisional Implementer
ISO 14001 Lead Implementer Exam
ISO 14001 Implementer
ISO 14001 Lead Implementer Exam
ISO 14001 Lead Implementer
ISO 14001 Lead Implementer Exam
Professional experience
EMS Audit experience
EMS project experience
None
None
None
Signing the PECB code of ethics
Two years
None
Project activities totaling 200 hours
Signing the PECB code of ethics
Five years Two years of Environmental management work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
One years of Environmental management work experience
Other requirements
• F or more information about ISO 14001 certifications and PECB certification process, refer to PECB section on ISO 14001 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation of 31 CPD (Continuing Professional Development) certificate will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
65
Certified ISO 14001 Lead Auditor Mastering the Audit of an Environmental Management System (EMS) based on ISO 14001 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to audit an Environmental Management System (EMS) based on ISO 14001 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.
Course Agenda
DURATION: 5 DAYS
Introduction to Environmental Management System (EMS) concepts as required by ISO 14001
PREREQUISITES • ISO 14001 Foundation Certification or basic knowledge of ISO 14001 is recommended
• • • • •
Normative, regulatory and legal framework related to EMS Fundamental principles of Environmental Management System ISO 14001 certification process Environmental Management System (EMS) Detailed presentation of the clauses 4 to 4.6 of the 14001
DAY 2
Planning and Initiating an ISO 14001 audit • • • •
Fundamental audit concepts and principles Audit approach based on evidence Preparation of an ISO 14001 certification audit An EMS Documentation audit
Who should attend? • Internal auditors and members of an Environmental team • Auditors wanting to perform and lead EMS certification audits • Project managers or consultants wanting to master the EMS audit process • Persons responsible for the Environmental conformity in an organization • Experts wanting to prepare for an Environmental audit function Learning objectives
DAY 3
Conducting an ISO 14001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities
DAY 4
Concluding and ensuring the follow-up of an ISO 14001 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 14001 audit Evaluation of corrective action plans ISO 14001 Surveillance and internal audit management program
DAY 5
Certification Exam
66
• T o acquire the expertise to perform an ISO 14001 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO14001 certification audit following ISO 19011 to guidelines and ISO 17021 specifications • To acquire necessary expertise to manage an EMS audit team • To understand the operation of an ISO 14001 conformant EMS • To understand the relationship between an EMS controls and compliance with the requirements of different stakeholders of the organization This is a PECB official training course
Exam • T he “Certified ISO 14001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Environmental Management System - Domain 2: Environmental Control Best Practices based on ISO 14004 - Domain 3: Planning an EMS based on ISO 14001 - Domain 4: Implementing an EMS based on ISO 14001 - Domain 5: Performance evaluation, monitoring and measurement of an EMS based on ISO 14001 - Domain 6: Continual improvement of an EMS based on ISO 14001 - Domain 7: Preparing for an EMS certification audit • The “Certified ISO 14001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 14001 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 14001 Certified Provisional Implementer, Certified ISO 14001 Implementer or Certified ISO 14001 Lead Implementer depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 14001 Provisional Implementer
ISO 14001 Lead Implementer Exam
ISO 14001 Implementer
ISO 14001 Lead Implementer Exam
ISO 14001 Lead Implementer
ISO 14001 Lead Implementer Exam
Professional experience
EMS Audit experience
EMS project experience
None
None
None
Signing the PECB code of ethics
Two years
Audit activities totaling 200 hours
None
Signing the PECB code of ethics
Five years Two years of Environmental management work experience
Audit activities totaling 300 hours
None
Signing the PECB code of ethics
One year of Environmental management work experience
Other requirements
• F or more information about ISO 14001 certifications and PECB certification process, refer to PECB section on ISO 14001 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation of 31 CPD (Continuing Professional Development) certificate will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
67
Certified ISO 14001 Foundation Become acquainted with the best practices for implementing and managing an Environmental Management System (EMS) based on ISO 14001 Summary
DAY 1
This course enables the participants to learn about the best practices for implementing and managing an Environmental Management System (EMS) as specified in ISO 14001:2004. This training also helps to understand how ISO 14001 is linked with other management systems. The participant will learn the different components of an EMS, including the EMS policy, procedures, measuring performance, management’s commitment, internal audit, management review and Continual improvement.
Course Agenda
DURATION: 2 DAYS
Introduction to Environmental Management System (EMS) concepts as required by ISO 14001
PREREQUISITES None
• • • • • •
Introduction to the ISO 14000 family of standards Introduction to management systems and the process approach Fundamental principles in Environmental Management General requirements: presentation of the clauses 4 to 4.6 of the ISO 14001 standard Implementation phases of the ISO 14001 framework Continual improvement of Environmental Management System
DAY 2
Implementing an Environmental Management System and Certification Exam • • • •
Implementation phases of the ISO 14001 framework Continual improvement of Environmental Management System Conducting an ISO 14001 certification audit Certified ISO 14001 Foundation exam
Exam • T he “Certified ISO 14001 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of environmental - Domain 2: Environmental Management System (EMS) • The “Certified ISO 14001 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 14001 exams
68
Who should attend? • Members of an Environmental team • Professionals wanting to gain a comprehensive knowledge of the main processes of an Environmental Management System (EMS) • Staff involved in the implementation of the ISO 14001 standard • Staff involved in operations related to an EMS • Auditors Learning objectives • To understand the implementation of an Environmental Management System in accordance with ISO14001 • To understand the relationship between an Environmental Management System with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an Environmental Management System • To acquire the necessary knowledge to contribute in implementing an Environmental Management System (EMS) as specified in ISO 14001 This is a PECB official training course
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 14001 Certified Provisional Implementer, Certified ISO 14001 Implementer or Certified ISO 14001 Lead Implementer depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 14001 Foundation
ISO 14001 Foundation exam
Professional experience
EMS Audit experience
EMS project experience
Other requirements
None
None
None
Signing the PECB code of ethics
• F or more information about ISO 14001 certifications and PECB certification process, refer to PECB section on ISO 14001 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation 14 CPD (Continuing Professional Education) certificate will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
69
Introduction to ISO 14001 Introduction to the implementation of an Environmental Management System (EMS) based on ISO 14001 Summary This one-day training enables participants to be familiar with the basic concepts of the implementation and management of an Environmental Management System (EMS) as specified in ISO 14001:2004. The participant will learn the different components of an EMS, including the EMS policy, procedures, measuring performance, management’s commitment, internal audit, management review and Continual improvement.
Course Agenda • • • • • •
Introduction to the ISO 14000 family of standards Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 4.6 of the ISO 14001 standard Implementation phases of ISO 14001 framework Continual improvement of Environmental Management System Conducting an ISO 14001 certification audit
Exam and certification None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate 7 CPD (Continuing Professional Education) participation will be issued to participants
DURATION: 1 DAY PREREQUISITES None
Who should attend? • P rofessionals wanting to gain a comprehensive knowledge of the main processes of an EMS • Staff involved in the implementation of the ISO 14001 standard • Expert advisors, auditors and managers responsible for implementing an EMS Learning objectives • T o understand the fundamentals of Environmental • To know the interrelationships between ISO 14001 and the other ISO Management Systems • To know the key components of an EMS in accordance with ISO14001 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage an EMS • To understand the stages of the ISO14001 certification process This is a PECB official training course
70
TRAINING CATALOGUE
OCCUPATIONAL HEALTH & SAFETY TRAINING OHSAS 18001:2007 is an international standard that is developed by the OHSAS project Group, an association that includes government agencies, certification bodies, national standards, industry associations, and consultants. It comprises two parts, 18001 and 18002 and embraces a number of other publications. The aim of OHSAS 18001 is to assist organizations in managing and controlling their health and safety risks and improving their OH&S performance. In response to customer demand for an occupational health and safety management system that can be assessed objectively, certified credibly, and recognized internationally, the Occupational Health and Safety Assessment Series (OHSAS) standards are developed for use by all types of organizations and industries
Certified OHSAS 18001 Lead Implementer Mastering the implementation and management of an Occupational Health and Safety Management System (OHSMS) based on OHSAS 18001 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Occupational Health and Safety Management System (OHSMS) based on OHSAS 18001:2007. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects) and OHSAS 18002 (Guidelines for the implementation of OHSAS 18001).
Course Agenda
DURATION: 5 DAYS
Introduction to Occupational Health and Safety Management System (OHSMS) concepts as required by OHSAS 18001; Initiating an OHSMS
PREREQUISITES
• • • •
Introduction to management systems and the process approach Fundamental principles of Occupational Health and Safety Presentation of OHSAS 18001 clause-by-clause Preliminary analysis and determining the level of maturity of the existing occupational Health and Safety management system • Writing a business case and a project plan for the implementation of an OHSMS
DAY 2
Planning an OHSMS based on OHSAS 18001 • Definition the scope of the OHSMS • Development of the OHSMS and occupational Health and Safety policies • Selection of the approach and methodology for hazard identification, hazard assessment and hazard control • Drafting the project plan
DAY 3
Implementing an OHSMS based on OHSAS 18001 • • • •
Implementation of a document management framework Development of a training & awareness program and communicating about the OHS Operational control / Emergency preparedness and response Operations management of an OHSMS
DAY 4
Controlling, monitoring and measuring an OHSMS; certification audit of an OHSMS • • • • •
Controlling and Monitoring an OHSMS Development of metrics, performance indicators and dashboards Internal Audit and management review of an OHSMS Implementation of a continual improvement program Preparing for an OHSAS 18001 certification audit
DAY 5
Certification Exam 72
• O HSAS 18001 Foundation
Certification or a basic knowledge of OHSAS 18001 is recommended
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of an OHSMS • OHSAS 18001 auditors who wish to fully understand the OHSMS implementation process • Persons responsible for the occupational Health and Safety or conformity in an organization • Expert advisors and members of an Occupational Health and Safety team • Experts wanting to prepare for an OHS function or for an OHSMS project management function
Learning objectives • T o understand the implementation of an Occupational Health and Safety Management System in accordance with OHSAS 18001 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an OHSMS • To understand the relationship between the components of an Occupational Health and Safety Management System, including hazard assessment & management, controls and compliance with the requirements of different stakeholders of the organization • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an OHSMS as specified in OHSAS18001 • To acquire the necessary expertise to manage a team implementing OHSAS18001
This is a PECB official training course
Exam • T he “Certified OHSAS 18001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of occupational health and safety - Domain 2: Occupational Health and Safety Best Practices - Domain 3: Planning an OHSMS based on OHSAS 18001 - Domain 4: Implementing an OHSMS based on OHSAS 18001 - Domain 5: Performance evaluation, monitoring and measurement of an OHSMS based on OHSAS 18001 - Domain 6: Continual improvement of an OHSMS based on OHSAS 18001 - Domain 7: Preparing for an OHSMS certification audit • The “Certified OHSAS 18001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on OHSAS18001Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified OHSAS 18001 Provisional Implementer, Certified OHSAS 18001 Implementer or Certified OHSAS 18001 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
OHSAS 18001 Provisional Implementer
OHSAS 18001 Lead Implementer Exam
Professional experience
OHSMS Audit experience
OHSMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
OHSAS 18001 Implementer
OHSAS 18001 Lead Implementer Exam
Two years One years of Occupational Health and Safety work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
OHSAS 18001 Lead Implementer
OHSAS 18001 Lead Implementer Exam
Five years Two years of Occupational Health and Safety work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
• F or more information about OHSAS18001 certifications and PECB certification process, refer to PECB section on OHSAS 18001 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
73
Certified OHSAS 18001 Lead Auditor Mastering the Audit of an Occupational Health and Safety Management System (OHSMS) based on OHSAS 18001 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to audit an Occupational Health and Safety Management System (OHSMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with the certification process of the OHSAS 18001:2007 standards. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.
Course Agenda
DURATION: 5 DAYS
Introduction to Occupational Health and Safety Management System (OHSMS) concepts as required by OHSAS 18001
PREREQUISITES
• • • • •
Normative, regulatory and legal framework related to occupational health and safety Fundamental principles of occupational Health and Safety OHSAS 18001 certification process Occupational Health and Safety Management System (OHSMS) Detailed presentation of OHSAS18001 clause-by-clause
DAY 2
Planning and Initiating an OHSAS 18001 audit • • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on hazard Preparation of an OHSAS 18001 certification audit OHSMS documentation audit Conducting an opening meeting
DAY 3
Conducting an OHSAS 18001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plan • Formulation of audit findings and documenting of nonconformities
DAY 4
Concluding and ensuring the follow-up of an OHSAS 18001 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an OHSAS 18001 audit Evaluation of corrective action plans OHSAS 18001 Surveillance audit and internal Audit management program
DAY 5
Certification Exam
74
• O HSAS 18001 Foundation
Certification or basic knowledge of OHSAS 18001 is recommended
Who should attend? • I nternal auditors and expert advisors in Health & Safety • Auditors wanting to perform and lead Occupational Health and Safety Management System (OHSMS) certification audits • Project managers or consultants wanting to master the OHSMS audit process • Persons responsible for the Occupational Health and Safety or conformity in an organization • Experts wanting to prepare for an Occupational Health and Safety audit function
Learning objectives • T o acquire the expertise to perform an OHSAS 18001 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an OHSAS 18001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 • To acquire the expertise necessary to manage an OHSMS audit team • To understand the operation of an OHSAS 18001 conformant OHSMS • To understand the relationship between an OHSMS, including hazard assessment & management, controls and compliance with the requirements of different stakeholders of the organization
This is a PECB official training course
Exam • T he “Certified OHSAS 18001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of occupational health and safety - Domain 2: Occupational Health and Safety Management System (OHSMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an OHSAS 18001 audit - Domain 5: Conducting OHSAS 18001 audit - Domain 6: Closing an OHSAS 18001 audit - Domain 7: Managing an OHSAS 18001 audit program • The “Certified OHSAS 18001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on OHSAS18001 Lead Auditor Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified OHSAS 18001 Provisional Auditor, Certified OHSAS 18001 Auditor or Certified OHSAS 18001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.
Credential
Exam
OHSAS 18001 Provisional Auditor
OHSAS 18001 Lead Auditor Exam
Professional experience
OHSMS Audit experience
OHSMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
OHSAS 18001 Auditor
OHSAS 18001 Lead Auditor Exam
Two years Audit activities One year of totaling Occupational Health 200 hours and Safety work experience
None
Signing the PECB code of ethics
OHSAS 18001 Lead Auditor
OHSAS 18001 Lead Auditor Exam
Five years Audit activities Two years of totaling Occupational Health 200 hours and Safety work experience
None
Signing the PECB code of ethics
• F or more information about OHSAS18001 certifications and PECB certification process, refer to PECB section on OHSAS18001 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
75
Certified OHSAS 18001 Foundation Become acquainted with the best practices for implementing and managing an Occupational Health and Safety Management System (OHSMS) based on OHSAS 18001 Summary
DAY 1
This course enables the participants to learn about the best practices for implementing and managing an Occupational Health and Safety Management System (OHSMS) as specified in OHSAS 18001:2007. This training also helps to understand how OHSAS 18001 relate with ISO 14001 and ISO 9001
Course Agenda
DURATION: 2 DAYS
Introduction to Occupational Health and Safety Management System (OHSMS) concepts as required by OHSAS 18001
PREREQUISITES
• • • • • • •
Presentation of the OHSAS 18000 family of standards Introduction to management systems and the process approach Fundamental principles in Health & Safety General requirements: presentation of OHSAS 18001 clause-by-clause Implementation phases of the OHSAS 18001 framework Continual improvement of Occupational Health and Safety Conducting an OHSAS 18001 certification audit
DAY 2
Implementing Occupational Health and Safety according to OHSAS 18001 and Certification Exam • • • •
Development of a training & awareness program and communication about the OHS Operational controls / emergency preparedness and response Operational management of an OHSMS Certified OHSAS 18001 Foundation Exam
Exam • T he “Certified OHSAS 18001 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - D omain 1: Fundamental principles and concepts of occupational health and safety - Domain 2: Occupational Health and Safety Management System (OHSMS) • The “Certified OHSAS 18001 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on OHSAS18001 Foundation Exam
76
None
Who should attend? • M embers of an occupational Health and Safety team • Professionals wanting to gain a comprehensive knowledge of the main processes of an OHSMS • Staff involved in the implementation of the OHSAS 18001 standard • Auditors and technicians involved in operations related to an OHSMS Learning objectives • T o understand the implementation of an OHSMS in accordance with OHSAS18001 • To understand the relationship between an OHSMS including hazard assessment & management, controls and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an OHSMS This is a PECB official training course
Certification • A certificate of Certified OHSAS 18001 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
Credential
Exam
OHSAS 18001 Foundation
OHSAS 18001 Foundation exam
Professional experience
OHSMS project experience
OHSMS project experience
Other requirements
None
None
None
Signing the PECB code of ethics
• F or more information about OHSAS18001 certifications and PECB certification process, refer to PECB section on c OHSAS18001 Foundation Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
77
Introduction to OHSAS 18001 Introduction to the implementation of an Occupational Health and Safety Management System (OHSMS) based on OHSAS 18001 Summary This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of an Occupational Health and Safety Management System (OHSMS) as specified in OHSAS 18001:2007. The participant will learn the different components of an OHSMS, including the OHSMS policy, hazard management, measuring performance, management’s commitment, internal audit, management review and continual improvement.
Course Agenda • • • • • • •
Presentation of the OHSAS 18000 family of standards Introduction to management systems and the process approach General requirements: presentation of OHSAS 18001 clause-by-clause Implementation phases of the OHSAS 18001 framework Introduction to hazard assessment and management according to OHSAS 18001 Continual improvement of occupational Health and Safety Conducting an OHSAS 18001 certification audit
Exam and certification None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants.
DURATION: 1 DAY PREREQUISITES None
Who should attend? • P rofessionals wanting to gain a comprehensive knowledge of the main processes of an Occupational Health and Safety Management System (OHSMS) • Staff involved in the implementation of the OHSAS 18001 standard • Expert advisors in Health & Safety • Auditors and managers responsible for implementing an OHSMS Learning objectives • T o understand the fundamentals of OHS • To know the interrelationships between OHSAS 18001 and the other OHS standards • To know the key components of an OHSMS in accordance with OHSAS 18001 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage an OHSMS • To understand the stages of the OHSAS18001 certification process This is a PECB official training course
78
TRAINING CATALOGUE
FOOD SAFETY TRAINING ISO 22000:2005 specifies requirements for a food safety management system where an organization in the food chain needs to demonstrate its ability to control food safety hazards in order to ensure that food is safe at the time of human consumption. It is applicable to all organizations, regardless of size, which are involved in any aspect of the food chain and want to implement systems that consistently provide safe products. The means of meeting any requirements of ISO 22000:2005 can be accomplished through the use of internal and/or external resources.
Certified ISO 22000 Lead Implementer Mastering the implementation and management of a Food Safety Management System (FSMS) based on ISO 22000 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Food Safety Management System (FSMS) based on ISO 22000:2005. Participants will also be given a thorough grounding in best practices used to implement food safety controls from all areas of ISO 22000. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is compatible with ISO/TS 22004:2005 (Food Safety Management Systems -- Guidance on the application of ISO 22000:2005) and ISO/TS 22002-1:2009 (Prerequisite programs on food safety -- Part 1: Food manufacturing)
Course Agenda
DURATION: 5 DAYS
Introduction to Food Safety Management System (FSMS) concepts as required by ISO 22000; Initiating a FSMS
PREREQUISITES
• Introduction to management systems and the process approach • Presentation of the standards ISO 22000, ISO 22004 and ISO/TS 22002 • Preliminary analysis and establishment of the maturity level of the existing Food Safety Management System • Writing a business case and a project plan for the implementation of a FSMS
DAY 2
Planning a FSMS based on ISO 22000 • • • •
Definition of the scope of a FSMS Development of a FSMS and food safety policies and objectives Preliminary steps to enable hazard analysis Hazard analysis
DAY 3
Implementing a FSMS based on ISO 22000 • • • • •
Implementation of a document management framework Implementation of controls and a traceability system Development of a training & awareness program and communication about food safety Emergency preparedness and response Operations management of a FSMS
DAY 4
Control, monitor and measure a FSMS and the certification audit of a FSMS in accordance with ISO 22000 • • • • •
Controlling and monitoring the FSMS controls Development of metrics, performance indicators and dashboards ISO 22000 internal Audit and management review Implementation of a continual improvement program Preparing for an ISO 22000 certification audit
DAY 5
Certification Exam
80
• I SO 22000 Foundation Certification or a basic knowledge of ISO 22000 and/or ISO 9001 & HACCP is recommended
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of a FSMS • ISO 22000 auditors who wish to fully understand the FSMS implementation process • Persons responsible for the food safety conformity in an organization • Technical experts wanting to prepare for a food safety function or for a FSMS project management function
Learning objectives • T o understand the implementation of a FSMS in accordance with ISO 22000 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a FSMS • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a FSMS as specified in ISO22000 • To understand prerequisite programs • To master the knowledge of Good Practice guides for: Manufacturing (GMP), Production (GPP), Hygiene (GHP), Agriculture (GAP), Veterinary (GVP), Distribution (GDP) and Trading (GTP) • To master the principles of HACCP as defined by the Codex Alimentarius.
This is a PECB official training course
Exam • T he “Certified ISO 22000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of food safety - Domain 2: Food safety best practices - Domain 3: Planning a FSMS based on ISO 22000 - Domain 4: Implementing a FSMS based on ISO 22000 - Domain 5: Performance evaluation, monitoring and measurement of an FSMS based on ISO 22000 - Domain 6: Continual improvement of a FSMS based on ISO 22000 - Domain 7: Preparing for a FSMS certification audit • The “Certified ISO 22000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 22000 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 22000 Provisional Implementer, Certified ISO 22000 Implementer or Certified ISO 22000 Lead Implementer, depending on their experience level • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 22000 Provisional Implementer
ISO 22000 Lead Implementer Exam
Professional experience
FSMS Audit experience
FSMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 22000 Implementer
ISO 22000 Lead Implementer Exam
Two years One years of Food Safety work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
ISO 22000 Lead Implementer
ISO 22000 Lead Implementer Exam
Five years Two years of Food Safety work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
• F or more information about ISO 22000 certifications and PECB certification process, refer to PECB section on ISO 22000 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
81
Certified ISO 22000 Lead Auditor Mastering the Audit of a Food Safety Management System (FSMS) based on ISO 22000 Summary This five-day intensive course enables participants to develop the necessary expertise to audit a Food Safety Management System (FSMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the necessary skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) to efficiently conduct an audit.
Course Agenda
DAY 1
Introduction to Food Safety Management System (FSMS) concepts as required by ISO 22000 • • • •
Normative, regulatory and legal framework related to food safety ISO 22000 certification process Food Safety Management System (FSMS) Detailed presentation of the clauses 4 to 8 of ISO22000
DAY 2
Planning and Initiating an ISO 22000 audit • • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 22000 certification audit FSMS documentation audit Conducting an opening meeting
DURATION: 5 DAYS PREREQUISITES • ISO 22000 Foundation Certification
or a basic knowledge of ISO 22000 and/or ISO 9001 & HACCP is recommended
Who should attend? • Internal auditors • Auditors wanting to perform and lead FSMS certification audits • Project managers or consultants wanting to master the FSMS audit process • Persons responsible for the Food safety conformity in an organization • Experts wanting to prepare for a Food safety audit function Learning objectives
DAY 3
Conducting an ISO 22000 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities
DAY 4
Concluding and ensuring the follow-up of an ISO 22000 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 22000 audit Evaluation of corrective action plans ISO 22000 surveillance and Internal audit management program
DAY 5
Certification Exam
82
• T o acquire the expertise to perform an ISO 22000 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 22000 certification audit following ISO 19011 guidelines and ISO 17021 specifications • To acquire the necessary expertise to manage a FSMS audit team • To understand the relationship between a FSMS, including controls and compliance with the requirements of different organization’s stakeholders This is a PECB official training course
Exam • T he “Certified ISO 22000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of food safety - Domain 2: Food Safety Management System (FSMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 22000 audit - Domain 5: Conduct of an ISO 22000 audit - Domain 6: Closing an ISO 22000 audit - Domain 7: Managing an ISO 22000 audit program • The “Certified ISO 22000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 22000 Lead Auditor Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 22000 Provisional Auditor, Certified ISO 22000 Auditor or Certified ISO 22000 Lead Auditor depending on their experience level. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential.
Credential
Exam
ISO 22000 Provisional Auditor
ISO 22000 Lead Auditor Exam
Professional experience
FSMS Audit experience
FSMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 22000 Auditor
ISO 22000 Lead Auditor Exam
Two years One year of Food Safety work experience
Audit activities totaling 200 hours
None
Signing the PECB code of ethics
ISO 22000 Lead Auditor
ISO 22000 Lead Auditor Exam
Five years Two years of Food Safety work experience
Audit activities totaling 300 hours
None
Signing the PECB code of ethics
• F or more information about ISO 22000 certifications and PECB certification process, refer to PECB section on ISO 22000 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
83
Certified ISO 22000 Foundation Become acquainted with the best practices for implementing and managing a Food Safety Management System (FSMS) based on ISO 22000 Summary
DAY 1
This course enables participants to learn about the best practices for implementing and managing a Food Safety Management System (FSMS) as specified in ISO 22000:2005, as well as the best practices for implementing the food safety controls of the eleven domains of ISO 27002. This training also helps to understand how ISO 22000 is related with ISO/TS 22004:2005 (Food Safety Management Systems -- Guidance on the application of ISO 22000:2005) and ISO/ TS 22002-1:2009 (Prerequisite programs on food safety -- Part 1: Food manufacturing)
Course Agenda
DURATION: 2 DAYS
Introduction to Food Safety Management System (FSMS) concepts as required by ISO 22000
PREREQUISITES
• • • •
Introduction to the ISO 22000 family of standards Introduction to management systems and the process approach Fundamental principles in food safety Management General requirements: presentation of the clauses 4 to 8 of ISO 22000
DAY 2
Implementation of a FSMS and Certification Exam • • • •
Implementation phases of ISO 22000 framework Continual improvement of food safety Conducting an ISO 22000 certification audit Certified ISO 22000 Foundation exam
Exam • T he “Certified ISO 22000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of food safety - Domain 2: Food Safety Management System (FSMS) • The “Certified ISO 22000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about the exam, refer to PECB section on ISO 22000 Foundation Exam
None
Who should attend? • A uditors and members of a food safety team • Professionals wanting to gain a comprehensive knowledge of the main processes of a FSMS • Staff involved in the implementation of the ISO 22000 standard Learning objectives • T o understand the implementation of a FSMS in accordance with ISO22000 • To understand the relationship between a FSMS, including risk management, controls and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a FSMS • To acquire the necessary expertise to contribute in implementing a FSMS as specified in ISO22000
This is a PECB official training course
84
Certification • A certificate of Certified ISO 22000 Foundation will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 22000 Foundation
ISO 22000 Foundation exam
Professional experience
FSMS Audit experience
FSMS project experience
Other requirements
None
None
None
Signing the PECB code of ethics
• F or more information about ISO 22000 certifications and PECB certification process, refer to PECB section on ISO 22000 Foundation Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.
85
Introduction to ISO 22000 Introduction to the implementation of a Food Safety Management System (FSMS) based on ISO 22000 Summary This one-day training enables participants to be familiar with the basic concepts of the implementation and management of a Food Safety Management System (FSMS) as specified in ISO 22000:2005. The participant will learn the different components of a FSMS, including the FSMS policy, HACCP analysis, measuring performance, management’s commitment, internal audit, management review and continual improvement.
Course Agenda • • • • • •
Introduction to ISO 22000 family of standards Introduction to management systems and the process approach General requirements: presentation of clauses 4 to 8 of ISO 22000 Implementation phases of ISO 22000 framework Continual improvement of food safety Conducting an ISO 22000 certification audit
Exam and certification None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants
DURATION: 1 DAY PREREQUISITES None
Who should attend? • P rofessionals wanting to gain a comprehensive knowledge of the main processes of a FSMS • Staff involved in the implementation of the ISO 22000 standard • Expert advisors in food and safety • Auditors and managers responsible for implementing an FSMS Learning objectives • T o understand the fundamentals of food safety • To know the interrelationships between ISO 22000 and the other food safety standards • To know the key components of a FSMS in the context of ISO 22000 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a FSMS accordance with ISO 22000 • To understand the stages of ISO22000 certification process This is a PECB official training course
86
TRAINING CATALOGUE
SOCIAL RESPONSIBILITY TRAINING ISO 26000:2010 is intended to assist organizations in contributing to sustainable development. It is intended to encourage them to go beyond legal compliance, recognizing that compliance with law is a fundamental duty of any organization and an essential part of their social responsibility. It is intended to promote common understanding in the field of social responsibility, and to complement other instruments and initiatives for social responsibility, not to replace them.
Certified ISO 26000 Lead Implementer Mastering the implementation and management of a social responsibility program based on ISO 26000 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Social responsibility program based on ISO 26000:2010. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). The participant will learn the different core subjects and issues: human rights, labor practices, the environment, fair operating practices, consumer issues, community involvement and development. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).
Course Agenda
DURATION: 5 DAYS
Introduction to Corporate Social Responsibility concepts as defined by ISO 26000
PREREQUISITES
• N ormative, regulatory and legal framework related to social responsibility of organizations • Fundamental principles of social responsibility of organizations • Presentation of ISO 26000 clauses and the six core subjects • Preliminary analysis and determining the level of maturity of an existing social responsibility program • Writing a business case and a project plan for the implementation of a social responsibility program
DAY 2
Planning a social responsibility program based on ISO 26000 • • • • • • •
Development of the social responsibility policy Human rights issues and best practices Labor practices issues and best practices The environment issues and best practices Fair operating practices issues and best practices Consumer issues and best practices Community involvement and development issues and best practices
DAY 5
DAY 4
DAY 3
Implementing a social responsibility program based on ISO 26000 • Implementation of a document management framework • Implementation of social responsibility action plans • Development of a training & awareness program and communicating about social responsibilities • Operations management of a social responsibility program
Controlling, monitoring and measuring e a social responsibility program • • • •
Monitoring a social responsibility program Development of metrics, performance indicators and dashboards ISO 26000 internal and external assessment Implementation of a continual improvement program
Certification Exam 88
• I SO 26000 Foundation Certification
or a basic knowledge of ISO 26000 and/or SA8000 is recommended
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of a social responsibility program • ISO 26000 assessors who wish to fully understand the implementation of a social responsibility program • Persons responsible for a social responsibility program or conformity in an organization • Members of a social responsibility team
Learning objectives • T o understand the implementation of a social responsibility program of an organization in accordance with ISO 26000 • To gain a comprehensive understanding of the concepts, approaches, subjects, methods and techniques required for the effective management of social responsibilities for an organization • To understand the relationship between the components of a SR program based on ISO 26000 and compliance with the requirements of different stakeholders of the organization • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an social responsibility program as proposed in ISO26000 • To acquire the necessary expertise to manage a team implementing ISO26000
This is a PECB official training course
Exam • T he “Certified ISO 26000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of social responsibilities - Domain 2: Social responsibility best practices - Domain 3: Planning a social responsibility program based on ISO 26000 - Domain 4: Implementing a social responsibility program based on ISO 26000 - D omain 5: Performance evaluation, monitoring and measurement of a social responsibility program based on ISO 26000 - Domain 6: Continual improvement of a social responsibility program based on ISO 26000 - Domain 7: Preparing for a social responsibility program assessment • The “Certified ISO 26000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 26000 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 26000 Provisional Implementer, Certified ISO 26000 Implementer or Certified ISO 26000 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 26000 ISO 26000 Lead Implementer Provisional Exam Implementer
Professional experience
SRMS Audit experience
SRMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 26000 Implementer
ISO 26000 Lead Implementer Exam
Two years One years of social responsibility work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
ISO 26000 Lead Implementer
ISO 26000 Lead Implementer Exam
Five years Two years of social responsibility work experience
None
Project activities totaling 300 hours
Signing the PECB code of ethics
• F or more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 Lead Implementer Certification
General Information • • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
89
Certified ISO 26000 Lead Auditor Mastering the Audit of a social responsibility program based on ISO 26000 Summary
DAY 1
This five-day intensive course enables participants to develop the needed expertise to audit a social responsibility program based on ISO 26000 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).
Course Agenda
DURATION: 5 DAYS
Introduction to Corporate Social Responsibility concepts as defined by ISO 26000
PREREQUISITES • ISO 26000 Foundation Certification or basic knowledge of ISO 26000 is recommended
• N ormative, regulatory and legal framework related to social responsibility of organizations • Fundamental principles of social responsibility of organizations • Presentation of ISO 26000 clauses and the six core subjects • Social responsibility program • Detailed presentation of ISO 26000 clause-by-clause
DAY 2
Planning and initiating a social responsibility audit based on ISO 26000 • • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an social responsibility audit Documenting of a social responsibility audit Conducting an opening meeting
DAY 4
DAY 3
Conducting a social responsibility audit based on ISO 26000 • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Drafting test plans • Formulation of audit findings and documenting nonconformities
Concluding and ensuring the follow-up of a social responsibility audit based on ISO 26000 • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 26000 audit Evaluation of corrective action plans ISO 26000 Audit management program
DAY 5
Certification Exam 90
Who should attend? • Internal auditors • Auditors wanting to perform and lead social responsibility program audits • Project managers or consultants wanting to master social responsibility program audit process • Persons responsible for the social responsibility or conformity in an organization • Expert advisors in social responsibility
Learning objectives • T o acquire the expertise to perform an ISO 26000 internal audit following ISO 19011 guidelines • To acquire the expertise necessary to manage a social responsibility audit team • To understand the operation of a social responsibility program in accordance with ISO26000 • To understand the relationship between a social responsibility program with the requirements of different stakeholders of the organization • To improve the ability to analyze the internal and external environment of social responsibilities of an organization in accordance with ISO26000
This is a PECB official training course
Exam • T he “Certified ISO 26000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of social responsibilities - Domain 2: Social responsibility program - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 26000 audit - Domain 5: Conducting of an ISO 26000 audit - Domain 6: Closing an ISO 26000 audit - Domain 7: Managing an ISO 26000 audit program • The “Certified ISO 26000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 26000 Lead Auditor Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 26000 Provisional Auditor, Certified ISO 26000 Auditor or Certified ISO 26000 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.
Credential
Exam
ISO 26000 ISO 26000 Lead Auditor Provisional Exam Implementer
Professional experience
SRMS Audit experience
SRMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 26000 Implementer
ISO 26000 Lead Auditor Exam
Two years One year of social responsibility management work experience
Audit activities totaling 200 hours
None
Signing the PECB code of ethics
ISO 26000 Lead Implementer
ISO 26000 Lead Auditor Exam
Five years Two years of social responsibility management work experience
Audit activities totaling 300 hours
None
Signing the PECB code of ethics
• F or more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 certifications
General Information • • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization In case of failure of the exam, participants are allowed to retake the exam for free under certain condition
91
Certified ISO 26000 Foundation Become acquainted with the best practices for implementing and managing a social responsibility program based on ISO 26000 Summary
DAY 1
This course enables the participants to learn about the best practices for implementing and managing a social responsibility program as proposed in ISO 26000:2010. The participant will learn the different core subjects and issues: human rights, labour practices, the environment, fair operating practices, consumer issues, community involvement and development. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).
Course Agenda
DURATION: 2 DAYS
Introduction to Corporate Social Responsibility concepts as defined by ISO 26000
PREREQUISITES
• N ormative, regulatory and legal framework related to social responsibility of organizations • Fundamental principles of social responsibility of organizations • Introduction to management systems and the process approach • Presentation of ISO 26000 clauses and the six core subjects • Implementation phases of the ISO 26000 program • Continual improvement of a social responsibility program • Conducting an ISO 26000 audit
DAY 2
Implementing controls in social responsibility according to ISO 26000 and Certification Exam • • • • • • • •
Drafting a social responsibility policy Human rights issues and best practices Labor practices issues and best practices The environment issues and best practices Fair operating practices issues and best practices Consumer issues and best practices Community involvement and development issues and best practices Certification Exam
Exam • T he “Certified ISO 26000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of social responsibilities - Domain 2: Social responsibility program • The “Certified ISO 26000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • F or more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 Foundation Certification
92
None
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of a social responsibility program • Persons responsible for a social responsibility program or conformity in an organization • Members of a social responsibility team • Auditors Learning objectives • T o understand the implementation of a social responsibility program in accordance with ISO26000 • To understand the relationship between a social responsibility program and the compliance with the requirements of different stakeholders of the organization • To acquire the necessary expertise to contribute in implementing a social responsibility program as presented in ISO 26000
This is a PECB official training course
Certification • A certificate of Certified ISO 26000 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 26000 Foundation
ISO 22000 Foundation exam
Professional experience
SRMS Audit experience
SRMS project experience
Other requirements
None
None
None
Signing the PECB code of ethics
• F or more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 certifications
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization
• In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
93
Introduction to ISO 26000 Introduction to the implementation of a social responsibility program based on ISO 26000 Summary This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a social responsibility program as proposed in ISO 26000:2010. The participant will learn the different core subjects and issues: human rights, labour practices, the environment, fair operating practices, consumer issues, community involvement and development. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).
Course Agenda • • • • • • • •
Presentation of the ISO 26000 clauses and the six core subjects Drafting a social responsibility policy Human rights issues and best practices Labor practices issues and best practices The environment issues and best practices Fair operating practices issues and best practices Consumer issues and best practices Community involvement and development issues and best practices
Exam and certification None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants • ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization
DURATION: 1 DAY PREREQUISITES None
Who should attend? • M embers of a social responsibility team • Project managers or consultants wanting to prepare and to support an organization in the implementation of a social responsibility program • Persons responsible for a social responsibility program or conformity in an organization • Auditors Learning objectives • T o understand the implementation of a social responsibility program in accordance with ISO26000 • To understand the relationship between a social responsibility program and the compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a social responsibility program • To understand the stages of a ISO 26000 audit This is a PECB official training course
94
TRAINING CATALOGUE
SUPPLY CHAIN SECURITY TRAINING ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain. ISO 28000 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain.
Certified ISO 28000 Lead Implementer Mastering the implementation and management of a Supply Chain Security Management System (SCSMS) based on ISO 28000 Summary
DAY 1
This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Supply Chain Security Management System (SCSMS) based on ISO 28000:2007. Participants will also gain a thorough understanding in best practices used to implement supply chain security controls from all areas of ISO 28001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 28004 (Guidelines for the Implementation of a SCSMS).
Course Agenda
DURATION: 5 DAYS
Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000; initiating a SCSMS
PREREQUISITES
• Introduction to management systems and the process approach • Presentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security • Preliminary analysis and establishment of the maturity level of an existing SCSMS based upon ISO 21827 • Writing a business case and a project plan for the implementation of a SCSMS
DAY 2
Planning a SCSMS based on ISO 28000 • • • • •
Definition of the scope of a SCSMS Development of a SCSMS and supply chain security policies Selection of the approach and methodology for security risk assessment Security risk management (identification, analysis and treatment of risk) Development of a security plan
DAY 3
Implementing a SCSMS based on ISO 28000 • Implementation of a document management framework • Implementation of processes and controls • Development of a training & awareness program and communication about the supply chain security • Operations management of a SCSMS
DAY 4
Controlling, monitoring and measuring a SCSMS and the certification audit of a SCSMS • • • • •
Controlling and Monitoring the SCSMS controls Development of metrics, performance indicators and dashboards ISO 28000 internal Audit and management review of a SCSMS Implementation of a continual improvement program Preparing for an ISO 28000 certification audit
DAY 5
Certification Exam 96
• ISO 28000 Foundation Certification
or a basic knowledge of ISO 28000 and ISO 28001 is recommended
Who should attend? • P roject managers or consultants wanting to prepare and to support an organization in the implementation of a SCSMS • ISO 28000 auditors who wish to fully understand the SCSMS implementation process • Persons responsible for the supply chain security or conformity in an organization • Expert advisors in physical security Learning objectives • T o understand the implementation of a Supply Chain Security Management System in accordance with ISO 28000 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Supply Chain Security Management System • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a SCSMS as specified in ISO28000 • To acquire the necessary expertise to manage a team implementing ISO28000 This is a PECB official training course
Exam • T he “Certified ISO 28000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of supply chain security - Domain 2: Supply chain security Control Best Practice based on ISO 28001 - Domain 3: Planning a SCSMS based on ISO 28000 - Domain 4: Implementing a SCSMS based on ISO 28000 - Domain 5: Performance evaluation, monitoring and measurement of a SCSMS based on ISO 28000 - Domain 6: Continuous improvement of a SCSMS based on ISO 28000 - Domain 7: Preparing for a SCSMS certification audit • The “Certified ISO 28000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 28000 Lead Implementer Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 28000 Provisional Implementer, Certified ISO 28000 Implementer or Certified ISO 28000 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Credential
Exam
ISO 28000 ISO 28000 Lead Provisional Implementer Exam Implementer
Professional experience
SCSMS Audit experience
SCSMS project experience
None
None
None
Signing the PECB code of ethics
Other requirements
ISO 28000 Implementer
ISO 28000 Lead Two years One years of Supply Implementer Chain Security Exam work experience
None
Project activities totaling 200 hours
Signing the PECB code of ethics
ISO 28000 Lead Implementer
ISO 28000 Lead Implementer Exam
None
Project activities totaling 300 hours
Signing the PECB code of ethics
Five years Two years of Supply Chain Security work experience
• F or more information about ISO 28000 certifications and PECB certification process, refer to PECB section on ISO 28000 Lead Implementer Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development ) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
97
Certified ISO 28000 Lead Auditor Mastering the Audit of a Supply Chain Security Management System (SCSMS) based on ISO 28000 Summary
DAY 1
This five-day intensive course enables participants to develop the needed expertise to audit a Supply Chain Security Management System (SCSMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.
Course Agenda
DURATION: 5 DAYS
Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000
PREREQUISITES
• P resentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security • Fundamental principles of Supply chain security and physical security • ISO 28000 certification process • Supply Chain Security Management System (SCSMS) • Detailed presentation of the clauses 4 to 8 of ISO28000
DAY 2
Planning and Initiating an ISO 28000 audit • • • •
Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 28000 certification audit SCSMS Documentation audit
DAY 3
Conducting an ISO 28000 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities
DAY 4
Concluding and ensuring the follow-up of an ISO 28000 audit • • • •
Audit documentation Conducting a closing meeting and conclusion of an ISO 28000 audit Evaluation of corrective action plans ISO 28000 Surveillance and internal Audit management program
DAY 5
Certification Exam
98
• I SO 28000 Foundation Certification
or basic knowledge of ISO 28000 and ISO 28001 is recommended
Who should attend? • Internal auditors • Auditors wanting to perform and lead SCSMS certification audits • Project managers or consultants wanting to master the SCSMS audit process • Persons responsible for the supply chain security or conformity in an organization • Technical experts wanting to prepare for an supply chain security audit function Learning objectives • T o acquire the expertise to perform an ISO 28000 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 28000 certification audit following ISO 19011 guidelines and ISO 17021, ISO 28003 specifications • To acquire the expertise necessary to manage a SCSMS audit team • To understand the operation of an ISO28000 conformant SCSMS This is a PECB official training course
Exam • T he “Certified ISO 28000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of supply chain security - Domain 2: Supply Chain Security Management System (SCSMS) - Domain 3: Fundamental audit concepts and principles - Domain 4: Preparation of an ISO 28000 audit - Domain 5: Conducting of an ISO 28000 audit - Domain 6: Closing an ISO 28000 audit - Domain 7: Managing an ISO 28000 audit program • The “Certified ISO 28000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 28000 Lead Auditor Exam
Certification • A fter successfully completing the exam, participants can apply for the credentials of Certified ISO 28000 Provisional Auditor, Certified ISO 28000 Auditor or Certified ISO 28000 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential
Professional experience
SCSMS Audit experience
SCSMS project experience
None
None
None
Signing the PECB code of ethics
Audit activities totaling 200 hours
None
Signing the PECB code of ethics
Audit activities Five years Two years of Supply totaling Chain Security 300 hours work experience
None
Signing the PECB code of ethics
Credential
Exam
ISO 28000 Provisional Auditor
ISO 28000 Lead Auditor Exam
ISO 28000 Auditor
ISO 28000 Lead Auditor Exam
Two years One year of Supply Chain Security work experience
ISO 28000 Lead Auditor
ISO 28000 Lead Auditor Exam
Other requirements
• F or more information about ISO 28000 certifications and PECB certification process, refer to PECB section on ISO 28000 Lead Auditor Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
99
Certified ISO 28000 Foundation Become acquainted with the best practices for implementing and managing a Supply Chain Security Management System (SCSMS) based on ISO 28000
Summary
DAY 1
This course enables the participants to learn about the best practices for implementing and managing a Supply Chain Security Management System (SCSMS) as specified in ISO 28000:2007, as well as the best practices for implementing the supply chain security controls of all domains of the ISO 28001. This training is fully compatible with ISO 28004 (Guidelines for the Implementation of a SCSMS).
Course Agenda
DURATION: 2 DAYS
Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000
PREREQUISITES
• P resentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security • Introduction to management systems and the process approach • Fundamental principles of Supply chain security and physical security • General requirements: presentation of the clauses 4 to 8 of ISO 28000
DAY 2
Implementing controls in supply chain security according to ISO 28001 and Certification Exam • • • • •
Implementation phases of the ISO 28000 framework Documentation of a control environment Monitoring and reviewing the controls Examples of the implementation of controls Certification Exam
Exam • T he “Certified ISO 28000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of supply chain security - Domain 2: Supply Chain Security Management System (SCSMS) • The “Certified ISO 28000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 28000 Foundation Exam
100
None
Who should attend? • M embers of an supply chain security team • Physical security professionals wanting to gain a comprehensive knowledge of the main processes of a Supply Chain Security Management System (SCSMS) • Auditors, consultants Learning objectives • T o understand the implementation of a Supply Chain Security Management System in accordance with ISO28000 • To understand the relationship between a Supply Chain Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a Supply Chain Security Management System This is a PECB official training course
Certification • A certificate of Certified ISO 28000 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
Credential
Exam
ISO 28000 Foundation
ISO 28000 Foundation exam
Professional experience
SCSMS Audit experience
None
None
Other SCSMS project experience requirements None
Signing the PECB code of ethics
• F or more information about ISO 28000 certifications and PECB certification process, refer to PECB section on ISO 28000 Foundation Certification
General Information • • • •
Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development ) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
101
Introduction to ISO 28000 Introduction to the implementation of a Supply Chain Security Management System (SCSMS) based on ISO 28000 Summary This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a Supply Chain Security Management System (SCSMS) as specified in ISO 28000:2007. The participant will learn the different components of a SCSMS, including the SCSMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and continuous improvement.
Course Agenda • • • • • •
Introduction to the ISO 28000 family of standards Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO 28000 Implementation phases of ISO 28000 framework Continuous improvement of supply chain security ISO 28000 certification audit phases
Exam and certification None
General Information • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development ) credits will be issued to participants
DURATION: 1 DAY PREREQUISITES None
Who should attend? • M embers of an supply chain security team • Physical security professionals wanting to gain a comprehensive knowledge of the main processes of a Supply Chain Security Management System (SCSMS) • Auditors Learning objectives • T o understand the fundamentals of supply chain security • To know the interrelationships between ISO 28000 and the other supply chain security standards • To know the key components of a Supply Chain Security Management System (SCSMS) in accordance with ISO 28000 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a SCSMS • To understand the stages of the ISO28000 certification process This is a PECB official training course
102
"Whenever one of my employees has training needs, I make sure they go to PECB courses. Their courses are great and the benefits are immediate. They acquire proven systematic methods that improve their productivity. I strongly recommend PECB." Martin F.
Vice-President of Operations, Telecommunication Company
ifi
sional s e f Ev o r P
rt
a
a n nd o i t a Ce u l
cation Bo a r d
PECB – Professional Evaluation and Certification Board 7275 Sherbrooke East, Suite 32
80 Broad Street, 5th Floor
CP 49060, Montreal, QC H1N 1H0, CANADA
New York City, NY 10004, USA
Email: General inquiries: info@pecb.org Certification: certification@pecb.org Examination: examination@pecb.org Training: training@pecb.org Technical support: support@pecb.org 104
Tel: 1-514-562-5464 Fax: 1-514-371-1500